Google's Top Search Result For 'Target' Was A Tech Support Scam (bleepingcomputer.com) 102
An anonymous reader quotes BleepingComputer:
Malicious ads displayed in Google search results for Target -- the US retailer -- redirected users to a tech support scam. The malvertising campaign was spotted on Friday by a US user who posted his observations to a StackExchange thread. The rogue ad appeared when users searched for the term "target," right at the top of all search results, [and] used a feature of the Google Ads service that allows ad publishers to display a URL but redirect users to another link. For example, in the rogue ad, the displayed link was "target.com," but users were redirected to "tech-supportcenter.us." Surprisingly, this got past Google's ad quality control service... The page users landed on was mimicking the style of Microsoft's real website, but was urging users to call a phone number to remove a non-existent "HARDDISK_ROOTKIT_TROJAN_HUACK.EXE" file.
The article points out the same thing happen in February when Google's top search result for Amazon was a spoof site with another tech support scam.
The article points out the same thing happen in February when Google's top search result for Amazon was a spoof site with another tech support scam.
Happening on Google News also (Score:5, Informative)
Noticed today on the news.google.com site that two "stories" under the "Health" section were gibberish (kind of like covfefe) and when I clicked on them one led to an online casino site and another to a "Canadian drug" seller. The news headlines appeared legitimate. Not as dangerous but still disturbing.
Re: (Score:1, Funny)
covfefe isn't gibberish, it is just too highly classified for anybody to be allowed to tell us what it means.
Re: (Score:1)
Re: (Score:3)
Tar-jhay (Score:4, Funny)
People expecting to find Target, found themselves a mark.
Re: (Score:1)
Re: Tar-jhay (Score:2)
Who clicks ads? (Score:1)
I always skip the ad results.
Re: (Score:1)
Congratulations. Maybe you can talk to all the 70+ year old patrons who come to my library to use the internet, and all of their friends who have computers at home, and the millions like them all over the country. They wouldn't know an ad from a legitimate search result if it reached out and punched their monkey through the screen. These people think that guy screaming BULLETIN 9:30 AM NEW YORK on the replica gold coin commercials is a government official warning them they'll be broke if they don't buy some
Re: (Score:1)
Re: (Score:3)
Set up a cron job to send this comment to yourself when you're 60.
Re:Who clicks ads? (Score:5, Insightful)
Ordinary people don't realize that search is a skill.
Not a difficult skill, but a skill none the less.
They think that because they know how to click on a Google bookmark that they're done.
Often you see someone asking a question on some forum. They claim they "Googled it" but found no answers. Every once in a while in some probably misguided attempt at helping the sad user, I "Google it" and present the answer to them in a followup post, which takes me more time to type than to search and discover.
I don't select the top results, usually. I will dig three pages deep, at least, to find perhaps three or four promising summaries. I open them in a new window in the background without looking at them, until I've decided "I'm done, let's have a look" and then if I don't like the results, I'll rephrase the search terms. It's rare to get three or more good links on the first page result. Others might have different techniques and flexibility if you are not getting the right results is important. Try another engine, force the web to give you what you want somehow.
But that's now how they use Google. And they don't know better.
Other times I will be at someone's house or in public, and we might be talking about something, and they are at the helm and I suggest a search. When I look at the search terms they use, I am dumbfounded. There is no way they will get results with those terms. So people don't even know the first step, properly.
You can help people to a certain extent, but I find they just revert to their old useless habits pretty much immediately. Nothing you can do about it, and many people and entities profit from it. Such is the web.
Re: (Score:1)
Funny thing is, this isn't a new thing or skill really. I grew up without internet (and only 3 TV channels, how the world changed in 30 years) and we had a (ok, rather several types of - art, science, general) printed encyclopedia.
You often had to find the right "search terms" there, too, and a search took you more than a few seconds, so it was well worth thinking it through first.
I remember that not everyone had the skills to use an encyclopedia for finding answers either (of course using it like a diction
Re: (Score:2)
I think that if people are prone to thinking anthromorphically, they should be told that The Internet Is Not Your Friend. It's really not. It's more like one of Lovecraft's Great Old Ones. Immensely powerful, but utterly alien, and just as likely to destroy you as to help you. Asking trivially worded questions and accepting the first answer (or, anything on the first page, usually) is almost always the wrong thing to do, and courts disaster. To have any chance of success requires some knowledge of how
Re: (Score:1)
To be fair here, a lot of ads do look like the surrounding site. In Google's case, to someone who doesn't know what they're doing, they might not even know they clicked on an ad.
