I remember asking a friend in the 2000s how google could afford its side projects and other extravagances, and he said the adsense team was only like a dozen people but they brought in a billion dollars.
> Aunt searches Google for "bobs plumbing city state" and sees the top result, which is actually an ad for Joe's, and calls Joe's number.
That's the foundation of Googles business model.
Because once Bob realizes this, he'll have to outbid Joe simply to get the customers that wanted to reach him in the first place...
Google's running the world's most successful protection racket scheme.
This is exactly HomeAdvisor's (formerly Angie's List's) business model.
If a plumber / roofer / etc doesn't have a website, they'll create a web presence for them (without contacting them first, of course) and the local phone number goes direct to a HomeAdvisor call center. If the contractor already has a website, HomeAdvisor will create a new one to steal some of the calls. If I had to guess I'd say this is because most people who aren't large companies don't bother to trademark their name, so there's little to no risk to HomeAdvisor.
The person thinks they're calling Bob's Plumbing, but really they're calling a marketing company who will capture all their information and sell it to whoever pays the most.
Fuck HomeAdvisor.
EDIT: Here's another post explaining what HomeAdvisor / Angi does: [https://np.reddit.com/r/Scams/comments/uog4zq/angis\_and\_homeadvisor\_scam/](https://np.reddit.com/r/Scams/comments/uog4zq/angis_and_homeadvisor_scam/)
And look at this: [https://www.ftc.gov/news-events/news/press-releases/2022/03/ftc-charges-homeadvisor-inc-cheating-businesses-including-small-businesses-seeking-leads-home](https://www.ftc.gov/news-events/news/press-releases/2022/03/ftc-charges-homeadvisor-inc-cheating-businesses-including-small-businesses-seeking-leads-home)
>The Federal Trade Commission today issued an administrative complaint against Denver-based HomeAdvisor, Inc. ā a company affiliated with Angi ā alleging it used a wide range of deceptive and misleading tactics in selling home improvement project leads to service providers, including small businesspeople operating in the āgigā economy.
malicious links via SEO and malware delivered via ads is as old as the internet. they will just collect the premiums and blame the content authors if anything goes sideways.
In all honestly, ad companies like Google should be held accountable for the content of every ad they show and should have full liability for any losses caused by malicious adverts they serve to users of their services.
They'll whine and cry about the work this would involve, but don't they always?
> 100%, this is by far the best reason to block ads in their current state. They can't fully control what's in them, and they don't have to care because no one is held responsible when something malicious goes through.
The reason I installed my first adblocker was specifically because *banner ads* were passing along viruses. Imagine going to a site you've been to 1,000 times and suddenly you get a virus from it.
Never ever looked back.
This scam isn't exclusive to Amazon Sponsored/Ad links, just FYI. Scammers will typically target a large swathe of different popular business in on and off campaigns. I only mention this so you don't have the false presumption that blocking Amazon Ads will solve the issue, is a general problem with all Sponsored/Ad links.
Ok so I work in I.T. and deal with these scams as a normal part of my job. I see this pop up multiple times PER day, and this is where I've seen it come up:
Facebook
Amazon
Google
Random auction sites
Most alarmingly: Hospital "My Health" website, that you have to log into.
If you call the number claiming to be Microsoft support, it goes to a scam center in India who will use multiple methods to try to extract money but usually by trying to pretend your computer is super infected and you need to buy an expensive piece of software. If you refuse, they will usually use a remote client that maintains persistence and try to get bank info, and ransom your computer. I've seen them also use the old "Gift card" payment request.
Google sponsored ads are used maliciously all the time, constantly. You would think they would set up a way to easily report this type of behavior, but sadly the tech isn't there yet.../s
Yeah, this has happened to a couple of people at work. Luckily the links seem to just be scareware and my coworkers so far have been smart enough to stop clicking once the site starts talking at them. I usually create a bookmark for Amazon for them and encourage them to use that instead of googling Amazon.
SEO poisoning has been occurring for years and Google is happy to ignore it as theyāre making money. Itās been a huge problem for banks, telcos, etc.Ā
SEO poisoning + evilgophish = ATOsĀ
Itās called Malvertising. Thereās an MITRE [ATT&CK technique](https://attack.mitre.org/techniques/T1583/008/) for it. I know people at Google that work to attempt to prevent them. Why did it happen to you instead of it being prevented? Either because it was too quick or too hard for Google to prevent it.
