Microsoft has taken down thousands of ads for tech support scams that had infested the company’s TechNet support domain in a sly attempt to boost their search ranking.
According to Cody Johnston, the self-styled ad hunter who reported the issue to Microsoft, until a few days ago Microsoft’s site was home to around 3,000 of these ads, mostly associated with the gallery.technet.microsoft.com downloads section.
The ads covered a wide range of fraudulent support issues, from virtual currency sites to Google Wallet and Instagram. Johnston told ZDNet:
I was able to find a total of 3,090 results, ranging back to August 2018. Twelve new ones have been created in the last week.
After reporting the problem to Microsoft, the ads were taken down within 24 hours, he said on Twitter.
However, within hours new ads quickly replaced the deleted ones on the same domains, which brings home the scale of Microsoft’s content monitoring challenge.
How is this possible?
Finding the ads wasn’t hard, requiring a custom Google search that anyone could run. So why didn’t Microsoft notice the issue and react sooner? Probably because it didn’t anticipate how quickly this can become a problem – and it doesn’t appear to be only one caught napping.
Tech support scammers never stop looking for prominent places to host their rotten content, whether by squirrelling it away on high-ranking domains or by simply buying prominent ad spots from search companies which don’t do enough manual checking.
The latter has become such a popular approach that Google recently announced that it would require companies advertising tech support to sign up for its advanced verification process that subjects them to manual checks.
Borrowing domains such as Microsoft’s is a free alternative with a big SEO pay-off. Since last year, Johnston said he’d noticed the issue on other forums, including Spotify, Tinder, Linksys, AOL, Turbotax, and the Salesforce-owned Quip.
It’s a simple tactic – bypass a site’s user authentication (assuming the site has any), post the content and wait for search engines to pick it up. The bigger the domain reputation, the bigger the ad boost.
One counter is to force the spammers to jump through more hoops by enforcing user checks before they are allowed to post content.
The issue is like a web version of the rise of spam in the early 2000s. This scourge was never stopped (huge amounts of spam is still sent today), so much as rendered mostly invisible thanks to content filtering by service providers such as Google.
Doing the same for the somewhat smaller but still troubling problem of SEO-driven web spam might turn out to require new tools, processes or human attention.
ELIZABETH NEUMANN
I received an alert when I was sending emails. The alert said stop immediately contact Microsoft immediately and their was bells going off and they gave me a number of 1800 581 484. They went thru my laptop with me and they ended up fixing it. I’m worrying now was this some kind of con?
Paul Ducklin
If you paid them money I’m afraid it’s very likely you’ve been scammed. Typically, these crooks will just rummage around pretending to “find” viruses and making it look as though they “fixed” them. But who knows what else they did or left behind? I suggest you find a friend or family member who’s computer savvy to help you do a proper check for malware or other unwanted stuff on your computer. There are plenty of free tools available from reputable cybersecurity companies, including our own free products, which you can peruse here:
https://sophos.com/freetools
Anj
Yes, Elizabeth, most definitely – especially if they charged you money. They now have your credit card number, and whilst they were “fixing it”, they also installed other malicious software that will remain dormant on your machine for a while (until you forget the incident) and then watch out. Identity theft is real and your bank won’t support you because you willingly handed over all your details and passwords to them without a thought.