People should know better by now, yes. I don't know what part of the older generation's culture makes them so adverse to following a few relatively simple safety guidelines when online, but at the same time, Google should be more explicit in what items are ads. That part's on them. Change the background color at the very least.
N
Re: (Score:1)
It's not culture. Their perception just doesn't work (that way).
If they type a letter and a modal dialog box pops up, they realize they can't type anymore, but they can have trouble finding/seeing the dialog box!
It's this "take in the whole screen at once and find the critical points to look at" many can't handle.
They can read the screen top to bottom, or they can look at special places like top right, but not this "complete list of everything on the screen in your brain".
It's probably also why things movin
Re: (Score:2)
I mostly use DuckDuckGo because the "privacy" stuff Google needs you to accept pisses me off and I don't think the results themselves are better, sometimes worse, but at least they didn't make such an UNHOLY MESS of their search results page.
This! Google's searches had become me needing to manually subsearch what they provided, and at least half the time I needed to go to the second page.A lot of their top results are hosted out, os they don't work for me anyhow. The lack of tracking is a bonus, although I take care of that via other ways as well.
DDG isn't perfect, but at least it's a lot more useable.
Re: first poist (Score:4, Funny)
Hey, buddy. You forgot to renew your domain name. Careful or someone might nab it from ya!
An excellent opportunity for a goat dealer on Christmas Island!
Not Very Surprising (Score:1)
"used a feature of the Google Ads service that allows ad publishers to display a URL but redirect users to another link [...] Surprisingly, this got past Google's ad quality control service"
How is it surprising that a feature used as intended got past QC?
"Please disable adblocker, our ads are trustworthy (Score:1)
Lol.
Anyway, killing google's ads is easy. Killing the gratuitous anti-Trump propaganda mixed in with basically every google search (including a search for "Target" [imgur.com]), not so much. I'd even settle for being able to turn off the "Top Stories" section that appears over most searches, which they seem to have coded in a filter-proof way (or I'm just a noob with custom filters). Someday I'll whip up a greasemonkey script to get rid of it, if nothing else.
Re: (Score:3)
Lol.
Anyway, killing google's ads is easy. Killing the gratuitous anti-Trump propaganda mixed in with basically every google search (including a search for "Target" [imgur.com]), not so much. I'd even settle for being able to turn off the "Top Stories" section that appears over most searches, which they seem to have coded in a filter-proof way (or I'm just a noob with custom filters). Someday I'll whip up a greasemonkey script to get rid of it, if nothing else.
Just switch to Bing, DuckDuckGo, or one of the others.
Google will straighten up or get replaced.
Sitting around wishing they will get better on their own is a fool's errand.
Most All Ads Hide The Destination Site (Score:1)
Most all ads are as bad as link shorteners in that the final destination is hidden. On a related note, many links on the web these days are hidden / spoofed via javascript. It's beyond time for ad networks to assume some liability for hosting / distributing malware ads. One simply can't trust clicking on any ad. I emphasize this to others whenever the topic of computer security comes up. An ad blocker is increasingly a necessity.
Re: (Score:2)
Just don't click on ads or shortened URL's. Doh!
One bad short URL could land you in jail and on the sex offenders register for life (kiddie pron). Don't take chances.
Re: (Score:3)
How is that different from any other 302/303?
Quick..... (Score:2, Insightful)
People are fucking idiots - but lets blame someone else
hosts (Score:4, Insightful)
Ran into this today... (Score:2)
Not surprising at all. (Score:3)
"Surprisingly, this got past Google's ad quality control service"
Actually, it's not surprising if you've ever had to deal with Google's ad quality control service. It's worse than Dell support in the 90's.
There are ADs on a web browser? (Score:3)
"be as evil as possible" (Score:1)
Google use to have "don't be evil" as the code of conduct. Now the new code perhaps should be "be as evil as possible". They are doing all evil things in order to chase the ad money. Look at how they structured youtube playback, you can see how bad they are. Somebody also pointed out the timing they announced the TPU 2 hardware, isn't it too close to the coming out party of NVIDIA's Volta?
best place to report scams? (Score:2)
from TFS: "posted his observations to a StackExchange thread..."