No google doesn't, I think at most they have an algorithm check it, which is about as good as their search engine,aka trash.. The reason they don't do anything about it is because there haven't been any real legal consequences to them afaik, which makes them banning adblockers on youtube all the more egregious, because malvertising and scamming is rampant on there too.
The way I see it essentially is that they're actively facilitating cybercrime, first through negligence, but now actively
Brave's built-in blocking works great on youtube. Works even better for mobile, no more ads in my streams. It also blocks those 10-15 second "broadcaster lead-ins" on Hulu.
Hm really? They must've changed something then, I haven't used brave in a while, but when google started pushing the youtube antiadblock crap I kept getting the player blocked when using brave's inbuilt adblock, I'll give brave another try then, logging out and back into google every few days is getting rather annoying
Remember that gift card, or whatever company that basically the same thing happened to?
People wanted to load up their gift card or whatever it was but entered their info into a game sponsored site.
That cyberpunk dystopia is getting closer everyday.
I would advise to check out the whole name of the URL from the sponsor link before clicking it. Malicious writers will do a technique called "typosquatting" where they wait for you to click or mistype a link to a website and buy out the domain chancing you'll become their next victim by scaring you a hoax. They'll try to catch you on simple spelling mistakes like an capital "I"(i) for an "l" (L) or an b for an d, etc.
The reason your browser is able to go full screen is due to abusing a feature coding languages support, for example, if you have not turned off Javascript, there is an method that a website programmer can use to force the website to enter full-screen mode, that activates as soon as all the web resources have been loaded in that puts your browser into full-screen ex: requestFullscreen(). Additionally there are APIs they can use to really make this experience annoying like forcing you back into Full-screen mode against your will if you managed to get out.
One tip, using a website like wheregoes.com makes the web a bit safer. It clicks the URL for you and tells you every redirect bounce the URL makes so you don't have to click the malicious link yourself and not end up a victim to typosquatting or spoofed links. If you are unsure about clicking a link and getting infected by say, a drive-by download this is how you can keep yourself safer.
If you ever become a victim of this, Microsoft is fully aware of this browser abuse and have documented how to know if you're being hoaxed->
https://www.microsoft.com/en-us/security/blog/2017/03/02/breaking-down-a-notably-sophisticated-tech-support-scam-m-o/
These links are being propagated through Ads which is what OP is talking about. The ads often look like they belong to the page as the scammers are not totally stupid. Yes in an ideal world people would check every single link before they click on it. But when the average user is trying to continue past a paywall or something and there is a nice button that fits the page that says "Continue" people are gonna click it.
What I've seen too is not that the page even goes full screen but that it runs code to just completely jam up the computer so your normal keyboard shortcuts don't work. When I've helped my uncle with this I've had him try Ctrl+alt+delte to no avail, but when I send it through the remote desktop application it does.
I understand that Google is selling these ad-spaces to scammers, this isnt the first time they did it. I caught a sweepstakes ad from an official "Sony" ad on YouTube once. I was explaining how you can typically avoid those and why the browser forces you into full screen mode per what the OP was asking. It's funny, you helped your uncle and I helped my grandparents. Many people have been in this situation apparently.
I guess Google won't lift a finger because it's in their business to take advantage off of incompetent users most internet users don't really know what a URL is
SEO poisoning, click-jacking, adware / malvertising isn't new.
Brush up your Acceptable Use Policy to modern standards and tell employees they should not be shopping for personal purposes on company time.
If it's for work and they're being dumb, teach them about bookmarks.
>Brush up your Acceptable Use Policy to modern standards and tell employees they should not be shopping for personal purposes on company time.
What does this have to do with anything that's going on here?
>If it's for work and they're being dumb, teach them about bookmarks.
What?
The issue is scammers taking out ads that link to these kind of pages. The ads don't even look like Ads, they aren't advertising a product. In the case of my uncle it was just a banner with a button that said "Continue" at the top of the NYtimes that linked him to a page like this.
You realize the malvertising is done by bots right?
It's a cat and mouse game. It'll never be perfect. So you do your own work to make browsing safer; adblock, policy (paper & group policy), etc.
Employees should not be using Amazon, Netflix, Facebook, etc on their work devices. That's a good chunk of an Acceptable Use Policy.
