Google Search ads have become a hotbed for tech support scams, as unsuspecting users seeking Google’s services are being led to spoofed sites and fraudulent Microsoft and Apple support pages. According to Malwarebytes researcher Jérôme Segura, the scammers behind these schemes are taking advantage of cloud providers to host their malicious activities, making it harder to track and block their operations.
The deception begins with the fake ads, which are initially pushed by compromised advertisers and later by new accounts set up by the scammers themselves. These ads appear to direct users to legitimate Google services such as Search, Translate, Analytics, and Earth, but a closer inspection reveals that the URLs do not match the official sites. Instead, they are hosted on Looker Studio, a Google online tool that allows users to create data reports and dashboards.
The fraudulent page mimics the appearance of the Google Search homepage, enticing users to interact with the image. Through the use of the Looker Studio API, the scammers embed a hidden hyperlink that, when clicked, redirects the user to a fake Microsoft or Apple alert page. This page presents the user with alarming messages claiming that their computer has been compromised and urging them to contact support via a provided phone number.
Once the user initiates contact, fake Microsoft or Apple representatives attempt to deceive them into paying for unnecessary computer repairs. These tactics prey on the user’s fear and confusion, leading them to believe that their device is in immediate danger. As Segura points out, these fake alerts are a common tactic used to lure unsuspecting victims into tech support scams.
The scammers’ use of cloud providers for hosting their malicious activities adds a layer of complexity to identifying and shutting down these fraudulent operations. By leveraging these services, the criminals have more flexibility in their tactics and can easily evade detection by law enforcement authorities.
It is crucial for users to remain vigilant when encountering online ads, especially those that redirect them to unfamiliar websites. By verifying the legitimacy of the URL and avoiding interactions with suspicious content, users can protect themselves from falling victim to tech support scams.
Overall, the prevalence of these scams highlights the need for increased awareness and better enforcement measures to combat online fraud and protect users from falling prey to malicious actors.