• About Us
  • Contact
  • Careers
  • Send Us a Tip
Menu
  • About Us
  • Contact
  • Careers
  • Send Us a Tip
CyberNews logo
Newsletter
  • Home
  • News
  • Editorial
  • Security
  • Privacy
  • Resources
Menu
  • Home
  • News
  • Editorial
  • Security
  • Privacy
  • Resources
CyberNews logo

Home » Security » One in ten shopping ads promoted on Google potentially lead to phishing sites

One in ten shopping ads promoted on Google potentially lead to phishing sites

by Edvardas Mikalauskas
28 December 2020
in Security
1
Potentially unsafe ads promoted on Google
62
SHARES

With the holiday shopping season in full swing, millions of users are hunting for the best deals online. However, many don’t realize that the amazing deal they just found on Google is actually too good to be true.

When you search for something on Google, certain results will be shown in top positions organically because their content is considered relevant or useful. Other results, however, will surface to the top as ads because an advertiser has paid Google to promote them. 

Unfortunately, not all Google ads are created by legitimate advertisers. Some are made by cybercriminals. Such ads will lead users to malicious phishing websites where they can be tricked into buying counterfeit or unsafe products, fall victim to financial scams, or worse.

Graphical user interface, application  Description automatically generated

(Image: Potentially untrustworthy counterfeit website promoted on Google)

In light of this, we at CyberNews wanted to see whether Google ads that promote online sales are safe for shoppers to click. To do this, our Investigation team examined 692 Google ads related to Black Friday and Cyber Monday (BF/CM) promotions and analyzed the domains that these ads were promoting. We then assessed the safety of these domains based on three criteria: domain age, blacklist status, and Website Trust Score.

What we discovered was eye-opening: 10% of the Google ads we analyzed potentially lead to malicious phishing websites, where cybercriminals could lure users in order to steal their money and personal data.

You’d think that every single ad you see on Google undergoes a proper security check to ensure it’s not promoting an unsafe website. Sadly, it seems that this isn’t necessarily the case.

About this investigation

In order to carry out this investigation, we searched for 3,000 keywords related to BF/CM sales on Google. From the search results, we gathered a list of the top 692 domains that were actively promoted (i.e. labeled as “ads” and shown on top of the search results pages) via the Google Ads service from November 23 to November 30, 2020.

We then examined their domain age, calculated their Website Trust Score using the APIVoid service, and checked if these domains were listed on any threat databases like URLVir and ThreatLog.

What were we looking at?

To assess whether the domains that promoted BF/CM sales on Google were safe, we looked at three main criteria: domain age, blacklist status, and Website Trust Score.

Domain age

A 2019 study by Palo Alto Networks shows that most newly created domains “are known to be favored by threat actors to launch malicious campaigns.” This is because most malicious websites live for mere weeks, days, or even hours before being reported or detected and taken down by security vendors. 

For this reason, we looked at domain age as one of the primary indicators of whether a website is trustworthy. We consider as suspicious and potentially unsafe any website created less than 60 days prior to the Black Friday weekend.

Blacklist status 

Domains and IP addresses that have been flagged by security vendors as sources of spam, phishing attacks, or malicious content are usually logged on malicious domain databases, also known as domain blacklists. If a website is listed on one of these threat databases, users either receive warnings about its content, or can no longer directly access the site altogether. Needless to say, being listed on a reputable threat database is a huge red flag.

With that in mind, we ran our list of 692 domains through multiple reputable threat databases such as URLVir, ThreatLog, OpenPhish, and many others to see if any have been blacklisted as malicious.

Website Trust Score 

As our final metric, we used one of the most comprehensive domain trust analysis services to gauge whether the domains on our list were safe: the Website Trust Score rating system by APIVoid. The Website Trust Score is calculated based on the results of APIVoid’s numerous domain security checks, including HTTPS support, email configuration, domain location, directory listing, Top Level Domain (TLD) abuse, blacklisting, domain recency, and much more. 

In other words, if a website’s Trust Score is low, it’s probably less than reputable.

Note: The exact method of calculating the Website Trust Score is not public because disclosing it would make it far easier for malicious actors to work around APIVoid’s security checks.

What did we find?

Here’s what we found when we analyzed 692 promoted shopping domains for trustworthiness:

As we can see, at least 10% of domains that promoted BF/CA deals on Google in the last week of November can be deemed potentially unsafe, possibly leading users to malicious websites teeming with phishing hooks, malware, or other nasty surprises. Another 10.5%, while relatively trustworthy from a technical standpoint, could nonetheless have (minor) misconfigurations. Even blacklisted websites were found to actively run fake promotions.

This is a surprisingly high percentage of potentially unsafe domains that we did not expect to witness on a platform as prominent as Google.