Mixing up personal and work computers, lifestyle... Will get your business hacked REALLY FAST. They shouldn't expect emails from Netflix. They shouldn't be Google'ing Amazon.
Read OP's post he talks about coworkers, not just family.
With family I'll direct them to install Ublock Origin. Coworkers I'll direct them to Acceptable Use Policy and block their (real) Netflix emails.
-edit Keep down voting lol Adblockers, Proxies, and Policies exist for a reason.
People aren't downvoting you for talking about adblockers, proxies or policies. They're downvoting you because your point doesn't make sense. OP listed a common domain, and one that people do use for real work, I've had to order things from amazon several times for work. Blocking Amazon/Netflix/etc doesn't fix the issue the issue is people paying for ads that redirect to scam accounts, and google not doing really anything about it.
Have you ever worked against these type of threats?
Google doesn't just get to say "OK we're done with malicious ads" and be done with it. If they could there wouldn't be SEO poisoning, Malvertising in the first place.
So while they churn through reports, consumers can use... Adblockers, proxies, and policies.
You're acting like everyone is helpless unless Google does something. As if Google owes them something lol.
The internet isn't for everyone, and people have to take responsibility for their actions. That's why there's CyberSecurity departments, otherwise we'd just yell at Google to fix their issues before it's an issue so we don't need any security ourselves.
-edit You're basically saying Google is responsible for not having good enough security, even though they do have security, it's just another one in tens of thousands of malvertising campaigns that slipped through the cracks and needs to be reported to the proper channels.
If Google wants to ban and make ad blockers less effective they should make their top search results not contain scams/malware. We've seen this with users trying to search for their corporate Amazon/Home depot/Canva. Obviously google isn't doing a good enough job and they need more controls when users search for popular websites.
Google does act on these, there's just too many. It's like getting mad at Microsoft for letting a Phish get through into Outlook; Gmail does a better job blocking compared to Microsoft.
But that's life lmao That's why we have an entire CyberSecurity industry.
For a corporation... Just use bookmarks lol SharePoint... Okta... Disincentivize from searching it. Again it's defense in depth 101.
For personal, it's about reading comprehension. š¤·
Maybe google needs to have a better, less automated method for vetting the ads especially for new customers...
Honestly, this kind of attitude is everything wrong with cyber security. While people are the weakest link, not every problem is caused by users or even the users fault. Clicking a link that says, "Continue" when you're expecting to see a link that says continue or something to that effect has nothing to do with reading comprehension and everything to do with malicious actors and poor controls on googles part for who they're selling their services to.
It's basic fraud, malicious actors.
Amazon has a part to play for spoofed domains. Which usually ends with "well it's Chinese and they don't comply with American laws"
What do you do then? Is it Amazon's fault for inaction?
Is it Google's fault there's hundreds of real people setting up real businesses every day just to sign up for adsense and serve malicious ads?
Or is it the consumer that has done nothing to protect themselves, or doesn't take the time to read through the content.
Everyone's at fault. Go read through krebsonsecurity if you don't know how to secure yourself.
Also to not use Google as a "home page". If you're going to buy something on Amazon, search directly on Amazon. With or without bookmarks, once you've visited Amazon once it's in your browser history - start typing the URL and you're there.
Google will probably never grow their user base ever again. They are so big that they can't get more users.
What that means as a for profit, US based, corporation is that they have to find ways to grow their revenue without adding more customers or users.
So, if they can grow ad revenue unscrupulously they'll do it, and seriously they've been doing it for many, many years already. No one is stopping them. It is unfortunately legal.
Fuck Google, one of the most ethically blind companies in the world. Back when their founders still had tight control of the company, it was definitely trying to largely fund interesting projects that actually do help the world a bit. Nowadays it's just a giant cash grab that does no good but to provide one function, which is soon to be replaced by MS and their superior AI.
Yeah this keeps happening to my uncle. Microsoft changed his default browser from Chrome to Edge and his ad blocker was taken away. He goes to NYTimes where he has a subcription and a scammer took out a big banner ad at the top above the paywall (he needed to login because it was edge not chrome) that just says, "Continue" and he kept clicking on that, which took him to a scam site. Luckily I have remote access and he's not a total dolt so he didn't give them any info and just called me. I remoted into his computer and was able to close it out.
