Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
Researchers regularly see malicious ads in search results that pose as legitimate businesses and organizations. Whether it’s a county municipality, a utility company like a power company, or a large business, people will use search engines to simply find the URL of the organization. And if the first results or the most clickable results are ads, scammers have the opportunity to buy this real estate.
“The volume of this stuff is huge,” says Sean Gallagher, senior threat researcher at Sophos. use ad delivery networks and may redirect the URL after paying for the ad.”
Google is well aware that malicious advertising activity is growing and evolving, and the company is specifically addressing misleading and fraudulent advertising activity policiesincluding “misrepresentation policy,” and says it uses multiple approaches to ad verification and detection of malicious ads. Attackers have continued to develop circumvention methods, however, to avoid having their ads flagged or removed 2023Google has blocked or removed about 5.5 billion ads and suspended the accounts of more than 12.7 million advertisers.
The company has also made strides over the years clearly label the ad and outline them in the search results layout However, any ad-supported search engine eventually has both types of content side by side, especially on mobile devices where users have limited screen space.
“We expressly prohibit advertising that attempts to circumvent our enforcement by disguising the advertiser’s identity in order to deceive users and distribute malware,” a Google spokesperson said.
Nate Funkhouser said in a statement to WIRED. “When we find an ad that violates this policy, we remove it and suspend the advertiser’s account as quickly as possible.”
Sophos’ Gallagher notes that criminals can often get the most bang for their buck when they buy ads for more unique searches, where they can dominate the ad space and rise to the top of the results more organically Malwarebytes researchers also regularly see malicious ads running against popular searches such as Google, Walmart, Disney+, Slack, Lowe’s, and Apple. Segura even says that Malwarebytes itself has to invest heavily in buying search engine ads to avoid the company’s brand of malicious ads.
“We have to protect our brand so much,” he says. “People take advantage of it.”