What is the best place to report such scams? I don't want to have to create an account or fill out a stupid web form. I want an email address (that allows attaching screen shots, etc) for someone, some organization, some agency who can expedite a solution for the general public. Thanks.
Re: (Score:1)
If the problem is in Sweden, try the government consumer agency's Swedish web form [konsumentverket.se] or one of 15 other languages [konsumentverket.se]. For other EU and EES countries, try the tax funded NGO European Consumer Organisation [www.beuc.eu].
If you're a Yank, shut up and try not to be locked up as a traitorous commie, I guess.
Mozilla to the rescue? (Score:4, Interesting)
If the folks at Mozilla are listening, this is a golden opportunity to score some brownie points.
It should be possible for a browser to detect when a click on an anchor tag gets intercepted by a javascript onclick that goes to a completely different URL, and for the browser to throw a big fat warning instead.
Of course, nobody would expect for Chrome to do anything like this, since Google depends on this hostile and abusive practice for generating ad click revenue. But I would think that this would be a value tool for blocking potential exploits, and a thumb in the eye of Google.
Re: (Score:2)
Nope, features that would actually benefit the user get auto-WONTFIXed. And it's not a new thing [mozilla.org].
Re: (Score:2)
Nope, features that would actually benefit the user get auto-WONTFIXed. And it's not a new thing.
And that's the best example you could come up with? Just like the notes say, a user script can handle this efficiently for the minuscule percentage of users that need it. This is also true for the problem we're discussing now. Meanwhile, it's absolutely normal for webpages to intercept clicks to hrefs with a script. That's a common way, for example, to provide fallback functionality for users without javascript. The idea that you should bring up a warning every time it happens is patent nonsense.
Re: (Score:2)
Not "every time", but when the click "goes to a completely different URL".
You mean like when a script is delivered from a CDN?
Re: (Score:2)
> It should be possible for a browser to detect when a click on an anchor tag
> gets intercepted by a javascript onclick that goes to a completely different
> URL, and for the browser to throw a big fat warning instead.
It should be possible that a status bar would show you EXACTLY what you're about to click on (bonus: it should not be over-writeable by JavaScript) but OOPS TOO LATE FUCK YOU THAT SHIP HAS SAILED STATUS BARS ARE UGLY SO WE GOT RID OF THEM LOLOMGWTFQQB!!!!!111
- Signed,
All major browser
Re: (Score:2)
I believe NoScript's anti-clickjacking does it - it pops up a dialog saying your click would go somewhere else and you can see it with and without the clickjacking.
The real question is - how in the world did someone install the onclick handler? If you're searching Google, all the data comes from Go
Worse than worthless (Score:2)
Re: (Score:1)
google is an advertising company.
an advertising company is worse than worthless if it allows this to happen.
and... this is entirely their fault.
what? they are actively supporting and encouraging the use of misleading advertisements and links.
if you can't trust the largest online advertising company to keep you safe from malicious advertisements and links......
just one more reason why adblockers a
Re: (Score:2)
A search engine is worse than worthless if it allows this to happen.
Well, that's how they started out, as a search company. They started accepting money to fudge the results to push those who pay to the top and created side ads. But Ad dollars are like crack, they got addictive. Now they post the ads on the op of the search instead of the results.
By the way, they got rid of the "don't be evil" motto when they became Alphabet. Now it's "Do the Right thing". Which, if you think about it, is much more ambiguous because the right thing for shareholders isn't always compati
Google is an advertising company first (Score:1, Insightful)
The faster the google/android fans recognize this, the better.
Re: (Score:2)
I was very annoyed by this and reported it to google in less than polite terms.
Oh shit! (Score:2)
Not just Target (Score:2)
Google enables the scamming of the elderly (Score:2)
A friend o
Why does this even exist? (Score:2)
What possible reason does this "feature" have for even existing? The whole purpose of displaying a URL when you hover over a link is to tell the user where the link will take them. There's no legitimate reason to ever override that behavior.
Soviet (Score:2)