Anyone who used Google to search for the term “Amazon” in an attempt to get to the retail giant’s web site Wednesday of this week likely got served a fake ad that led to a scam web site.
The good news? Users weren’t directed to a malicious site that could harm their computer, just a fake tech support page designed to take their money. The bad news? The fake ad likely affected millions of people, some of whom surely fell for the scam.
It’s not clear how the malicious ad passed multiple levels of vetting and scrutiny from Google, but it did indeed make it through Google’s system. And for a while Wednesday, the ad appeared at the top of Google rankings for the word “Amazon,” appearing above even Amazon’s real site.
At first glance, the ad appeared legitimate, and appeared to really direct to Amazon.com (which is likely what fooled Google’s systems). But when a user clicked on the ad, they were directed to a site hosting a common “tech support” scam. Details about the user’s computer were displayed along with a message their system was infected by a virus. The site offered to help remove the virus, for a fee of course. Many times, the ad took up the user’s whole screen and prevented closing or clicking away.
Google hasn’t released numbers about how many people actually clicked on the ad, or how many impressions were served, but that particular term is one of the most sought after and highly ranking terms, so it’s estimated that millions of people were likely impacted.
This particular scam is pretty common, as are fraudulent Google ads (the site estimates they took down nearly 2 billion ads in 2016 that violated their policies). But the fact that a malicious ad could get through for one of the site’s most high profile search terms is alarming.
Google Ads is a very valuable tool for people that run their own blog. As this incident shows, a single ad can easily reach millions of people. Google is usually pretty strong about blocking fake or malicious ads, so it’ll be interesting to see their response to this incident.