Our website uses cookies

Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing Infosecurity Magazine, you agree to our use of cookies.

Okay, I understand Learn more

Recipe for Disaster as Tech Support Scammers Use Paid Search

Tech support gangs have been spotted using paid search to reel in unsuspecting victims looking for food-related content online, according to Malwarebytes.

The security vendor spotted scammers buying ads for Google and Bing which it said are designed to lure older netizens searching for food recipes.

“This scheme has actually been going on for months and has intensified recently, all the while keeping the same modus operandi,” it said. “Although not overly sophisticated, the threat actors behind it have been able to abuse major ad platforms and hosting providers for several months.”

As paid search entries are displayed at the top of search listings, users are more likely to click through. Doing so took them to specially created food blogs built by the scammers, complete with comments on the various articles.

“However, upon closer inspection, we can see that those sites have basically taken content from various web developer sites offering paid or free HTML templates,” said Malwarebytes.

In the right circumstances, the user is redirected to a browlock, or fake warning page, which is common in tech support scams. It checks for browser and OS and displays a relevant message claiming the user’s machine has been blocked because of a virus alert from Microsoft.

Calling the number, the white hats spoke to tech support scam ‘technicians’ who tried to sell them expensive support packages on the back of the fake AV alert. That company was listed as A2Z Cleaner Pro (AKA Coretel Communications).

Malwarebytes notified Google and Bing about the fraudulent ads and GoDaddy about the fake blogs and reiterated the importance of industry cooperation in tackling the tech support threat.

It’s unclear exactly how widespread the campaign was, but one URL shortening service used by one of the websites revealed over 50,000 hits in a single week in early May, mainly in the US.

What’s Hot on Infosecurity Magazine?