Google is easily one of the most trusted sources of information on the internet. But that trust is now being leveraged as bad actors are weaponizing Google Ads and high-ranking search results. Dubbed as Malvertising, it’s important for users to be aware of the different types of scams and how to protect themselves as this threat becomes more common.
As a company, Google states that they use many different factors to determine both the quality of content and safety of sites that they provide to our queries. However, bad actors and scammers alike have found ways to poison Google and other search engine results with fraudulent and malicious websites.
Scammers will create fake websites that look legitimate, but the software available to download is actually malware that will steal personal information or damage the user’s computer. Below is a real world example of what a malicious Google ad could look like.
CCleaner is a well known tool for removing temporary files and general PC cleaning. However, when “download ccleaner” was input into the Google search field, Google returned 1 malicious ad and 1 genuine ad. The malicious ad appears before the legitimate ad being run by the parent company, Piriform Software, to promote their product. This is accomplished by the bad actor outbidding the legitimate company so that their results shows first.
source: BleepingComputer
Since most Google users have been trained to implicitly trust the results at the top of the page, people have a tendency to simply click the first link. If you were to have clicked the first link in this scenario, you would have been redirected to the site insta24h[.]com instead of the official CCleaner site. This alternate site contained a ZIP file that would install malware if executed.
It’s also important to be aware of the different types of scams that can appear in the top of search results, even if they’re not ads. These types of scams are known as “search engine optimization” (SEO) scams, and they occur when a scammer creates a malicious, lookalike, or misleading website and uses SEO techniques to make it appear at the top of search results. These sites could be designed to deliver malware, steal credentials, or simply trick users into paying for services they do not need.
This attack is difficult to spot and defend against as search engine ads are often perceived as trustworthy and on page ads require no interactions, or clicks, from a user to deploy a payload and compromise a system.
To protect yourself from SEO scams, it’s important to be cautious when clicking on search results, even if they’re at the top of the page. Always be sure to verify the website’s URL and authenticity before providing any personal information or making a purchase. One of the most common types of SEO scams revolves around ‘tech support’ for common software packages.
QuickBooks, Samsung, Amazon, and other popular tech and software companies are often used to trick users into visiting a malicious site or purchasing services that are either included with the software license or unnecessary. Below, we take a look at a real-world example of a popular SEO/Google Ads ‘tech support’ scam.
QuickBooks is one of the most popular accounting programs and is used by many small businesses. Unfortunately, it has also become a favorite target for scammers. QuickBooks scammers implement Google Ads and SEO scams to propel their fraudulent websites to the top of the search results page. They do this with in hopes someone searches for technical support and lands on their site instead of the official QuickBooks page.
This scam typically begins with a QuickBooks user experiencing an issue within the program. Once they realize they need assistance, the user will often use Google to find the QuickBooks support phone number or email address.
It is common for users to use shorthand when searching. A Google query for QB support instead of intuit quickbooks support can yield much different results.
If a user were to click on one of the scam links, they would be directed to a site that would provide them with a number to call. Very quickly after calling the number, a “technician” would strongly request that the user remotely connect them to the machine for further investigation.
Note: While it is very common for reputable companies to request remote access to a user’s machine for troubleshooting, users need to be 100% certain that the person requesting access is trusted and associated directly with the service or program.
Once the scammer is connected to the machine, most of them will begin to actually try and resolve the issue. The majority of these scammers aren’t out to damage a user’s device, but to act as the middle man between the user and QuickBooks and charge them for the trouble. Some of these scammers are more malicious and have been known to encrypt or delete data and hold files for ransom. This is why it is paramount to know and trust anyone that requesting remote access to a device.
In some instances, we have seen scammers reach out via phone or email to inform a user that there is something wrong with their Company File or software subsription. It is important to know that Intuit/QuickBooks, does not make unsolicited phone calls or send emails offering support services. If you receive a call or email like this, it is most likely a scam.
How To Avoid QuickBooks Scams:
• If you need to search for support, make sure you avoid abbreviations. Type out Intuit QuickBooks Support instead of QB support or QB help.
• If you must contact QuickBooks/Intuit, use the information provided within the program you are using, typically under the “Help” tab. If you cannot find this information in the program, make sure that you navigate to the official site by double checking the URL. (https://quickbooks.intuit.com/learn-support/en-us)
• If you receive an email from what you believe is QuickBooks or Intuit, double check the domain. It should come from an @intuit.com address. You should immediately disregard if the emails comes from a Yahoo, Google, or other free mail service.
Google Ads scams, SEO scams, and other types of Malvertising are becoming increasingly common. It is crucial for business owners and users to be aware of the different types of scams and how to protect themselves. Be cautious when clicking on ads and search results, and always verify the website’s authenticity before providing any personal information or making a purchase. Additionally, be sure to keep your computer and anti-virus software up to date to protect yourself from malware and scrutinize every request for remote access of your devices.
