Skip to main content

Google fooled by fake Amazon site that showed up as an ad in search results

Google has been hoodwinked by fake Amazon ads that were injected into users’ search results. These ads were served up last Wednesday to anyone performing a Google search for the word “amazon,” even appearing ahead of the legitimate link to the online store.

Users who clicked on the phony Amazon link were taken to a fake computer support scam, according to a report from ZDNet. The end goal was apparently to get people to call a phone number, at which point there would presumably have been an attempt to acquire sensitive data such as password credentials or bank account information.

Recommended Videos

The exact strategy differed depending on which operating system the computer in question had installed. The site was able to determine if the target was using Windows or MacOS, and presented a different site in each case — of course, this was simply set dressing designed to fool the user.

If there was any attempt to close the browser window, a pop-up would appear, adding random characters to the end of the web address. This apparently caused certain users’ browsers, or even their computers, to freeze.

All in all, the latter stages of this scam weren’t particularly sophisticated. However, it’s notable that the culprits were able to get their fake ads past Google’s safeguards — especially since they were posing as a retailer as well-known as Amazon.

Last month, Google released its “bad ads” report for 2016, detailing its efforts to crack down on misleading and malicious content. It’s clear that the company is trying to prevent ads like this one from being served to users, but it seems that there are still some holes in its defenses.

As with many cases of online security being breached, the best advice for users is to be vigilant. There’s a chance that even ads served up by Google might be malicious, so it’s best to be wary of which links you follow whenever you’re browsing the web.

Brad Jones
Brad is an English-born writer currently splitting his time between Edinburgh and Pennsylvania. You can find him on Twitter…
Heads up — fake Reddit sites are delivering dangerous malware
Reddit

Hackers are spreading a dangerous malware called Lumma Stealer by tricking you into clicking on a link in a fake Reddit thread that supposedly solves a problem, as Bleeping Computer reports. After clicking the link, the victims are transferred to a fake WeTransfer site similar to the transfer site's interface.

Sekoia Researcher crep1x found the total number of distributed sites and even shared a complete list of the participating ones. The sites are nearly 1,000: 529 impersonate Reedit, and 407 pretend to be the official WeTransfer service site. The fake Reddit or WeTransfer site uses a combination of random numbers and characters, the brand name, and either ends with a .org or .net domain.

Read more
It looks like Microsoft has yet another anti-Google trick up its sleeve
Microsoft Edge appears on a computer screen with plants and a window in the background.

Microsoft drew attention at the beginning of this month for showing rather misleading Google-style search bar when users searched for the rival engine on Bing. Now, it appears the company is targeting the Chrome browser as well. Spotted by Windows Latest, some users may see a big banner pushing Edge when they search for Chrome while using Microsoft's browser.

The real dodgy part, however, is the fact that this banner just happens to partially hide the Chrome download link behind a "See more" button.

Read more
Careful — this Google ad could swipe your bank data without you knowing
Zoomed in version of Homebrew website.

Using Google ads to push their malicious sites to the top of the results page is a trick cybercriminals use all too often. The latest example is a fake Homebrew website that uses an infostealer to swipe personal data, browser history, login information, and bank data from unsuspecting victims.

Spotted by Ryan Chenkie on X and reported by BleepingComputer, the malicious Google ad even displays the correct Homebrew URL "brew.sh," so there's no real way to spot the trick before clicking.

Read more