Site icon Sophos News

Microsoft purges 3,000 tech support scams hiding on TechNet

Microsoft has taken down thousands of ads for tech support scams that had infested the company’s TechNet support domain in a sly attempt to boost their search ranking.
According to Cody Johnston, the self-styled ad hunter who reported the issue to Microsoft, until a few days ago Microsoft’s site was home to around 3,000 of these ads, mostly associated with the gallery.technet.microsoft.com downloads section.
The ads covered a wide range of fraudulent support issues, from virtual currency sites to Google Wallet and Instagram. Johnston told ZDNet:

I was able to find a total of 3,090 results, ranging back to August 2018. Twelve new ones have been created in the last week.

After reporting the problem to Microsoft, the ads were taken down within 24 hours, he said on Twitter.
However, within hours new ads quickly replaced the deleted ones on the same domains, which brings home the scale of Microsoft’s content monitoring challenge.

How is this possible?

Finding the ads wasn’t hard, requiring a custom Google search that anyone could run. So why didn’t Microsoft notice the issue and react sooner? Probably because it didn’t anticipate how quickly this can become a problem – and it doesn’t appear to be only one caught napping.
Tech support scammers never stop looking for prominent places to host their rotten content, whether by squirrelling it away on high-ranking domains or by simply buying prominent ad spots from search companies which don’t do enough manual checking.
The latter has become such a popular approach that Google recently announced that it would require companies advertising tech support to sign up for its advanced verification process that subjects them to manual checks.
Borrowing domains such as Microsoft’s is a free alternative with a big SEO pay-off. Since last year, Johnston said he’d noticed the issue on other forums, including Spotify, Tinder, Linksys, AOL, Turbotax, and the Salesforce-owned Quip.
It’s a simple tactic – bypass a site’s user authentication (assuming the site has any), post the content and wait for search engines to pick it up. The bigger the domain reputation, the bigger the ad boost.
One counter is to force the spammers to jump through more hoops by enforcing user checks before they are allowed to post content.
The issue is like a web version of the rise of spam in the early 2000s. This scourge was never stopped (huge amounts of spam is still sent today), so much as rendered mostly invisible thanks to content filtering by service providers such as Google.
Doing the same for the somewhat smaller but still troubling problem of SEO-driven web spam might turn out to require new tools, processes or human attention.

Exit mobile version