Malvertisers are lurking on Google search results—and for a while, had the top two advertising spots when a search for YouTube was entered.
“Cybercrooks made this one look very real, with the supposed URL destination actually being the real YouTube website, and providing a preview to a YouTube channel when hovering over the link with your mouse—making this one good enough to trick even some security-savvy users,” explained Jerome Segura, researcher at Malwarebytes Lab, in an analysis shared with Infosecurity pre-publication.
Essentially, the crooks bid on the “YouTube” keyword to have their ads displayed at the top, before the organic search results.
When victims clicked on these particular links, they were directed to a site displaying a phone number “helpline” to call, as part of a tech support scam. It was “quite possibly the first documented tech support scam BSOD linked to Google AdWords, the tech giant’s largest online advertising service,” Segura said.
Victims who ended up calling the bogus support number could have been duped out of anywhere from $200 to $600 for unnecessary support packages. The criminals often committed identity theft as well, and attempted to drain victims’ bank accounts.
“Many times these rogue advertisers will abuse legitimate brands to trick people and provide services on behalf of these companies,” Segura said. “Beyond copyright infringement laws, there is also the almost always present social engineering aspect that follows, to con people into spending hundreds of dollars for no good reason.”
Malwarebytes reported the campaign to Google and the bogus ads were pulled right away—but it’s a good reminder to be ever-vigilant, even when a link looks legit.