Tech support scammers impersonate Google via malicious search ads
Google Search ads that target users looking for Google’s own services lead them to spoofed sites and Microsoft and Apple tech support scams.
The fake Google Search ads (Source: Malwarebytes)
“In this particular scheme, all web resources used from start to finish are provided by cloud providers, often free of charge. That means more flexibility for the criminals while increasing difficulty to block,” Malwarebytes researcher Jérôme Segura notes.
Google ads leading to tech support scams
It all starts with the ads, pushed by the same (compromised) advertiser and then later by a new advertiser account opened by the scammers.
The ads ostensibly point to Google Search, Translate, Analytics, Earth, and so on, but a closer look shows that the URLs of the pages are not the correct ones.
Instead, they are all hosted on Looker Studio (lookerstudio.google.com), another Google service/online tool that allows users to convert data into reports and dashboards.
The page looks like the real deal, but it is actually an image of the Google Search home page that is stretched across the entire screen.
“What’s interesting is how this image is used as a lure that requires some user interaction to trigger an action. Leveraging the Looker Studio API, the scammers are embedding a hidden hyperlink that will be launched as a new tab when a victims clicks on the image,” Segura explained.
“The embedded link (…) redirects to a fake Microsoft or Apple alert page that will attempt to hijack the browser by going in full screen mode and play a recording.”
The user is faced with a barrage of alerts, all (more or less) saying that the computer has been blocked, and that they should contact Microsoft/Apple support via a provided telephone number. If they do, they fake Microsoft or Apple representatives will try to persuade them to part with their money to get the computer “fixed”.
“These fake alerts are the most common way innocent people fall victims to tech support scams. In such a situation, many people will assume there is something wrong their computer and will follow the instructions they are given on screen,” Segura added.