When a top Google Search result is actually a scam

Share:

Share on facebook
Share on twitter
Share on linkedin

A recent incident involving Google search shows just how easy it can be to be duped by well-designed and well-executed scams.

A prominent American retailer’s customers were recently targeted, with normal-looking Google Ads turning out to be malicious redirects to tech scams!

The incident serves as something of a cautionary tale for everyone, from the humble individual to business executives. In an age where work computers are being used for nearly everything, the incident demonstrates that ultimately there is no replacing caution and prudence at the individual level.

Prominent cybersecurity blogger BleepingComputers recently covered this incident, in which a malicious Home Depot advertising campaign was used to redirect Google search visitors to tech support scams.

Google search ad scams are are nothing new, with campaigns for Amazon Prime, PayPal, and eBay having been carried out in the past.

The idea behind these scams is simple: These ads look like legitimate campaigns for a company, no less than showing their standard URL when you hover over them. Unsuspecting people can be easily tricked into clicking on them.

As the screenshot below from BleepingComputers shows, the ad states it is for “www.homedepot.com”, and hovering over it, one appears to see a legitimate URL.

Home Depot ad in Google Search
Home Depot ad in the Google search scam

However, when visitors click on the ad, they are redirected through various ad services until they eventually reach a tech support scam.

Redirects from Google ad to tech support scam
Redirects from Google ad search to tech support scam

Ultimately, users land at a page showing a “Windows Defender – Security Warning” tech support scam. This scam will repeatedly open the Print dialog box, as shown below, which prevents the visitor from easily closing the page.

Tech support scam shown by clicking on the Home Depot ad
Tech support scam shown by clicking on the Home Depot ad

To make it more difficult for security professionals to diagnose, the scam is only redirected to once every 24 hours (to the same IP address).

Many people who are not familiar with the internet or the sorts of scams they may fall victim to are especially liable to fall for these incidents. The elderly fall into this category, among others.

In the most egregious cases, users are tricked into allowing remote access to their computer where the scammers install programs such as Lock My PC. The scammers then state that the caller must purchase a support package to unlock Windows.

That’s a long, long way way to end up from a Google Ad!

To avoid these types of ads, BleepingComputers said it as well as it can be: “Users are advised to pay more attention to Google search results to not click on ads instead of the legitimate search page result for the company”!

Ahmed Khanji

Ahmed Khanji

Ahmed Khanji is the CEO of Gridware, a leading cybersecurity consultancy based in Sydney, Australia. An emerging thought leader in cybersecurity, Ahmed is an Adjunct Professor at Western Sydney University and regularly contributes to cybersecurity conversations in Australia. As well as his extensive background as a security advisor to large Australian enterprises, he is a regular keynote speaker and guest lecturer on offensive cybersecurity topics and blockchain.

Emergency Assistance

Under Attack?

Please fill out the form and we will respond ASAP. Alternatively, click the button to call us now.