If you find yourself needing information on a product, a service, or customer support, you probably instinctively reach for Google. While Google might be a convenient way to get information for a lot of things, customer support should probably be taken off the list. Scams cleverly disguised in Google ads can be devastating to your organization and need to be avoided at all costs. In this week’s blog post, we’ll look at how these scams disguise themselves, the impact they can have, and ways to safeguard your organization (and yourself) against them.
Malicious Google ads?
The scenario is simple enough: if you have a problem with a specific piece of software and decide that you need help from the software developers, you could Google the company with “customer support” in the title. In the past, Google’s front page has been a source of legitimate links to the most relevant pages, which were (by definition) legitimate. This began to change a few years ago, when the first page of search results became an advertising platform for Google. Now, further changes to the first page of search results make it so there are multiple products on the page: news, AI results, ads, etc.
This change made it possible for “companies” to pay to be promoted to the top spots, and while Google writes “Promoted” beneath ads, it doesn’t exactly stand out. Most users probably just click on the ads that appear at the top of the page. One might think that this isn’t a problem, since the ads are usually bought by the company that owns the product you searched, but Google has been criticized for allowing others to simply pay for ads in this space to direct people to scams instead of service.
Getting scammed instead of support
Many of the ads at the top of the page look legit because they have website names that are similar to the legitimate one. Clicking on them may even take you to a site that looks just like a real customer support site. Once here, there might only be a single-letter difference from the real website.
The idea is to blend in with corporate sites and make it look as legitimate as possible so that you don’t think twice about entering your information in their website.When you call the support numbers on this site, someone answers and will seemingly be ready to help. They may know a lot about the product and sound like they’re doing everything they can to help, but any instructions that they give are now ways of exploiting you.
If they tell you to download something, it’s almost certainly malware of some sort; many scams are intended to steal money from you by asking for a payment for the service at this point; if they ask you to give them remote access to your computer, they can do all kinds of things that will compromise the confidentiality and integrity of the data on your network, including installing malicious software or exfiltrating your data.
Identifying the scam in real time
Customer support scams are typically a problem on Google and other search engines because not every advertisement is vetted before it goes live. This means that the most important thing you can do to avoid this scam is to rely on a search for customer support. However, there are some highly technical attacks that can be performed that may make it impossible to tell that you’re not on a legitimate website when searching for support. It’s important to make sure that you get to the support page directly from the company, but it’s likely more important to understand the signs that you’re talking to the wrong people in real time.
Staying aware and vigilant isn’t just for email, and the same advice that will lead to steering clear from bad emails will go far in protecting you from bad websites as well. Make sure that as you navigate customer support sites that the website name (in the address bar) is legitimate by comparing it to the site that you came in on. Most companies use an address like “support.company.com,” or sometimes “companysupport.com.” If it deviates much from this, it’s important to have your guard up.
If you find yourself on the phone with a customer service agent who insists that you need to give payment for support, it’s likely a scam. If support agents change the topic and start sounding like salespeople, that may be sign that you are talking to the wrong people. If a customer service agent insists that you need to install remote desktop software like AnyDesk, ScreenConnect, or use Remote Desktop Protocol to let them help, you need to be 100% sure that they are legitimate before doing so.
Being aware of what you’re clicking on is the first step to making sure you avoid scams. As we’ve detailed here, it can be hard when the scams have the same level of promotion as the legitimate sites, but keeping an eye on the URL in the address bar can go a long way in staying safe. This might not be so easy to do on your own, but there’s a great community of volunteers out there maintaining adblocking software because of problems like this.
Adblocking software is the product of community projects to blocklist certain websites and domains on the web that are known to be malicious or spammy. Installing a browser extension for adblocking is a good (but not perfect) way to protect against this kind of attack. Some commenters have noted, though, that these extensions, by necessity, have access to all of your browsing activity. There haven’t been any known instances of well-known adblockers (like Ublock Origin) being leveraged by attackers to exploit users.
To get around that problem, network-wide adblocking is possible. A lot of companies use some kind of web filtering as part of their antimalware software, such as Sophos Central. For home use, the most popular solution is PiHole: a piece of software that can be installed on Raspberry Pis that becomes a part of your home network infrastructure. For just $30, you can have a tiny, efficient server that will use community blocklists to try to stay ahead of malicious webpages of all kinds. The only downside is that it takes quite a bit of technical prowess—Linux knowledge, specifically—to set up and maintain.
The attackers that use these methods for tricking unsuspecting victims are always playing whack-a-mole with ad sellers. Google certainly doesn’t want the reputation of being an outlet for scams, but their model for selling and vetting all the ads they publish is lagging behind the speed with which attackers pivot and exploit their model.
As is usual, awareness and vigilance are the main ways of keeping your data safe and avoiding either having your personal information stolen or having your company’s network data put at risk. The risk can’t be avoided entirely, because attackers are always finding new ways to stay ahead, but relying on your IT team for guidance and advice on how to stay safe is also a great move to make.
-Written by Derek Jeppsen on Behalf of Sean Goss and Crown Computers Team