New Threat Research: Uncovering Adversarial LDAP Tradecraft

Read Threat Research


Fake Google Search Ads

Scammers have been using fraudulent Google search ads for quite a while, but they have added a new technique to their arsenal. The new fake ads are using very convincing websites that usually state that email response will take several hours to reach customer service and that the user should contact them by phone instead. The primary companies being copied are Amazon and PayPal. When the user contacts them by phone, the scammers will pretend to be from the associated company and ask for a Google Play gift code to verify the user’s identification. Researchers have contacted the false numbers and asked why the Google play card was needed, the scammer stated that it was for identification purposes and they promised to reimburse the user for the cost of the card. Google was contacted and provided the following statement, “We have strict policies that govern the kinds of ads we allow on our platform, and ads that conceal or misstate information about their business are prohibited on our platform.” Google also stated, “When we find ads that violate our policies, we remove them.”

Analyst Notes

If the user is presented with this style of message, the phone number should be verified with a simple Google search. The fake numbers being used are Amazon (888) 403-5771 and PayPal (855)281-0268. The correct customer service numbers are: PayPal is (888) 221-1161 and Amazon is (888) 280-4331. These fraudulent ads should be reported to Google’s ad flagging tool.