Although search engines have evolved tremendously in the last two decades, there are still some loopholes that scammers can take advantage of to scam users. A typical example is scammers who misuse search engine ads to direct people to deceptive websites that mimic official ones, and in most cases are successful.
How does the search engine ads scam work? How can you identify this scam? Can you avoid falling prey to him?
What is Search Engine Ad Scam?
Search engine ads scam is a phishing scam in which scammers post deceptive ads on popular search engines by manipulating search engine advertising. Although search engine algorithms don’t allow deceptive ads to pass during evaluation, sometimes they slip through anyway.
Consequently, scammers rank high among the paid results above search engine results pages (SERPs) for certain queries. Because scammers make their ads look official, they appear to be legitimate. In this way, they easily lure people into clicking their ads and visiting fraudulent websites instead of the real ones.
Since the ad format resembles an official company ad and the ad appears above the official website on the SERP, it is natural for users to click on the ad believing it to be real. Scammers use this technique to lure users to their phishing sites.
But how exactly does this scam work?
How do search engine ad scams work?
When you use any search engine, you will see paid ads above the actual search engine results pages. Using them, businesses can get the top spot for targeted user queries, and this is where search engines get the most bang for their buck.
However, scammers misuse these ads to direct people to deceptive sites. For example, you search for “Bank of America” ​​to visit their official website, but you might see a paid ad above their real site. Naturally, you click on it without realizing that it is an advertisement, which could lead to a deceptive website.
If you land on such a deceptive website, you can harm yourself in many ways:
- Scammers will track your personal login information.
- Paying through a fake website looks like you’re making an official purchase, but the funds go directly to the scammers.
- Your credit card information may be logged when you use it on a fake website.
- You may be tricked into downloading malicious software thinking you are downloading it from an official website.
And the list goes on and on…
How to spot misleading ads on search engines
First, check the URL displayed in the ad. Scammers often display the URL of the official website in the ad, but with a clickable link to the deceptive website they want users to visit. Sometimes, however, they also mistakenly display a deceptive URL in the ad. So, if the domain name differs from the official one, it is probably a fake.
Be sure to check the top-level domain, or TLD, as scammers often register the same domain name under a different TLD to trick their victims. For example, instead of domain(dot)com, the URL could be domain(dot)ru.
If the display URL and its TLD in the ad is for an official website, check the phone numbers and other information in the ad. Then, compare them with those from real sources. If the data differs, the scammers are running the ads. However, if the information on the screen does not give you any clues, it is better not to click on it.
If you want to investigate further, you are welcome to, but be very careful. Right click on the ad and copy its link, open the private browsing mode of your respective browser and paste the link there.
After that, here are a few things to check.
- Check the TLD and domain name of the website, the URL linked in the ad was opened. If they differ from the official one, it is false.
- Does the URL contain random characters? If so, scammers may try to redirect you somewhere else.
- Check if an SSL certificate protects the website. A lock symbol will appear before the domain name, indicating that the website is protected by SSL and that the connection is secure. Or just check that the URL has an “S” in Hypertext Transfer Protocol, i.e. “HTTPS“.
Even if everything looks legitimate, you should take precautions to avoid falling victim to a search engine ad scam.
How to avoid becoming a victim of a search engine advertising scam
First of all, you should never visit a website through an advertisement, even if it is run by the official company. Instead, scroll down a bit and you will find the website in the genuine search engine results. You can then visit the actual website, knowing that you are on the right track. That is the most effective way to avoid misleading ads on search engines.
In case you want to claim the offer or discount on an ad, which makes it imperative to click on the ad, follow these tips to avoid falling victim to a search engine ad scam:
- If you are directed to an unofficial website after clicking on an ad, please close it as soon as possible.
- Make a note of the discount page URL and open it separately from the official website menu. This way, you can make sure that the malicious ad script hasn’t embedded a tracker in your browser. You can even visit the original site and search for the discount.
- Do not use your credit card to shop on websites linked in the ads.
- Do not open ads in your main browser, especially if you are signed in to your accounts, such as Gmail.
- Scammers can easily make you download adware along with the main software it tries to install. Avoid downloading anything from the sites you visit after clicking an ad.
Help protect others by reporting the misleading ad
If you come across an ad that takes you to an unofficial source or looks like a scam, you should report it to the relevant search engine. If you find an ad on Bing, you can report it to Microsoft, and if it’s on Google, report it to Google.
Google explains how to report an ad on your Google ads help page. Similarly, Microsoft shows how to report an ad on Bing.
Beware of search engine advertising scams
With some knowledge of how search engine ad scams work, you will be able to surf the Internet safely in the future. Don’t let your loved ones fall victim to this scam either. Spread the word and prevent them from losing their valuable data and money.