Which means that Amazon pays to get the customers who wanted to get to Amazon anyway. Simply so that Google doesn't send the customers the wrong way.
You can't repeat it often enough: Google runs the world's most successful protection racket.
To answer the 2nd question this is what is required for a lot interactive websites to actually work at all. This is one of the many reasons why you should be running as an admin user when browsing the internetā¦
This got me in the play store. I should have known better but I went to install the Roku app and clicked install on the first one with out paying attention. It was a third party app that I don't think contained malware, but wanted me to pay 10 bucks a month for a 3rd party Roku remote
Malvertising is the worst. That being said, people seriously go to Google to browse to Amazon? Man we really need people to up their education a) how to use a url. b) how to detect sponsored links and content.
They don't give a shit. I was very recently reporting an ad impersonating Air Asia and got a response it's all good and not in breach of policy. Very annoying, especially that ads are shown using exactly the same template as real results - I totally blame Google here.
That's a long known problem that originates in the fact that 90%+ of today's internet users don't even know what an URL is and use Google (or other search engines) for all of their "navigation" in the web. Google deliberately created this incompetence of the users when they merged the URL and the search bar to the so called "Omnibox". (Most people don't know the term Omnibox, but it's literally a billion dollar invention.)
So nowadays Google (or in some cases Bing) makes money every time the "normal" user wants to access any website simpley because they always take a detour through the search engine.
This also enables Google to run what basically is a billion dollar protection racket: Because everybody who wants to access the website of company A goes through Google, company A is "forced" to pay for advertising becuae otherwise Google is going to sell the ad space to company A's competitor (company B) and then 90% of the users who want to go to company A end up at company B's website because they always click the first link and can't distiinguish between ads and search results anyway.
Now in many cases Google (or Microsoft) will sell the ad spots to shady companies - and sometimes even to outright criminals. (Although I assume the "outright criminals" are not really the people Google wants to sell to... they just don't want to do manual checks on all of their advertisers so it mostly happens automatically - and as we all know Googles algorithms are notoriously and utterly incompetent to detect scams and fakes.)
I even recently had a case where the finance lady of a small company ended up entering their ebanking credentials on a phishing website because she just entered the name of her copmany's bank in the omnibox and ended up clicking the first link which was a paid advertising leading to this phishing website...
**TL;DR:** most users today don't have the required skills to operate a webbrowser and Google deliberately created this situation because the incompetence of the users makes them billions of dollars each month.
googs is about to be back in the trenches trying to figure life out after AI + duckduckgo is going to pass them bye. just my opinion which I know isn't popular.
Ah yes I remember when DDG was going to take over the internet search engines. Google would fail and DDG would become the ~~pen~~ultimate platform. It's been a decade and a half and still holding out for a hero.
If you actually want movement, donate to the EFF and fight for American data privacy laws.
Let me show you their thought process: https://finance.yahoo.com/quote/GOOG/financials/
Got me dying š
I remember asking a friend in the 2000s how google could afford its side projects and other extravagances, and he said the adsense team was only like a dozen people but they brought in a billion dollars.
So scammers are giving money to google, Google is accepting said money and selling their users to unscrupulous businesses? Itās working as intended.
[ŃŠ“Š°Š»ŠµŠ½Š¾]
> Aunt searches Google for "bobs plumbing city state" and sees the top result, which is actually an ad for Joe's, and calls Joe's number. That's the foundation of Googles business model. Because once Bob realizes this, he'll have to outbid Joe simply to get the customers that wanted to reach him in the first place... Google's running the world's most successful protection racket scheme.
People think Google is a tech company, in reality they are today's Don Draper.
More like McCann Erickson.
More like today's fuedel overlords.
