Scammers have been using Google AdWords as their base for a malvertising campaign in a bid to lure unsuspecting users into paying for unnecessary IT support, or worse still, gather their details to carry out identity theft.
The rogue advertisers were found by MalwareBytes to be abusing legitimate brands – such as YouTube – to trick people into clicking on their page when searching on Google. The cyber criminals bid on the ‘youtube’ keyword and somehow got their ads displayed at the top of the page when someone searched for YouTube.
What makes the ad look legitimate is that when you hover over it, the supposed destination is actually a channel on YouTube.com – this makes it look as if the link would take users to YouTube, but instead clicking on the ad leads to what MalwareBytes calls the ‘Blue Screen of Death’ or BSOD, in a ploy designed to convince users that there’s something seriously wrong with their PC.
Users are then instructed to call a toll-free ‘helpline’ to resolve their issues – but on the other end of the line are criminals who are hoping to sell them expensive, and unnecessary support packages.
Those users who opt to go for the support packages will be defrauded from anywhere between $199 and $599, according to MalwareBytes, and if they can, the criminals will attempt to commit identity theft and clear out their victims’ bank accounts.
The cyber criminals had registered a minimum of two domains to perform the redirection from the Google advert to the BSOD page, and these are hosted on an IP address where the rest of the fraudulent sites also reside. This includes appleonlinesupport.us, antivirtus-security365.com, microsofttechsupport.net and malware-attack.com.
Google has since pulled the ads from its website, but this isn’t the first time that these types of ads have appeared on search engines, and is unlikely to be the last.
Enterprises should aim to raise awareness of malvertising practices within the workplace, particularly how criminals aim to make their services seem as convincing and legitimate as possible in a bid to exploit innocent and unsavvy PC users.