Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
Advertising Google

Google's Top Search Result For 'Target' Was A Tech Support Scam (bleepingcomputer.com) 102

An anonymous reader quotes BleepingComputer: Malicious ads displayed in Google search results for Target -- the US retailer -- redirected users to a tech support scam. The malvertising campaign was spotted on Friday by a US user who posted his observations to a StackExchange thread. The rogue ad appeared when users searched for the term "target," right at the top of all search results, [and] used a feature of the Google Ads service that allows ad publishers to display a URL but redirect users to another link. For example, in the rogue ad, the displayed link was "target.com," but users were redirected to "tech-supportcenter.us." Surprisingly, this got past Google's ad quality control service... The page users landed on was mimicking the style of Microsoft's real website, but was urging users to call a phone number to remove a non-existent "HARDDISK_ROOTKIT_TROJAN_HUACK.EXE" file.
The article points out the same thing happen in February when Google's top search result for Amazon was a spoof site with another tech support scam.
This discussion has been archived. No new comments can be posted.

Google's Top Search Result For 'Target' Was A Tech Support Scam

Comments Filter:
  • by mspohr ( 589790 ) on Sunday June 04, 2017 @08:35PM (#54548949)

    Noticed today on the news.google.com site that two "stories" under the "Health" section were gibberish (kind of like covfefe) and when I clicked on them one led to an online casino site and another to a "Canadian drug" seller. The news headlines appeared legitimate. Not as dangerous but still disturbing.

    • Re: (Score:1, Funny)

      by Anonymous Coward

      covfefe isn't gibberish, it is just too highly classified for anybody to be allowed to tell us what it means.

    • by Anonymous Coward
      Yeah. Saw it too. Lead to spammy sites. No malware, though
    • If you want to find more tech support scams at the top of google search results, all you have to do is search for "can't install X", where X is some common piece of software. This has been going on for YEARS. Google doesn't care, because it makes them ad money.
  • Tar-jhay (Score:4, Funny)

    by mentil ( 1748130 ) on Sunday June 04, 2017 @08:37PM (#54548961)

    People expecting to find Target, found themselves a mark.

  • by Anonymous Coward

    I always skip the ad results.

    • by Anonymous Coward

      Congratulations. Maybe you can talk to all the 70+ year old patrons who come to my library to use the internet, and all of their friends who have computers at home, and the millions like them all over the country. They wouldn't know an ad from a legitimate search result if it reached out and punched their monkey through the screen. These people think that guy screaming BULLETIN 9:30 AM NEW YORK on the replica gold coin commercials is a government official warning them they'll be broke if they don't buy some

      • by Anonymous Coward
        A fool and his money are soon parted. Fuck them. It's in everyone's best interest to educate oneself to at least some basic level of competence. If you're too damned lazy to care you deserve what you get.
      • Re:Who clicks ads? (Score:5, Insightful)

        by gordguide ( 307383 ) on Monday June 05, 2017 @01:48AM (#54549783)

        Ordinary people don't realize that search is a skill.

        Not a difficult skill, but a skill none the less.

        They think that because they know how to click on a Google bookmark that they're done.

        Often you see someone asking a question on some forum. They claim they "Googled it" but found no answers. Every once in a while in some probably misguided attempt at helping the sad user, I "Google it" and present the answer to them in a followup post, which takes me more time to type than to search and discover.

        I don't select the top results, usually. I will dig three pages deep, at least, to find perhaps three or four promising summaries. I open them in a new window in the background without looking at them, until I've decided "I'm done, let's have a look" and then if I don't like the results, I'll rephrase the search terms. It's rare to get three or more good links on the first page result. Others might have different techniques and flexibility if you are not getting the right results is important. Try another engine, force the web to give you what you want somehow.

        But that's now how they use Google. And they don't know better.

        Other times I will be at someone's house or in public, and we might be talking about something, and they are at the helm and I suggest a search. When I look at the search terms they use, I am dumbfounded. There is no way they will get results with those terms. So people don't even know the first step, properly.

        You can help people to a certain extent, but I find they just revert to their old useless habits pretty much immediately. Nothing you can do about it, and many people and entities profit from it. Such is the web.

        • by Anonymous Coward

          Funny thing is, this isn't a new thing or skill really. I grew up without internet (and only 3 TV channels, how the world changed in 30 years) and we had a (ok, rather several types of - art, science, general) printed encyclopedia.
          You often had to find the right "search terms" there, too, and a search took you more than a few seconds, so it was well worth thinking it through first.
          I remember that not everyone had the skills to use an encyclopedia for finding answers either (of course using it like a diction

        • I think that if people are prone to thinking anthromorphically, they should be told that The Internet Is Not Your Friend. It's really not. It's more like one of Lovecraft's Great Old Ones. Immensely powerful, but utterly alien, and just as likely to destroy you as to help you. Asking trivially worded questions and accepting the first answer (or, anything on the first page, usually) is almost always the wrong thing to do, and courts disaster. To have any chance of success requires some knowledge of how

    • by Anonymous Coward

      To be fair here, a lot of ads do look like the surrounding site. In Google's case, to someone who doesn't know what they're doing, they might not even know they clicked on an ad.

