Amazon.co.uk Widgets Fake eBay Ad in Google Search Led to Tech Support Scams - Tech Preachers

Fake eBay Ad in Google Search Led to Tech Support Scams


Header Ad

A fake advertisement in the Google search results has been running for the past week that looked just like a legitimate ad for eBay. When you clicked on it, though, instead of being brought to the auction site you would be shown an incredibly annoying tech support scam that would try to lock up your browser.

Tech support scams have long been the bane of search engines as they have become very adept at masquerading as legitimate companies. In this particular case, the tech support scammers were instead masquerading as another site utilizing a method called cloaking, which is used by scammers to bypass Google’s, Bing’s and other search engine’s ad review process.

Ad campaign was live for at least a week

BleepingComputer was alerted to this advertisements from a security researcher who wished to remain anonymous. The research told BleepingComputer that they had discovered the fake eBay ad last week and reported it to Google on the same day, but the ad continued to be shown in the search results.

This ad, though, did not show for everyone and the researcher told BleepingComputer that it only showed for U.S.A. IP addresses and only at certain times of the day. Being in the USA, I was easily able to easily reproduce the ad on the second and fourth pages of the Google search results.

When shown, the ad had a title of “eBay – Official Site | Great Deals | Low Prices” and had a link underneath that made you think that you were connecting to www.ebay.com.  Below is what the advertisement looked like in the search results.

Fake eBay Advertisement
Fake eBay Ad

When you clicked on it, instead of going to eBay, you would be shuffled through a series of redirects that ultimately landed you on a site called freefixes13.azurewebsites.net. This site is still live and should be avoided.

Redirects to Tech Support Scam
Redirects to Tech Support Scam

When redirected to the final site, users would be shown a tech support scam pretending to be a “Virus Alert from Microsoft” that states “This computer is blocked”.  This tech support scam utilizes a loop that makes it difficult to close and when you attempt to do so, it would open the web page in full screen mode.

Tech Support Scam
Tech Support Scam

To close the screen, you can repeatedly press the ALT+F4 keyboard combination to shut the browser or use the Task Manager to terminate the browser process.

After looking at the source code, you can also enter {u into the Enter key field and then click the Submit button. Doing so will close the tech support scam and the following screen will be displayed.

Command entered to close scam
Command entered to close scam

When BleepingComputer contacted Google regarding the ad, they provided the following statement.

“We have strict policies that govern the kinds of ads we allow on our platform, and ads that attempt to trick or circumvent our ad review processes are prohibited on our platform. When we find ads that violate our policies, we remove them.”

While Google has a policy that they do not comment on individual ads or advertisers, after contacting them it appears that the ad has been finally removed.  If you run into other malicious ads in search engines, you can use Google’s Ad Reporting Tool and Bing’s Low quality ad submission & escalation form.

To illustrate how this seemingly legitimate eBay advertisement redirected visitors to tech support scams, we have created the following video.



Source link

Leave a Reply

%d bloggers like this: