Given how lucrative online crime can be, it probably isn't surprising that internet scammers continue to develop clever new ways of finding new victims.
One of the latest: Google AdWords.
According to InternetNews, scammers are purchasing legitimate-looking AdWords campaigns and using them to redirect searchers who click on those ads to malicious websites. Some contain viruses and trojans that have been designed to avoid detection by anti-virus programs. Some of these malicious websites even employ 'scareware' to trick victims into believing that they're providing anti-virus software.
One might think that this type of abuse of AdWords would be easy for Google to thwart but that appears not to be the case.
According to Ryan Sherstobitoff of anti-virus vendor Panda Software, "If you do a Google search using the term free antivirus 2009, all the sponsored links point back towards scareware. Now, instead of stealing your banking information, these spammers infect your PC and make you pay for the fake anti-malware immediately."
Making matters worse, traffic management applications are used to help scammers avoid detection. When someone clicks on a scammer's AdWords ad, for instance, sometimes they'll be redirected to a legitimate website. Thus, even if Google receives a complaint, it might not immediately be able to confirm the complaint.
While the sophistication and ingenuity of online scammers isn't surprising, the threat from the abuse of paid search ads is disturbing. If abuse becomes too widespread, these ads could lose their effectiveness, especially amongst those who have a bad experience and in turn become more hesitant to click on a paid ad. Fighting this scourge should be a priority for Google (and any other search providers who provide paid ads).
Additionally, I think it highlights that vigilance SEMs need to have in monitoring their own campaigns. With scammers already copying whole websites and setting up phantom stores to steal from people, I can't help but think that a similar technique might eventually be employed with these AdWords scams.
It's a dangerous online world out there.
Patricio Robles is a tech reporter at Econsultancy. Follow him on Twitter.
Recommended reports
SEMPO State of Search Marketing Report 2011
The State of Search Marketing Report 2011, published by Econsultancy in association with SEMPO, looks in-depth at how companies are using paid search, search engine optimization (natural search) and social media marketing. The report, which also contains a marketplace valuation, has been compiled from a survey of more than 900 global respondents, from both companies (client-side advertisers) and agencies. The report looks closely at current practices and emerging trends across paid search and SEO, alongside their relationship with social media.
Alternatively, see our Paid Search Agencies Buyer’s Guide or UK Search Engine Marketing Benchmark Report.
8:46AM on 26th January 2009
As the article you link to points out, Google does not allow redirects on Adwords ads, so I wonder how these accounts are being allowed to run? Strange.
3:25PM on 26th January 2009
Yes, trust is going to be a huge problem, but the issues have been around for a long time. The adverts themselves have been known to spread malware directly too:
September 2007
Ad-based Trojan hits MySpace, Bebo and others
http://www.vnunet.com/vnunet/news/2198466/advert-trojan-dogs-myspace-bebo
And it's not impossible that user's are also seeing fake adverts:
December 2005
Trojan Horse program that targets Google Adsense ads has been detected by an Indian Web publisher
http://www.techshout.com/internet/2005/27/a-trojan-horse-program-that-targets-google-ads-has-been-detected-by-an-indian-web-publisher/
As you say, monitor your own campaigns very carefully... and avoid having any third-party content on your own site if at all if possible, and certainly not on any pages that contain sensitive information.
SirBigWig: I think 'redirected to' should perhaps have been 'click through to' in the text?
8:42AM on 28th January 2009
Topical update:
27 Jan 2009
Google Video search results poisoned to serve malware
http://blogs.zdnet.com/security/?p=2433
11:52AM on 28th January 2009
Hello,
It's good to see google has commented on the mistakes rather than simply to hush it up.
That said" live free sex move " seem like sometihing rargeted at an uneducated person, who doesn't know abut torrent trackers ?
6:19PM on 14th February 2011
I had never heard about this, but basically I know full well that any time an ad has the chance to load, it can have the potential to be malicious and travel to your computer by way of your browser. The redirect virus is a fine example of this http://www.squidoo.com/google-redirect-virus-removalz
3:20AM on 27th June 2011
I can't get my ad put through Adwords but these idiots can?