Google Ads Systematically Abused by Dominique René


The malicious technique of poisoning web search results with dodgy links is nothing new. One of the classic mechanisms of this manipulation involves keyword stuffing, where scammers set up websites inundated with trending terms to boost rankings in SERPs and thereby lure more visitors. Thankfully, search providers are constantly refining their algorithms to fend off this exploitation vector, and they have had some tangible success.

Whereas such vanilla tricks no longer work like they used to, cybercrooks have found a way to get around the increasingly sophisticated blacklisting features of the top search engines. A method gearing up for a rise takes advantage of Google’s ad network to promote aggressive tech support scams on a large scale.

Ads are more prominent in search results than regular entries, so the felons have really opened Pandora’s box by pushing their frauds this way. Below are the examples of such stratagems that have hit the headlines recently.

Popular queries returning sketchy adverts

In early June 2019, researchers discovered a defiant malvertising campaign with a tainted flavor of e-commerce and electronic payments. It targeted users looking up the terms “Lowe’s” and “PayPal” on Google.

The former being a well-known U.S. company from the home improvement sector, lots of people are opting for its services every single day and their experience starts with the retail giant’s official website. The con artists were able to pollute Google search results with a booby-trapped ad disguised as a genuine promotion of Lowe’s.

The unsafe entry was displayed at the very top of the SERPs. Such a high position typically instills trust and encourages those interested to click the item without hesitation. Furthermore, the ad’s target URL appeared to be, so there were hardly any apparent clues that made people doubt its legitimacy. When clicked on, though, the link forwarded users to a tech support scam page saying, “Virus alert from Microsoft”.

To put extra pressure on a perplexed visitor, the fraudulent site also mentioned that their computer was blocked due to unusual activity and instructed them to contact “Microsoft helpline” for reactivation. The impostors pretending to be support agents would then ask for a payment to sort out the issue or request remote access to the computer, only to install viruses and charge the victim for the cleanup.

A similar concurrent campaign zeroed in on users who entered the term “PayPal” in Google. The shady ads redirected most searchers to a fake alert page that tried to dupe them into dialing a phone number of pseudo support.

Interestingly, in both scenarios, the same advertisement could either lead to a tech support scam page or the right site for Lowes or PayPal. It’s not entirely clear what the triggers were for each course of action, but researchers believe they could be based on one’s geolocation or the number of clicks from the same IP address during a specified timeframe.

Having discovered this hoax, the analysts shared their findings with Google. The malicious ads are no longer on search results at the time of this writing, but it’s still kind of disconcerting that the malefactors were able to circumvent the ad network’s security checks.

Ads masqueraded as support links for major companies

In a well-orchestrated move, fraudsters managed to infiltrate Google search results with ads camouflaged as support services for Amazon, eBay, and PayPal. This campaign was spotted in April, 2019 and stayed up and running for a couple of weeks despite security experts’ feedback submitted to the search engine.

There were several things that made this stratagem stand out of the crowd. First of all, it was device-sensitive and the ads looked more plausible in mobile web browsers. When displayed in a desktop browser, though, different parts of the support phone numbers in the advertisements were separated by weird symbols that might give some users a heads-up. Analysts think that the use of vertical bars and similar characters could be a way for the crooks to get around Google’s automated ad inspection mechanisms.

One more quirk was about the way the scammers tried to defraud users of money. Passing themselves off as support agents who worked for the associated company, the con artists said there were issues with the caller’s account and asked for a Google Play gift card to fix them. They also emphasized that the amount would be reimbursed by the service provider, which was obviously a lie.

Bogus eBay ad plaguing Google search results

Another instance of rogue advertising that abused Google’s ad network got on the radar of security researchers in March 2019. It revolved around a phony eBay ad that looked fairly convincing at first sight. The tricky item in search results included the legitimate URL of the multinational e-commerce company in question and had no obvious giveaways whatsoever.

When people clicked on it, though, their traffic was redirected via several interstitial domains to a malicious site hosting deceptive malware. Again, the criminals’ tactic boiled down to fooling the victims into contacting the scammers who impersonated Microsoft support.

In order to pass Google’s ad review process, the perpetrators behind this wave reportedly leveraged a complex technique known as “cloaking”, where the landing page shown to the reviewers and the one displayed to regular searchers afterward don’t match. It’s noteworthy that the bad ad was only presented to users living in the United States and during certain time intervals. It’s probably due to these restrictions that the dubious ad didn’t raise too many red flags and remained alive for more than a week since it was discovered.


Everybody appreciates the fact that Google search is completely free to use. The company monetizes these services through ads shown to millions of people every day. Google is interested in attracting as many advertisers as possible in pursuit of profit, which is understandable. However, the search provider is confronted with a tough challenge of separating the wheat from the chaff to keep malicious actors at bay.

The examples above demonstrate that the current anti-fraud tools aren’t effective enough to prevent tech support scammers from getting on board Google’s ad network. Hopefully, this will change in the near future and regular users won’t run the risk of falling victim to such hoaxes when routinely searching the web.

About the author: 

Dominique René is a young writer inspired by the present-day groundbreaking technological progress. Dominique’s overwhelming enthusiasm for tech matters stems from her current research in college and innate aspiration to expand her academic outlook. She’s committed to staying on top of innovative trends in computer security, online privacy, threat intelligence, cryptocurrencies, and cloud solutions.





August 28, 2019
Notify of

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Inline Feedbacks
View all comments
© HAKIN9 MEDIA SP. Z O.O. SP. K. 2023