Last year, Google says it took down 1.7bn bad ads. Well, it missed a whopper on Wednesday: a bad ad perfectly spoofed to look like a legit Amazon ad. Anybody who clicked on it was whisked to a Windows support scam, according to ZDNet.
ZDNet’s Zack Whittaker reports that this bogus ad – perched at the top of search results, labelled sponsored ad served by Google – didn’t infect visitors with malware.
That’s a thin silver lining, but it doesn’t mean that the scammers didn’t try to swindle visitors.
ZDNet used a tracer tool to examine the fake ad, which was served up through Google’s own ad network. It apparently resolved fully to Amazon.com – probably as a way to trick Google’s systems into accepting it.
Once visitors clicked on the “Amazon” ad, though, they were hijacked, sent to a page that detected what platform their systems were running on. If the page detected a visitor using Windows, it would present a Microsoft-branded blue screen of death. Mac users were told that their systems had been seized by crypto-ransomware.
Visitors who tried to get the heck out of there by exiting the page would get a popup with a script that added random characters to the web address. In some cases, it was freezing both the browser and the computer.
As of Thursday morning, the fake Amazon ad was no longer appearing, but the website hosting the scam was still active. ZDNet chose not to link to that site.
Google declined to comment, while Amazon hadn’t responded to ZDNet’s inquiry by the time the story posted on Thursday.
Would this have happened if that spoofed Amazon ad had appeared on the Bing search engine, given that Bing imposed a blanket ban on online tech support ads in May 2016?
The search engine changed its advertising policy to block all online tech support ads, including both the legitimate tech support companies and all the swindlers. Bing did so because the sheer volume and audacity of the crooks had spoiled it for everyone.
Bing’s blanket ban might not have picked up on the bogus Amazon ad, though. After all, these wolves apparently pulled on a pretty convincing sheepskin, managing to let them slip through Google’s safeguards.
We’ve written quite a bit about support scams. It used to be that these fake tech support scammers would call us, but nowadays, as more and more people refuse to take calls from unknown numbers, the crooks have been adapting.
Instead of them calling you, it’s increasingly common that they’ll use a web ad or popup that simply runs the scam in reverse: the crook will display a warning and advise you to call them, typically on a toll-free number.
What to do?
- If you receive a cold call about accepting support, just hang up.
- If you receive a web popup or ad urging you to call for support, ignore it.
- If you need help with your computer, ask someone whom you know, and like, and trust.
- When searching for Amazon, remember that you don’t need to use Google. Simply go straight to Amazon.com.
DEALING WITH FAKE SUPPORT CALLS
Here’s a short podcast you can recommend to friends and family. We make it clear it clear that these guys are scammers (and why), and offer some practical advice on how to deal with them.
(Originally recorded 05 Nov 2010, duration 6’15”, download size 4.5MB)