Fake Apple Pages Exploit Google Ads for Scams
Recent findings by Jérôme Segura, a leading malware intelligence analyst at Malwarebytes, reveal a deceptive campaign targeting unsuspecting users through seemingly legitimate webpages. Segura expressed that many individuals, including the less tech-savvy, might struggle to identify these scams, stating, "If I showed the webpage to my parents, I don’t think they would be able to tell that this is fake." This exploitation occurs through Google ads that mislead users into believing they are accessing official support pages from major companies like Apple, Microsoft, and HP.
The scammers purchase ads that rank at the top of search results for widely recognized platforms. Although Google requires ads to display the official domain of the linked site, the perpetrators exploit a loophole by adding invisible parameters to the URL, enabling them to redirect users to pages that contain fabricated phone numbers. When a target clicks the ad, they are redirected to the legitimate site, where the shady parameters alter the displayed webpage.
One technique observed involves injecting fraudulent phone numbers into the official content. While Google ensures that the appropriate domain appears, the appended parameters conceal the malicious input. For instance, an URL might look legitimate but could include a hidden component like a fake support number, as highlighted in the incident where Malwarebytes detected similar tactics impacting its own site.
The design of these ads presents a significant challenge for users. Many people may not recognize the threat, particularly those who are fatigued, visually impaired, or under cognitive strain. Once users dial the deceptive numbers, they are often connected to scammers impersonating company representatives, who may manipulate them into providing sensitive information or giving remote access to their computers. Previous incidents have seen attackers posing as Bank of America or PayPal, attempting to siphon funds from victims’ accounts.
In terms of the MITRE ATT&CK framework, this operation showcases tactics such as initial access through misleading advertisements and the execution of scams that rely on social engineering techniques. Attack vectors like these underscore vulnerabilities within online advertisement platforms and highlight the importance of vigilance when interacting with online content.
Segura emphasizes that the system currently lacks adequate defenses against these types of scams, as the legitimate websites are unable to discern that fraudulent information is being injected into their pages. So far, this tactic appears to be uniquely linked to Google ads, raising questions about whether similar vulnerabilities might be exploited on other advertising platforms.
In response to the ongoing threat, Malwarebytes has updated its browser security software to alert users about these fraudulent schemes. A fundamental precaution for users is to avoid clicking links in Google ads, prioritizing organic search results where recommendations are generally more reliable.
As cyber threats evolve, the emphasis on educating users about security risks associated with online behavior cannot be overstated. The current scenario serves as a reminder that maintaining cybersecurity awareness is essential for protecting sensitive data and preventing financial loss in an increasingly digital landscape.
