Google has been hoodwinked by fake Amazon ads that were injected into users’ search results. These ads were served up last Wednesday to anyone performing a Google search for the word “amazon,” even appearing ahead of the legitimate link to the online store.
Users who clicked on the phony Amazon link were taken to a fake computer support scam, according to a report from ZDNet. The end goal was apparently to get people to call a phone number, at which point there would presumably have been an attempt to acquire sensitive data such as password credentials or bank account information.
The exact strategy differed depending on which operating system the computer in question had installed. The site was able to determine if the target was using Windows or MacOS, and presented a different site in each case — of course, this was simply set dressing designed to fool the user.
If there was any attempt to close the browser window, a pop-up would appear, adding random characters to the end of the web address. This apparently caused certain users’ browsers, or even their computers, to freeze.
All in all, the latter stages of this scam weren’t particularly sophisticated. However, it’s notable that the culprits were able to get their fake ads past Google’s safeguards — especially since they were posing as a retailer as well-known as Amazon.
Last month, Google released its “bad ads” report for 2016, detailing its efforts to crack down on misleading and malicious content. It’s clear that the company is trying to prevent ads like this one from being served to users, but it seems that there are still some holes in its defenses.
As with many cases of online security being breached, the best advice for users is to be vigilant. There’s a chance that even ads served up by Google might be malicious, so it’s best to be wary of which links you follow whenever you’re browsing the web.
