On Wednesday, a top Google search result that seemed to be an advertisement for retail giant Amazon.com was actually something much more sinister—a malicious link to a Windows support scam. The problematic ad was first reported by ZDNet, but it seems that this problem has happened before.
Those who clicked on the ad were directed to a fake support website that presented an alert based on the OS they were using. According to ZDNet, Windows users saw a blue-screen-of-death and macOS users were warned that they were infected with crypto-ransomware.
Users who reached the scam site were given an error number and told to call a support number for help. However, as long as the didn't call the phone number, their machine would not have been infected with malware, the ZDNet report said. But, trying to exit out of the site could have frozen a user's browser.
What's troubling about this scenario is that the ad looked legitimate, and was able to make it through Google's algorithms to arrive on the front page of search results, landing above the real result for Amazon.com, ZDNet reported.
The ad was a paid ad, and seemed to resolve to Amazon.com, which could have been how the site behind the ad fooled Google. However, the ad no longer appears on Google's search results.
While this instance of a bad ad seemed novel, it may not be the first time this kind of malicious ad has made it to the top of Google's search results. According to user posts on a Y Combinator forum from late January, similar ads pointing to Amazon, and others pointing to YouTube, have popped up in the past.
In early February, another similar issue arose when the customer support number listed for Facebook on Google's search results actually directed users to a phone scam. Additionally, Google's Gmail recently had trouble filtering spam from a firstname.lastname@example.org address as well.
However, this doesn't mean that Google hasn't taken steps to combat bad ads. In 2016, the company reportedly took down 1.7 billion ads that violated their advertising policies. Also, the US Federal Trade Commission (FTC) has been working for years to fight against support scams like the ones found in these malicious ads.
The 3 big takeaways for TechRepublic readers
- Recently, the top Google search result for Amazon.com directed users to a support scam website that tried to convince them their computer was infected with malware.
- As long as users didn't call the listed phone number, their computer would not have been infected.
- Malicious ads have appeared in Google search results for major companies in the past, but Google has worked to remove 1.7 billion ads that violate its policies.
- Dozens of iOS apps vulnerable to data theft, despite ATS mandate (TechRepublic)
- Google let scammers post a perfectly spoofed Amazon ad in its search results (ZDNet)
- 'Invisible' malware hidden in trusted software, infiltrating enterprises worldwide (TechRepublic)
- Spammer's delight: Gmail weirdly doesn't see spoofed @gmail.com addresses as junk (ZDNet)
- Everything old is new again: Experts predict a flood of denial-of-service attacks (TechRepublic)
Conner Forrest has nothing to disclose. He doesn't hold investments in the technology companies he covers.
Conner Forrest is a Senior Editor for TechRepublic. He covers enterprise technology and is interested in the convergence of tech and culture.