Google Search Ads Phishing Scams Result in $4M Stolen

Published on
April 24, 2023
Hailey Carlson

Google Search Ads Phishing Scams Result in $4M Stolen

Have you ever been trying to find something on Google only to be met with a barrage of ads that look a little phishy? Well, if you responded ‘yes’ to that question, then that means you actually caught the malicious phishing scams - many, many others were not so lucky as it was just discovered that an estimated $4 million has been stolen from people who were duped by such scams. When those browsing online click on the fraudulent links, the URL takes them to sites that request a wallet login signature. As with many phishing scams, the malicious actors are clever in their approach to trying to trick us - the links are very close to the legitimate sites, with very subtle changes made that would not be caught by someone not looking for it explicitly. 

Analysis of data collected from the anti-scam service provider, ScamSniffer, revealed that many of the phishing websites were tied to advertisers in other countries including Ukraine and Canada. Additionally, the folks at ScamSniffer were able to use the blockchain to do some digging as well through what is known as on-chain analysis. This type of analysis refers to the type of inquiry in which we take a look at the blockchain ledger used to track transactions made using cryptocurrency. Based on this examination, the anti-scam service’s database suggests that $4.16 million has been stolen from over 3,000 users. To avoid these advertising phishing scams, be sure that you look at the link address before clicking on it. Below are some of the other types of advertising fraud to be on the lookout for when operating online.

Domain spoofing – Domain spoofing occurs when a malicious actor impersonates a legitimate, high-profile website with a fake email domain so that it appears to be a safe site to use. Sometimes these malicious actors will go so far as to then dupe advertisers into paying for ad space on the website they think is a popular, legitimate site.

Cookie stuffing – This type of advertising fraud is an affiliate marketing technique where a user receives a third-party cookie from a website unrelated to the website that the user is trying to legitimately access, often without the user’s knowledge. It is one thing when a recipe from Pinterest tells you that they have affiliate links in their website if you opt to click on certain links for pots and pans they recommend using, as you are made aware of the fact that these folks make some money off of you clicking the links on their page. The cookie stuffing version is malicious and purposely under the radar.

Ad injection – Ad injection occurs when malicious actors take advantage of vulnerabilities in the user’s Internet browser. A recent example of this is the Yahoo search extension on Chrome where the default search engine reverts to Yahoo instead of Google, even if you try to fix this issue by setting Google as your default browser. This browser hijacker infects the computer and browser with malware and modifies settings without your knowledge or consent.

Bots – Bots are the other name for non-human traffic that is seen online; bots run automated tasks, usually with the intent of mimicking legitimate traffic created by human users. Bots can push out advertisements which are then deemed “invalid” because they do not meet certain quality and completeness standards.

Image by for Freepik.