Skip to main content
HashnodeBlog | Drew Skwiers-KoballaBlog | Drew Skwiers-Koballa

Command Palette

Search for a command to run...

Browser-based scam that originates in Google ads

Updated
Browser-based scam that originates in Google ads
D
Drew Skwiers-Koballa
Part of seriesReleased Notes

Source: https://www.malwarebytes.com/blog/news/2025/06/scammers-hijack-websites-of-bank-of-america-netflix-microsoft-and-more-to-insert-fake-phone-number

Google “search results” ads purchased by malicious actors point to the legitimate websites of big name companies, but with use of those websites’ content handling techniques (query strings) to add additional content to the page. You land on the real website, but the search bar is filled with “CALL NOW FOR HELP 1-800-123-4567”

The summary is a bit sensationalized, since “hijack” makes it sound like the malicious actors have complete control of the car. This is more akin to if they’ve just slapped a bumper sticker on it with their information before walking away. Dangerous and bad, still yes.

Technically, the buck stops at the website of the company to protect itself from being used in harmful ways against its users. Savvy users will likely pick up on these being scams, but even smart people have urgent moments where they’re drawn in by the very scam techniques they’ve learned to notice. Do you lock your search results pages down to internal referrers? Do you block google.com search results from your search results pages?

Query strings are really convenient ways to pass small amounts of information between pages. The question mark + q + equals sign is synonymous with looking for something on a website. Will this campaign through Google ads serve as a driver to move web technology off of query strings? I’ll be honest, adding cookies in GET requests or switching to multi-request sequences are both non-optimal solutions. I’m glad someone smarter than me can sort it out.

Speaking of Google ads… they’re complicit here too. Can Google avoid serving these ads? Sure, with a similar amount of technical difficulty as the websites detecting fraudulent use but they’re not using industry standard tech. Google is cultivating the breeding ground for implicit trust in their quest for monetization of the search results. The betrayal in the search results is that the ads continue to become disguised as organic search results. How far down the page do I need to scroll before I can start trusting the links and page summaries?

Malware bytes takes the time to mention their browser extension that can detect scams on websites, but frankly - they could offer detection services (for a cost) to Google before they further erode trust in the ads in their search results.

More on this from Ars: https://arstechnica.com/security/2025/06/tech-support-scammers-inject-malicious-phone-numbers-into-big-name-websites/

#news-commentary

Released Notes

Part 1 of 3

Effectively a microblog category of quick and/or short content out of Notes.

Up next

What are your legacy norms?

Revisiting prior decisions can be tough and effectively doing so often requires you to notice the page margins. Not literal page margins, but like page margins, functionality that exists because the original constraints required it. Page margins exis...

More from this blog

B

Blog | Drew Skwiers-Koballa

15 posts