      People should know better by now, yes. I don't know what part of the older generation's culture makes them so adverse to following a few relatively simple safety guidelines when online, but at the same time, Google should be more explicit in what items are ads. That part's on them. Change the background color at the very least.

      N

      • by Anonymous Coward

        It's not culture. Their perception just doesn't work (that way).
        If they type a letter and a modal dialog box pops up, they realize they can't type anymore, but they can have trouble finding/seeing the dialog box!
        It's this "take in the whole screen at once and find the critical points to look at" many can't handle.
        They can read the screen top to bottom, or they can look at special places like top right, but not this "complete list of everything on the screen in your brain".
        It's probably also why things movin

        • I mostly use DuckDuckGo because the "privacy" stuff Google needs you to accept pisses me off and I don't think the results themselves are better, sometimes worse, but at least they didn't make such an UNHOLY MESS of their search results page.

          This! Google's searches had become me needing to manually subsearch what they provided, and at least half the time I needed to go to the second page.A lot of their top results are hosted out, os they don't work for me anyhow. The lack of tracking is a bonus, although I take care of that via other ways as well.

          DDG isn't perfect, but at least it's a lot more useable.

  • by Anonymous Coward

    "used a feature of the Google Ads service that allows ad publishers to display a URL but redirect users to another link [...] Surprisingly, this got past Google's ad quality control service"
    How is it surprising that a feature used as intended got past QC?

  • Lol.

    Anyway, killing google's ads is easy. Killing the gratuitous anti-Trump propaganda mixed in with basically every google search (including a search for "Target" [imgur.com]), not so much. I'd even settle for being able to turn off the "Top Stories" section that appears over most searches, which they seem to have coded in a filter-proof way (or I'm just a noob with custom filters). Someday I'll whip up a greasemonkey script to get rid of it, if nothing else.

    • by jafiwam ( 310805 )

      Lol.

      Anyway, killing google's ads is easy. Killing the gratuitous anti-Trump propaganda mixed in with basically every google search (including a search for "Target" [imgur.com]), not so much. I'd even settle for being able to turn off the "Top Stories" section that appears over most searches, which they seem to have coded in a filter-proof way (or I'm just a noob with custom filters). Someday I'll whip up a greasemonkey script to get rid of it, if nothing else.

      Just switch to Bing, DuckDuckGo, or one of the others.

      Google will straighten up or get replaced.

      Sitting around wishing they will get better on their own is a fool's errand.

  • by Anonymous Coward

    Most all ads are as bad as link shorteners in that the final destination is hidden. On a related note, many links on the web these days are hidden / spoofed via javascript. It's beyond time for ad networks to assume some liability for hosting / distributing malware ads. One simply can't trust clicking on any ad. I emphasize this to others whenever the topic of computer security comes up. An ad blocker is increasingly a necessity.

    • Just don't click on ads or shortened URL's. Doh!

      One bad short URL could land you in jail and on the sex offenders register for life (kiddie pron). Don't take chances.

  • Quick..... (Score:2, Insightful)

    by Anonymous Coward

    People are fucking idiots - but lets blame someone else

  • hosts (Score:4, Insightful)

    by TheRealMindChild ( 743925 ) on Sunday June 04, 2017 @09:16PM (#54549067) Homepage Journal
    0.0.0.0 googleadservices.com
  • When I got the pop-up message this morning, I thought it was from a French website that some asshat posted my picture. Must have came from somewhere else. The French website respected my DMCA takedown notice and took down my picture this afternoon.
  • by Reaperducer ( 871695 ) on Sunday June 04, 2017 @09:40PM (#54549133)

    "Surprisingly, this got past Google's ad quality control service"

    Actually, it's not surprising if you've ever had to deal with Google's ad quality control service. It's worse than Dell support in the 90's.

  • by bigdady92 ( 635263 ) on Sunday June 04, 2017 @09:43PM (#54549149) Homepage
    Since when? Oh people still browse without an AdBlocker. Silly people.
  • by Anonymous Coward

    Google use to have "don't be evil" as the code of conduct. Now the new code perhaps should be "be as evil as possible". They are doing all evil things in order to chase the ad money. Look at how they structured youtube playback, you can see how bad they are. Somebody also pointed out the timing they announced the TPU 2 hardware, isn't it too close to the coming out party of NVIDIA's Volta?

  • from TFS: "posted his observations to a StackExchange thread..."