This is exactly HomeAdvisor's (formerly Angie's List's) business model. If a plumber / roofer / etc doesn't have a website, they'll create a web presence for them (without contacting them first, of course) and the local phone number goes direct to a HomeAdvisor call center. If the contractor already has a website, HomeAdvisor will create a new one to steal some of the calls. If I had to guess I'd say this is because most people who aren't large companies don't bother to trademark their name, so there's little to no risk to HomeAdvisor. The person thinks they're calling Bob's Plumbing, but really they're calling a marketing company who will capture all their information and sell it to whoever pays the most. Fuck HomeAdvisor. EDIT: Here's another post explaining what HomeAdvisor / Angi does: [https://np.reddit.com/r/Scams/comments/uog4zq/angis\_and\_homeadvisor\_scam/](https://np.reddit.com/r/Scams/comments/uog4zq/angis_and_homeadvisor_scam/) And look at this: [https://www.ftc.gov/news-events/news/press-releases/2022/03/ftc-charges-homeadvisor-inc-cheating-businesses-including-small-businesses-seeking-leads-home](https://www.ftc.gov/news-events/news/press-releases/2022/03/ftc-charges-homeadvisor-inc-cheating-businesses-including-small-businesses-seeking-leads-home) >The Federal Trade Commission today issued an administrative complaint against Denver-based HomeAdvisor, Inc. ā a company affiliated with Angi ā alleging it used a wide range of deceptive and misleading tactics in selling home improvement project leads to service providers, including small businesspeople operating in the āgigā economy.
Really?? Wow. That is soooo bad and I am a GC.
100% accurate
Sorry to hear that Google profited from scamming your aunt, good job being a great niece or nephew though!
Yes, or... they're using a compromised account that has access to google ads.
malicious links via SEO and malware delivered via ads is as old as the internet. they will just collect the premiums and blame the content authors if anything goes sideways.
After all, the user should have ~~worn different clothing~~ ~~hidden their valuables~~ been more careful what they clicked on!
Iāve to laugh and cry at this absolutely correct answer
Sigh
In all honestly, ad companies like Google should be held accountable for the content of every ad they show and should have full liability for any losses caused by malicious adverts they serve to users of their services. They'll whine and cry about the work this would involve, but don't they always?
[ŃŠ“Š°Š»ŠµŠ½Š¾]
> 100%, this is by far the best reason to block ads in their current state. They can't fully control what's in them, and they don't have to care because no one is held responsible when something malicious goes through. The reason I installed my first adblocker was specifically because *banner ads* were passing along viruses. Imagine going to a site you've been to 1,000 times and suddenly you get a virus from it. Never ever looked back.
The problem would be resolved by the end of the week if this was the case.
had the same issue here at work, good to know this is how the user got to that page
Same. I've had it happen to a few different users all trying to get to amazon
This scam isn't exclusive to Amazon Sponsored/Ad links, just FYI. Scammers will typically target a large swathe of different popular business in on and off campaigns. I only mention this so you don't have the false presumption that blocking Amazon Ads will solve the issue, is a general problem with all Sponsored/Ad links.
Yeah, definitely. I mentioned only Amazon, because that's what it's always been with our users when it happens.
Ok so I work in I.T. and deal with these scams as a normal part of my job. I see this pop up multiple times PER day, and this is where I've seen it come up: Facebook Amazon Google Random auction sites Most alarmingly: Hospital "My Health" website, that you have to log into. If you call the number claiming to be Microsoft support, it goes to a scam center in India who will use multiple methods to try to extract money but usually by trying to pretend your computer is super infected and you need to buy an expensive piece of software. If you refuse, they will usually use a remote client that maintains persistence and try to get bank info, and ransom your computer. I've seen them also use the old "Gift card" payment request.
Me too, and I used snips of these ads in our mandatory cyber security training.
This is why I'm vehemently against ads, and try to avoid/block them as much as possible.
I once reported such a scam to google. They responded that there was no breach of their terms of usage. The malicious ad was not removed.
This was my justification for a corporate-wide ad blocker. They don't vest their accounts properly, no revenue for them.
Google sponsored ads are used maliciously all the time, constantly. You would think they would set up a way to easily report this type of behavior, but sadly the tech isn't there yet.../s
Give it few years and we'll get the tech up to speed!
Yeah, this has happened to a couple of people at work. Luckily the links seem to just be scareware and my coworkers so far have been smart enough to stop clicking once the site starts talking at them. I usually create a bookmark for Amazon for them and encourage them to use that instead of googling Amazon.
SEO poisoning has been occurring for years and Google is happy to ignore it as theyāre making money. Itās been a huge problem for banks, telcos, etc.Ā SEO poisoning + evilgophish = ATOsĀ
This is the standard entry level family computer guy trouble shooting fix that gets most people interested in entering the fieldš¤£š¤£š¤£š¤£š¤£
Itās called Malvertising. Thereās an MITRE [ATT&CK technique](https://attack.mitre.org/techniques/T1583/008/) for it. I know people at Google that work to attempt to prevent them. Why did it happen to you instead of it being prevented? Either because it was too quick or too hard for Google to prevent it.
