Online scammers are a creative bunch. It seems like they are constantly thinking of novel and devious ways to victimize people. It’s a virtual cat-and-mouse game as old tactics are exposed but new scams are evolved to take their place.
Take this recent tactic, for example, a fake Amazon ad managed to slip through Google’s search results recently. According to ZDNet, the phony ad appeared as the top Google-sponsored result for anyone who searched for “amazon,” even beating out the legitimate link for the real Amazon.com.
As of now, the malicious ad has been scrubbed and thankfully, it no longer appears in Google’s search results but it’s still a good reminder to be careful with links, even with those that appear to be coming from a trusted source.
Although the phony ad didn’t serve embedded malware, anyone who clicked on it will be redirected to a fake support page. The page was set up to trick people into calling a phone number to resolve a “computer issue.”
Upon redirection, the website detected if a user is using either Windows or MacOS, then served a different page depending on the operating system used.
Windows users were served with a Microsoft “blue screen of death” while Mac users were warned that their systems have been infected with crypto-ransomware.
These claims were false, of course, and it was a mere ploy to scare people into calling a “support number” with the likely aim of stealing credit card information and other sensitive personal data.
If a would-be victim tried to close out the page, a pop-up appeared with a script that kept adding random characters to the web address, eventually causing the browser and the computer to freeze.
This is a classic “tech support” webpage scam that’s been around forever but it’s intriguing how the scammers managed to slip a fake ad through Google’s paid ad network.
ZDNet examined the phony ad with a tracer tool and found that although it appeared to fully direct to Amazon.com – most likely the reason why it got through Google’s systems, the link is hijacked when clicked.
Last year, Google claimed that it took down 1.7 billion bad ads but this incident shows that there are still flaws in its ad system that allows scams to slip through.
So as always, be vigilant and scrutinize links served by search results, ads and webpages. As shown by this slip-up, even links from networks and pages you trust can be compromised.