Fake Amazon ad ranks top on Google search results
Dang! Don’t you just hate it when you search for Amazon on Google, you click on the top link (which of course must be legit, right? – it’s from Google!) and then you somehow wind up infected with “Malicious Pornographic Spyware” with a dab of “riskware” on top?
Yep, not for the first time, Google’s been snookered into serving a scam tech support ad posing as an Amazon ad.
This is déjà vu. Thirteen unlucky months ago, scammers slipped a fake Amazon ad under Google’s nose. Anybody who clicked on it was whisked to a Windows support scam.
ZDNet reported on that one in February 2017, and it brings us news of the bad ad rebirth once again. On Friday, ZDNet’s Zack Whittaker reported that for hours on Thursday, the top Google search result for “Amazon” was pointing to a scam site.
Top, as in, it outranked even the legitimate search result for Amazon.com. Users who clicked on the bad ad were whisked to a page that tried to terrify them with reports of malware infection so they’d call a number for “help.” The ad masqueraded as an official Apple or Windows support page, depending on the type of computer in use.
Then, just as fake tech support ads tend to do, and just as the fake Amazon ad did last February, the bad ad shrugged off users’ attempts to dismiss a popup box that warned them about malicious pornographic spyware and riskware etc. (What IS “pornographic spyware?” Spyware accompanied by heavy breathing?).
According to ZDNet’s analysis of the code, trying to close the popup would have likely triggered the browser to expand and fill up the entire screen, making it look like a system had been grabbed by ransomware.
ZDNet says it appeared through a proxy script on a malicious domain to make it look as though the link fully resolved to an Amazon.com page, “likely in an effort to circumvent Google’s systems from flagging the ad.”
The malicious domain was registered by GoDaddy, and the apparent domain owner didn’t respond to ZDNet’s inquiries. A spokesperson for Google told ZDNet that the company doesn’t tolerate advertising of illegal activity and takes “immediate action to disable the offending sources” when it finds ads that violate its policies.
GoDaddy pulled the site offline within an hour of being contacted by ZDNet. A GoDaddy spokesperson said that its security team found that the ad violated its terms of services, so they removed it.