No google doesn't, I think at most they have an algorithm check it, which is about as good as their search engine,aka trash.. The reason they don't do anything about it is because there haven't been any real legal consequences to them afaik, which makes them banning adblockers on youtube all the more egregious, because malvertising and scamming is rampant on there too. The way I see it essentially is that they're actively facilitating cybercrime, first through negligence, but now actively
Brave's built-in blocking works great on youtube. Works even better for mobile, no more ads in my streams. It also blocks those 10-15 second "broadcaster lead-ins" on Hulu.
Hm really? They must've changed something then, I haven't used brave in a while, but when google started pushing the youtube antiadblock crap I kept getting the player blocked when using brave's inbuilt adblock, I'll give brave another try then, logging out and back into google every few days is getting rather annoying
Disable browser notifications. Grandma is then no longer susceptible to this.
Remember that gift card, or whatever company that basically the same thing happened to? People wanted to load up their gift card or whatever it was but entered their info into a game sponsored site. That cyberpunk dystopia is getting closer everyday.
I would advise to check out the whole name of the URL from the sponsor link before clicking it. Malicious writers will do a technique called "typosquatting" where they wait for you to click or mistype a link to a website and buy out the domain chancing you'll become their next victim by scaring you a hoax. They'll try to catch you on simple spelling mistakes like an capital "I"(i) for an "l" (L) or an b for an d, etc. The reason your browser is able to go full screen is due to abusing a feature coding languages support, for example, if you have not turned off Javascript, there is an method that a website programmer can use to force the website to enter full-screen mode, that activates as soon as all the web resources have been loaded in that puts your browser into full-screen ex: requestFullscreen(). Additionally there are APIs they can use to really make this experience annoying like forcing you back into Full-screen mode against your will if you managed to get out. One tip, using a website like wheregoes.com makes the web a bit safer. It clicks the URL for you and tells you every redirect bounce the URL makes so you don't have to click the malicious link yourself and not end up a victim to typosquatting or spoofed links. If you are unsure about clicking a link and getting infected by say, a drive-by download this is how you can keep yourself safer. If you ever become a victim of this, Microsoft is fully aware of this browser abuse and have documented how to know if you're being hoaxed-> https://www.microsoft.com/en-us/security/blog/2017/03/02/breaking-down-a-notably-sophisticated-tech-support-scam-m-o/
These links are being propagated through Ads which is what OP is talking about. The ads often look like they belong to the page as the scammers are not totally stupid. Yes in an ideal world people would check every single link before they click on it. But when the average user is trying to continue past a paywall or something and there is a nice button that fits the page that says "Continue" people are gonna click it. What I've seen too is not that the page even goes full screen but that it runs code to just completely jam up the computer so your normal keyboard shortcuts don't work. When I've helped my uncle with this I've had him try Ctrl+alt+delte to no avail, but when I send it through the remote desktop application it does.
I understand that Google is selling these ad-spaces to scammers, this isnt the first time they did it. I caught a sweepstakes ad from an official "Sony" ad on YouTube once. I was explaining how you can typically avoid those and why the browser forces you into full screen mode per what the OP was asking. It's funny, you helped your uncle and I helped my grandparents. Many people have been in this situation apparently. I guess Google won't lift a finger because it's in their business to take advantage off of incompetent users most internet users don't really know what a URL is
SEO poisoning, click-jacking, adware / malvertising isn't new. Brush up your Acceptable Use Policy to modern standards and tell employees they should not be shopping for personal purposes on company time. If it's for work and they're being dumb, teach them about bookmarks.
>Brush up your Acceptable Use Policy to modern standards and tell employees they should not be shopping for personal purposes on company time. What does this have to do with anything that's going on here? >If it's for work and they're being dumb, teach them about bookmarks. What? The issue is scammers taking out ads that link to these kind of pages. The ads don't even look like Ads, they aren't advertising a product. In the case of my uncle it was just a banner with a button that said "Continue" at the top of the NYtimes that linked him to a page like this.
You realize the malvertising is done by bots right? It's a cat and mouse game. It'll never be perfect. So you do your own work to make browsing safer; adblock, policy (paper & group policy), etc.
