Google is grappling with an increasing problem of brand impersonation, where scammers cleverly bypass ad verifications to pose as reputable companies. Users have discovered ads that mimic legitimate brands like Facebook atop Google’s search results, only to lead to fraudulent websites.
Upon entering “Facebook” into Google via Chrome, the first result, an ad, redirects users not to Facebook but to a site falsely claiming their computer is infected. This troubling experience was highlighted by developer and TikTok creator Justin Poliachik (@j_poli), who encountered what appeared to be an official Facebook URL in a top-placed Google ad, which actually led to a phishing site.
Poliachik expressed his dismay, questioning how Google could allow such deceptive ads. “At first, I was shocked. How can Google let this happen? They shouldn’t allow ads that link to phishing sites,” he remarked. However, he soon realized the complexity of the issue, noting that scammers might be exploiting loopholes in Google’s ad monitoring system.
“If Google’s trackers check the site, it redirects them to the actual Facebook, making it appear legitimate. But when a regular user clicks, it sends them to a phishing site,” Poliachik explained. He also noted that these ads tend to be short-lived, likely due to their high cost and quick reporting by users.
Malwarebytes Labs confirmed these findings, emphasizing that such malvertising attacks are not new and continue to pose significant risks to consumers. “There’s no single solution to stop all malvertising, but we hope that public awareness will prompt more decisive action against this form of fraud,” they commented.
Malvertising campaigns often employ a technique known as ‘cloaking’ to differentiate between bots and real users, delivering different content to each. “Cloakers can easily manipulate this by showing legitimate content to bots and harmful content to users,” Malwarebytes explained.
This deception involves scammers placing a misleading URL in the tracking template within Google’s ad system, then managing the actual content shown to users externally. Thus, bots see a legitimate site, whereas real users end up at a scam site.
Poliachik suggested that Google should enhance its AI capabilities and increase the frequency of link checks. However, Malwarebytes researchers are skeptical that AI alone can solve the problem of malvertising.
Instead, they suggest that Google could improve its verification processes by analyzing various data points about advertisers, such as user profiles, payment methods, and the specifics of the ads themselves, including the URLs and the actual behavior when clicked.
“Is the user really taken to the site the ad claims? This basic check is surprisingly easy to manipulate and remains a significant vulnerability,” the researchers pointed out.
Malwarebytes also advises users to remain vigilant about sponsored search results, consider using ad blockers, and learn to identify scam websites. They recommend using browser extensions designed to protect against such threats, emphasizing that while users should not need to verify each ad, taking these precautions is essential for online safety.