    What is the best place to report such scams? I don't want to have to create an account or fill out a stupid web form. I want an email address (that allows attaching screen shots, etc) for someone, some organization, some agency who can expedite a solution for the general public. Thanks.

    • by Anonymous Coward

      If the problem is in Sweden, try the government consumer agency's Swedish web form [konsumentverket.se] or one of 15 other languages [konsumentverket.se]. For other EU and EES countries, try the tax funded NGO European Consumer Organisation [www.beuc.eu].
      If you're a Yank, shut up and try not to be locked up as a traitorous commie, I guess.

  • by mrsam ( 12205 ) on Sunday June 04, 2017 @10:37PM (#54549285) Homepage

    If the folks at Mozilla are listening, this is a golden opportunity to score some brownie points.

    It should be possible for a browser to detect when a click on an anchor tag gets intercepted by a javascript onclick that goes to a completely different URL, and for the browser to throw a big fat warning instead.

    Of course, nobody would expect for Chrome to do anything like this, since Google depends on this hostile and abusive practice for generating ad click revenue. But I would think that this would be a value tool for blocking potential exploits, and a thumb in the eye of Google.

    • Nope, features that would actually benefit the user get auto-WONTFIXed. And it's not a new thing [mozilla.org].

      • Nope, features that would actually benefit the user get auto-WONTFIXed. And it's not a new thing.

        And that's the best example you could come up with? Just like the notes say, a user script can handle this efficiently for the minuscule percentage of users that need it. This is also true for the problem we're discussing now. Meanwhile, it's absolutely normal for webpages to intercept clicks to hrefs with a script. That's a common way, for example, to provide fallback functionality for users without javascript. The idea that you should bring up a warning every time it happens is patent nonsense.

    • by sootman ( 158191 )

      > It should be possible for a browser to detect when a click on an anchor tag
      > gets intercepted by a javascript onclick that goes to a completely different
      > URL, and for the browser to throw a big fat warning instead.

      It should be possible that a status bar would show you EXACTLY what you're about to click on (bonus: it should not be over-writeable by JavaScript) but OOPS TOO LATE FUCK YOU THAT SHIP HAS SAILED STATUS BARS ARE UGLY SO WE GOT RID OF THEM LOLOMGWTFQQB!!!!!111
      - Signed,
      All major browser

    • by tlhIngan ( 30335 )

      It should be possible for a browser to detect when a click on an anchor tag gets intercepted by a javascript onclick that goes to a completely different URL, and for the browser to throw a big fat warning instead.

      I believe NoScript's anti-clickjacking does it - it pops up a dialog saying your click would go somewhere else and you can see it with and without the clickjacking.

      The real question is - how in the world did someone install the onclick handler? If you're searching Google, all the data comes from Go

  • A search engine is worse than worthless if it allows this to happen.
    • by Anonymous Coward

      google is an advertising company.

      an advertising company is worse than worthless if it allows this to happen.

      and... this is entirely their fault.

      a feature of the Google Ads service that allows ad publishers to display a URL but redirect users to another link

      what? they are actively supporting and encouraging the use of misleading advertisements and links.

      if you can't trust the largest online advertising company to keep you safe from malicious advertisements and links......

      just one more reason why adblockers a

    • A search engine is worse than worthless if it allows this to happen.

      Well, that's how they started out, as a search company. They started accepting money to fudge the results to push those who pay to the top and created side ads. But Ad dollars are like crack, they got addictive. Now they post the ads on the op of the search instead of the results.

      By the way, they got rid of the "don't be evil" motto when they became Alphabet. Now it's "Do the Right thing". Which, if you think about it, is much more ambiguous because the right thing for shareholders isn't always compati

  • by Anonymous Coward

    The faster the google/android fans recognize this, the better.

  • This is really interesting - I actually saw somebody search for American Express on Bing and end up on a different bogus website. I had no idea how they managed to pull it off, but now I think I have some idea of what happened...
  • Weeks ago I googled "walmart", and the top result was a support scam. I reported this to google, using the term "dumbass".
  • I don't know why Google isn't called on this by more people as it seems like it's common knowledge by techies that Google's first hits on a Google search are scam sites attempting to trick you into calling them rather than HP, D-Link, Microsoft, etc.. While the savvy folks on this site would subconsciously skip past these links, seniors are regularly calling these numbers to invite malicious scammers into their computers who then proceed to charge them recurring fees to maintain their computer.

    A friend o
  • used a feature of the Google Ads service that allows ad publishers to display a URL but redirect users to another link

    What possible reason does this "feature" have for even existing? The whole purpose of displaying a URL when you hover over a link is to tell the user where the link will take them. There's no legitimate reason to ever override that behavior.

  • I came here for a 'in Soviet Google, target is YOU!'...left dissapointed.

A Fortran compiler is the hobgoblin of little minis.

Working...