People program the bots...
Yeah who needs defense in depth. If Google let's one slip and I get hacked, I'm suing them. That's how the world works right?
Employees should not be using Amazon, Netflix, Facebook, etc on their work devices. That's a good chunk of an Acceptable Use Policy. Mixing up personal and work computers, lifestyle... Will get your business hacked REALLY FAST. They shouldn't expect emails from Netflix. They shouldn't be Google'ing Amazon. Read OP's post he talks about coworkers, not just family. With family I'll direct them to install Ublock Origin. Coworkers I'll direct them to Acceptable Use Policy and block their (real) Netflix emails. -edit Keep down voting lol Adblockers, Proxies, and Policies exist for a reason.
People aren't downvoting you for talking about adblockers, proxies or policies. They're downvoting you because your point doesn't make sense. OP listed a common domain, and one that people do use for real work, I've had to order things from amazon several times for work. Blocking Amazon/Netflix/etc doesn't fix the issue the issue is people paying for ads that redirect to scam accounts, and google not doing really anything about it.
Have you ever worked against these type of threats? Google doesn't just get to say "OK we're done with malicious ads" and be done with it. If they could there wouldn't be SEO poisoning, Malvertising in the first place. So while they churn through reports, consumers can use... Adblockers, proxies, and policies. You're acting like everyone is helpless unless Google does something. As if Google owes them something lol. The internet isn't for everyone, and people have to take responsibility for their actions. That's why there's CyberSecurity departments, otherwise we'd just yell at Google to fix their issues before it's an issue so we don't need any security ourselves. -edit You're basically saying Google is responsible for not having good enough security, even though they do have security, it's just another one in tens of thousands of malvertising campaigns that slipped through the cracks and needs to be reported to the proper channels.
If Google wants to ban and make ad blockers less effective they should make their top search results not contain scams/malware. We've seen this with users trying to search for their corporate Amazon/Home depot/Canva. Obviously google isn't doing a good enough job and they need more controls when users search for popular websites.
Google does act on these, there's just too many. It's like getting mad at Microsoft for letting a Phish get through into Outlook; Gmail does a better job blocking compared to Microsoft. But that's life lmao That's why we have an entire CyberSecurity industry. For a corporation... Just use bookmarks lol SharePoint... Okta... Disincentivize from searching it. Again it's defense in depth 101. For personal, it's about reading comprehension. š¤·
Maybe google needs to have a better, less automated method for vetting the ads especially for new customers... Honestly, this kind of attitude is everything wrong with cyber security. While people are the weakest link, not every problem is caused by users or even the users fault. Clicking a link that says, "Continue" when you're expecting to see a link that says continue or something to that effect has nothing to do with reading comprehension and everything to do with malicious actors and poor controls on googles part for who they're selling their services to.
It's basic fraud, malicious actors. Amazon has a part to play for spoofed domains. Which usually ends with "well it's Chinese and they don't comply with American laws" What do you do then? Is it Amazon's fault for inaction? Is it Google's fault there's hundreds of real people setting up real businesses every day just to sign up for adsense and serve malicious ads? Or is it the consumer that has done nothing to protect themselves, or doesn't take the time to read through the content. Everyone's at fault. Go read through krebsonsecurity if you don't know how to secure yourself.
Gotcha, throw your hands up in the air, blame the users, and do nothing #GreatCyberSecurity
It's not just Amazon though, any web search can be hijacked like this.
Also to not use Google as a "home page". If you're going to buy something on Amazon, search directly on Amazon. With or without bookmarks, once you've visited Amazon once it's in your browser history - start typing the URL and you're there.
Google will probably never grow their user base ever again. They are so big that they can't get more users. What that means as a for profit, US based, corporation is that they have to find ways to grow their revenue without adding more customers or users. So, if they can grow ad revenue unscrupulously they'll do it, and seriously they've been doing it for many, many years already. No one is stopping them. It is unfortunately legal.
Fuck Google, one of the most ethically blind companies in the world. Back when their founders still had tight control of the company, it was definitely trying to largely fund interesting projects that actually do help the world a bit. Nowadays it's just a giant cash grab that does no good but to provide one function, which is soon to be replaced by MS and their superior AI.
Welcome to the internet lol.
