Yet again, Google tricked into serving scam Amazon ads

At the top of search results for "Amazon" was a bad ad, trying to tricking users into falling for a tech support scam.

(Image: ZDNet)

For hours on Thursday, the top Google search result for "Amazon" was pointed to a scam site.

The bad ad appeared at the very top of the search result for anyone searching for the internet retail giant -- even above the legitimate search result for Amazon.com. Anyone who clicked on the ad was sent to a page that tried to trick the user into calling a number for fear that their computer was infected with malware -- and not sent to Amazon.com as they would have hoped.

The page presents itself as an official Apple or Windows support page, depending on the type of computer you're visiting the page from.

An analysis of the webpage's code showed that anyone trying to dismiss the popup box on the page would likely trigger the browser expanding to full-screen, giving the appearance of ransomware.

A one-off event would be forgivable. But this isn't the first time this has happened.

It's at least the second time in two years that Google has served up a malicious ad under Amazon's name. Over the past year, we've heard of several cases of bad ads that have redirected users to malicious pages, but to our knowledge have never directly served malware.

There's no way to tell how many users clicked the link, but by Google Trends figures, Amazon is the top search result for retail companies on the search engine, accounting for millions of searches every day.

Like the last time we reported on this problem, the paid ad was served through Google's own ad network and appears through a proxy script on a malicious domain to make it look as though the link fully resolves to this Amazon.com page -- likely in an effort to circumvent Google's systems from flagging the ad.

The malicious domain -- which we are not publishing -- was registered by GoDaddy, likely with fake information. The apparent domain owner didn't respond to our inquiries.

(Image: ZDNet)

Google was immediately informed of the bad ad. A spokesperson said: "We strictly prohibit advertising of illegal activity and when we find ads that violate our policies, we take immediate action to disable the offending sources."

We also contacted GoDaddy, which within an hour pulled the site offline.

"After review, our security team found it violated our terms of service and removed the website from our services," a spokesperson told ZDNet.

Amazon declined to comment.

The FTC has for years squashed tech support scams that often result in malware or ransomware being installed on your computer, and used as leverage to force victims to pay up to have the malware removed.

Google, one of the largest advertisers on the internet, said this week that it took down more than three billion bad ads last year, and banned 320,000 publishers from its ad network for violating its terms.

Got a tip?

You can send tips securely over Signal and WhatsApp at 646-755–8849. You can also send PGP email with the fingerprint: 4D0E 92F2 E36A EC51 DAAE 5D97 CB8C 15FA EB6C EEA5.

Read More