Ever search on Google? If you do you’ve often seen how ads can ads can show up at the very top of the results, clearly marked with a tiny green square that says “Ad” on it.
On Wednesday, when users searched “Amazon” (which happens to be the most-searched retailer on Google), something that looked like an ad for Amazon appeared at the top of the list. But, as ZDNet’s Zack Whittaker discovered, it was a fake. If you clicked on the ad, rather than taking you to Amazon, it would take you to an “alert” page that says there is something very wrong with your operating system. The ad would detect whether your computer was a PC or a Mac and provide either a scary Windows alert or a scary Mac alert as appropriate. In some cases, if you then tried to close the page, it would freeze your browser, and possibly your computer.
The good news is that, as fake ads go, this one seems to have been relatively benign. Rather than infect your computer with malware (as some fake ads do if you click on them) this one simply tried to compel users to call a supposed Microsoft or Apple number for support. Even if you clicked on the ad, if you didn’t call that number, you’re probably safe.
The bad news is that this ad got through Google’s ad-verifying security systems, even though they were smart enough to stop 1.7 billion bad ads last year, according to Google’s blog. Of course, some of those ads were simply for products Google doesn’t accept ads for, such as payday loans and illegal gambling, but the company says it took down 900,000 ads that led to sites containing malware as well.
The algorithms that bring a website that isn’t an ad to the top of your Google search results are complex, and the company does not divulge their full details. But one element that drives high search ranking is inbound links from other sites, making it unlikely that a scam website could be ranked among your non-ad top search results. Ads are different, though, since advertisers pay for search ranking and can sometimes buy their way to the top. Obviously, if the company pulled down 1.7 billion bad ads, Google is pretty good at finding these. But as these events illustrate, once in a while something bad can slip through. Common sense suggests a few simple precautions:
1. If you have the choice between a non-ad and an ad, pick the non-ad site.
Let’s say you search “Macy’s” and both an ad for Macy’s and a Macy’s website that isn’t an ad show up at the top of your results. Clicking the non-ad Macy’s is likelier to get you the store’s home page, assuming that’s what you want.
This is particularly important if you’re planning to download software from a site you’re searching. One time I made the mistake of clicking on an ad, trying to download a browser, and the website I went to (which looked like a legit company website) attempted to sneak several types of unwanted software onto my computer, along with the browser I was looking for.
2. Float your cursor over a link before you click.
In most major browsers, if you place your cursor on a link but don’t click it, a preview of the URL will appear somewhere at the bottom of the browser window. Using this technique will often allow you to see what web page you’ll actually be sent to if you click. This isn’t a foolproof check, though. The creators of the fake Amazon ad apparently managed to make the destination look like a real Amazon page.
3. Read the page description attentively.
Google search results come with a bit of text about each page, put there by whoever created it. Before you click on an ad, make sure to read that description. It may not alert you if there’s a problem, but then again it could. For reasons known only to them, online scammers are notoriously bad spellers and apparently never bother to use spell check, so there’s a decent chance that a spelling or grammatical error might show up in the description of a fake ad. In this case, there were no such errors, but the ad said Amazon was “100% safe” and I have never seen the company describe itself that way in any of its real ads.
The fake Amazon ad on Google has been taken down, and Google told ZDNet that it does not comment on individual ads. However, the scam website that the ad linked to is still active, which suggests that the scammers may have more fake advertising planned. Or possibly someone else is planning something worse, such as an ad linking to a web page that will infect your computer with malware if you click on it. Either way, it’s smart to be careful.
The opinions expressed here by Inc.com columnists are their own, not those of Inc.com.