{"id":24432,"date":"2024-05-02T08:10:24","date_gmt":"2024-05-02T16:10:24","guid":{"rendered":"https:\/\/www.palada.net\/index.php\/2024\/05\/02\/news-18162\/"},"modified":"2024-05-02T08:10:24","modified_gmt":"2024-05-02T16:10:24","slug":"news-18162","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2024\/05\/02\/news-18162\/","title":{"rendered":"Watch out for tech support scams lurking in sponsored search results"},"content":{"rendered":"\n

This blog post was written based on research carried out by J\u00e9r\u00f4me Segura.<\/em><\/p>\n

A campaign using sponsored search results is targeting home users and taking them to tech support scams.<\/p>\n

Sponsored search results are the ones that are listed at the top of search results and are labelled “Sponsored”. They’re often ads that are taken out by brands who want to get people to click through to their website. In the case of malicious sponsored ads, scammers tend to outbid the brands in order to be listed as the first search result.<\/p>\n

The criminals that buy the ads will go as far as displaying the official brand\u2019s website within the ad snippet, making it hard for an unsuspecting visitor to notice a difference.<\/p>\n

Who would, for example, be able to spot that the below ad for CNN is not legitimate. You\u2019ll have to click on the three dots (in front of where we added malicious ad) and look at the advertiser information to see that it\u2019s not the legitimate owner of the brand.<\/p>\n

\"fake<\/figure>\n

Only then it becomes apparent that the real advertiser is not CNN, but instead a company called Yojoy Network Technology Co., Limited.<\/p>\n

\"Google<\/figure>\n

Below, you can see another fake advertisement by the same advertiser, this time impersonating Amazon.<\/p>\n

\"Another<\/figure>\n

In our example, the scammers failed to use the correct CNN or Amazon icons, but in other cases (like another recent discovery by Jerome Segura<\/a>), scammers have even used the correct icon.<\/p>\n

\"fake<\/figure>\n

The systems of the people that click one of these links are likely to assessed on what the most profitable follow-up is (using a method called fingerprinting). For systems running Windows, we found visitors are redirected to tech support scam websites such as this one.<\/p>\n

\"Typical<\/figure>\n

Tech Support Scam site telling the visitor to call 1-844-476-5780 <\/em><\/p>\n

You undoubtedly know the type. Endless pop-ups, soundbites, and prompts telling the visitor that they should urgently call the displayed number to free their system of alleged malware.<\/p>\n

These tech support scammers<\/a> will impersonate legitimate software companies (i.e. Microsoft) and charge their victims hundreds or even thousands of dollars for completely bogus malware removal.<\/p>\n

Getting help if you have been scammed<\/h2>\n

Getting scammed is one of the worst feelings to experience. In many ways, you may feel like you have been violated and angry to have let your guard down. Perhaps you are even shocked and scared, and don\u2019t really know what to do now. The following tips will hopefully provide you with some guidance.<\/p>\n

If you’ve already let the scammers in<\/strong><\/p>\n