It’s not a new technique, but that doesn’t mean that cybercriminals cannot make rich rewards from SEO poisoning.Â
SEO poisoning is the dark art of manipulating search engines to ensure that malware-laced adverts and dangerous websites appear high on users’ results – often impersonating legitimate businesses and organisations.Â
But the simplest way of all to get a malicious website in front of a potential victim is to create a Google advertising account, and buy your way to the top of the search results.Â
And, according to Jérôme Segura, senior director of research at security firm Malwarebytes, the most common type of malicious Google search ads encountered are those which pose as the customer support teams of major internet brands like PayPal, eBay, Apple, and Netflix.Â
The example pictured above follows a familiar narrative. A user Googles for “PayPal help” and the first result he is shown if a sponsored ad that – if clicked on – would take them to a fairly rudimentary free webpage containing PayPal’s logo and what purports to be PayPal’s phone number.Â
Why isn’t Google doing a better job of intercepting campaigns like this? Just a cursory look is all that is required to determine that the advert is highly suspicious.Â
The answer may lay in the fact that some attackers are using ad delivery networks, redirecting users to malicious webpages after the ad has been paid for and approved.Â
According to Segura, the scammers behind the campaigns are often found to be “repeat offenders” – with some fraudsters reusing the same advertiser accounts repeatedly.Â
In one instance, the same account had been reported over 30 times in the past three months – seemingly without any action being taken by Google.Â
“While it would be foolish to assume fraudsters would stop scamming altogether if those accounts were terminated, it also exposes something problematic with our reporting, and to a greater extent with how Google’s policies apply to repeat offenders,” said Segura.Â
Malwarebytes says that malvertising has grown significantly in the United States – rising 42% month-over-month in Fall 2023, and continuing to climb another 41% from July to September 2024.Â
Segura told Wired that the fact scammers continue to spend time, effort and money on malicious advertising indicates that they are “getting a return on their ad spend.”Â
Meanwhile legitimate brands have to spend their own small fortune buying ads, in a desperate attempt to fend scammers away from reaching the critical spot on the search results.Â
It would be unfair to suggest that Google isn’t taking the problem seriously. Its own statistics claim that the company blocked or removed around 5.5 billion ads and suspended over 12.7 million advertiser accounts in 2023.Â
But clearly there is more that can be done.Â
And while there is easy money to be made, the scam adverts surely will continue.
Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor and do not necessarily reflect those of Tripwire.