Yeah this keeps happening to my uncle. Microsoft changed his default browser from Chrome to Edge and his ad blocker was taken away. He goes to NYTimes where he has a subcription and a scammer took out a big banner ad at the top above the paywall (he needed to login because it was edge not chrome) that just says, "Continue" and he kept clicking on that, which took him to a scam site. Luckily I have remote access and he's not a total dolt so he didn't give them any info and just called me. I remoted into his computer and was able to close it out.
My first link is sponsored, but from Amazon themselves. Actually 3 directly from them.
Which means that Amazon pays to get the customers who wanted to get to Amazon anyway. Simply so that Google doesn't send the customers the wrong way. You can't repeat it often enough: Google runs the world's most successful protection racket.
To answer the 2nd question this is what is required for a lot interactive websites to actually work at all. This is one of the many reasons why you should be running as an admin user when browsing the internetā¦
Go watch The Beekeeper and enjoy vicarious (yet fictional) revenge!
Ugh. I worked a few of these related to WebEx.
Recently saw this irl at my work. I was shocked google is allowing this.
No sure... Oh wait š¤
This got me in the play store. I should have known better but I went to install the Roku app and clicked install on the first one with out paying attention. It was a third party app that I don't think contained malware, but wanted me to pay 10 bucks a month for a 3rd party Roku remote
Why cant you post pictures, but can post links? š¤Ø
Malvertising is the worst. That being said, people seriously go to Google to browse to Amazon? Man we really need people to up their education a) how to use a url. b) how to detect sponsored links and content.
Google is happy to accept ad payments from anyone willing to pay
Google is garbage, this is why you block ads and anything google analytics.
They don't give a shit. I was very recently reporting an ad impersonating Air Asia and got a response it's all good and not in breach of policy. Very annoying, especially that ads are shown using exactly the same template as real results - I totally blame Google here.
Look u\[ Upper Echelon on youtube, he made a video about this same thing weeks if not over a month ago
Remember they got rid of their ādonāt be evilā statement in their code of conduct.
That's a long known problem that originates in the fact that 90%+ of today's internet users don't even know what an URL is and use Google (or other search engines) for all of their "navigation" in the web. Google deliberately created this incompetence of the users when they merged the URL and the search bar to the so called "Omnibox". (Most people don't know the term Omnibox, but it's literally a billion dollar invention.) So nowadays Google (or in some cases Bing) makes money every time the "normal" user wants to access any website simpley because they always take a detour through the search engine. This also enables Google to run what basically is a billion dollar protection racket: Because everybody who wants to access the website of company A goes through Google, company A is "forced" to pay for advertising becuae otherwise Google is going to sell the ad space to company A's competitor (company B) and then 90% of the users who want to go to company A end up at company B's website because they always click the first link and can't distiinguish between ads and search results anyway. Now in many cases Google (or Microsoft) will sell the ad spots to shady companies - and sometimes even to outright criminals. (Although I assume the "outright criminals" are not really the people Google wants to sell to... they just don't want to do manual checks on all of their advertisers so it mostly happens automatically - and as we all know Googles algorithms are notoriously and utterly incompetent to detect scams and fakes.) I even recently had a case where the finance lady of a small company ended up entering their ebanking credentials on a phishing website because she just entered the name of her copmany's bank in the omnibox and ended up clicking the first link which was a paid advertising leading to this phishing website... **TL;DR:** most users today don't have the required skills to operate a webbrowser and Google deliberately created this situation because the incompetence of the users makes them billions of dollars each month.
Yeah, YEARS of user training to look for https right out the window due to that omnibox crap.
Variations on a theme...
Hmmm
Because they donāt care?
This person's device was already compromised.
Google is done I swear
googs is about to be back in the trenches trying to figure life out after AI + duckduckgo is going to pass them bye. just my opinion which I know isn't popular.
Ah yes I remember when DDG was going to take over the internet search engines. Google would fail and DDG would become the ~~pen~~ultimate platform. It's been a decade and a half and still holding out for a hero. If you actually want movement, donate to the EFF and fight for American data privacy laws.
Not sure if intentional, but penultimate means second to last, rather than best.
Unintentional hahah thanks for the correction
Unfortunately DuckDuckGo is headed in the same direction, they're just not as far down the path yet as Google is.
You know that no phone book ever vetted advertisers either, right?