Admittedly, in rare cases, a domain can be classified as untrustworthy due to unintentional misconfigurations. Nevertheless, a poorly configured website is still a threat to users. And when one in five ads on Google leads to potentially unsafe websites, using the search engine itself can become a dangerous lottery, especially during the shopping season.

Why is this still a problem?

When searching for a product or service on Google, many users simply click the first search result they see. Some don’t even know (or care) whether the actual link they click on is a search result or an ad. This is why phishers are so fond of placing fake ads: the average users’ lack of attention or patience, and Google’s apparent lack of effective security checks, make their work that much easier.

Therefore, we can’t help but place at least some part of the blame for this situation on Google.

Tech giants like Google earn billions from advertising every year. Is putting more resources into preventing cybercriminals from abusing consumers too much to ask?

To avoid cases like this, Google should review threat databases in real-time and prevent bad actors from using its platform to promote malicious websites with impunity. Before that happens, more people will fall for fake ads hiding in plain sight, only to lose their personal data and money to cybercriminals, again and again.

Meanwhile, if you’re an online shopper, here are our basic recommendations for avoiding phishing websites: 

  • Have a quality antivirus installed
  • Click with caution
  • If it looks too good to be true, it probably is
  • Only shop at legitimate online retailers
  • Use payment processors that offer strong buyer protection
Share62TweetShareShare

Related Posts

The satellite-hacker’s guide to the space industry: don’t panic (yet)

The satellite-hacker’s guide to the space industry: don’t panic (yet)

27 January 2021
Man in front of multiple computers

North Korea has been targeting threat researchers

27 January 2021
Teespring data leaked on hacker forum

8+ million Teespring user records leaked on hacker forum

25 January 2021
Covid-19 vaccine

Covid vaccines are now an excuse to launch phishing attacks

22 January 2021
Next Post
drone

U.S. to allow small drones to fly over people and at night

Comments 1
  1. Yotam says:
    4 weeks ago

    Hi Cybernews

    Did you approach Google with these findings?
    Did they have anything to comment on this?

    Reply
Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

I agree to the Terms & Conditions and Privacy Policy.

Popular News

  • 70TB of Parler users’ messages, videos, and posts leaked by security researchers

    70TB of Parler users’ messages, videos, and posts leaked by security researchers

    83053 shares
    Share 83043 Tweet 0
  • The ultimate guide to safe and anonymous online payment methods in 2021

    13 shares
    Share 13 Tweet 0
  • 8 best cybersecurity podcasts for 2021

    56 shares
    Share 56 Tweet 0
  • Best alternatives to Gmail to protect your privacy

    481 shares
    Share 481 Tweet 0
  • Walmart-exclusive router and others sold on Amazon & eBay contain hidden backdoors to control devices

    13365 shares
    Share 13361 Tweet 0
Wall Street vs Main Street fight quashes hedge funds as GameStop keeps rallying

Wall Street vs Main Street fight quashes hedge funds as GameStop keeps rallying

27 January 2021
Google to stop using Apple tool to track iPhone users, avoiding new pop-up warning

Google to stop using Apple tool to track iPhone users, avoiding new pop-up warning

27 January 2021

‘World’s most dangerous malware’ Emotet disrupted

27 January 2021
The satellite-hacker’s guide to the space industry: don’t panic (yet)

The satellite-hacker’s guide to the space industry: don’t panic (yet)

27 January 2021
Man in front of multiple computers

North Korea has been targeting threat researchers

27 January 2021
GameStop extends Reddit driven hyper-rally after Musk tweet

GameStop extends Reddit driven hyper-rally after Musk tweet

27 January 2021
Newsletter

Subscribe for security tips and CyberNews updates.

Email address is required. Provided email address is not valid. You have been successfully subscribed to our newsletter!
Categories
  • News
  • Editorial
  • Security
  • Privacy
  • Resources
  • VPNs
  • Password Managers
  • Secure Email Providers
  • Antivirus Software Reviews
Tools
  • Personal data leak checker
  • Strong password generator
About Us

We aim to provide you with the latest tech news, product reviews, and analysis that should guide you through the ever-expanding land of technology.

Careers

We are hiring.

  • About Us
  • Contact
  • Send Us a Tip
  • Privacy Policy
  • Terms & Conditions
  • Vulnerability Disclosure

© 2021 CyberNews

This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy Policy.

Home

News

Editorial

Security

Privacy

Resources

  • About Us
  • Contact
  • Careers
  • Send Us a Tip

© 2020 CyberNews – Latest tech news, product reviews, and analyses.

Subscribe for Security Tips and CyberNews Updates
Email address is required. Provided email address is not valid. You have been successfully subscribed to our newsletter!