07 Sep

A rise in the number of adverts appearing in Google placed by scammers offering fake tech support has led Google to announce the rollout of a new advert verification programme.

Can’t Tell The Good From The Bad

Google’s Director of Global Product Policy, David Graff, made the announcement on the Google blog. Mr Graff said that, after seeing a rise in misleading ad experiences stemming from third-party technical support providers, Google had taken the decision to begin restricting ads in that category globally. Mr Graff also said that, because the fraudulent activity takes place off the Google platform, it has made it difficult to separate the bad actors from the legitimate providers, and this has necessitated the roll out in the coming months of a verification program to ensure that only legitimate providers of third-party tech support can use the Google platform to reach consumers.

The Scam Adverts

According to Google, last year it took down more than 3.2 billion ads that violated its advertising policies. Google has banned ads for payday loans and bail bonds services, and has introduced verification programmes to fight fraudulent ads for other services such as local locksmith services and addiction treatment centres. It now appears that the scammers have moved into the tech support category to find their victims.

How The Scam Works

According to FBI’s Internet Crime Complaint Centre (IC3), it received approximately 11,000 complaints related to tech support fraud in 2017. This kind of fraud can use several methods for the initial contact with the victim e.g. telephone, search engine adverts, pop-up messages or locked screens (accompanied by a recorded, verbal message to contact a phone number for assistance), or a warning in a phishing e-mail.

The way the fake tech support scam works using search engine adverts, which is the method that Google has highlighted is that:

  • Criminals pay to have fraudulent tech support company links and ads show higher in search results. Victims click on the links / ads, and the ads provide a phone number.
  • When the victim calls the fake tech support company, a representative criminal attempts to convince the victim to provide remote access to their device. If the device is a tablet or a smart-phone, the criminal usually try to make the victim connect the device to a desktop computer.
  • When a remote connection has been made, the criminal will claim to find expired licenses, viruses, malware or other (bogus) issues and will tell the victim that there will be a charge to remove the issue.
  • The criminal will then request payment through personal/electronic check, bank/wire transfer, debit/credit card, prepaid card, or virtual currency.

The scam has other variations which can also involve re-targeting previous victims by posing as government officials / police, offering assistance in recovering losses from a previous tech support fraud incident.

What Does This Mean For Your Business?

For those companies legitimately offering tech support services online using advertising, as well as for the many previous and potential victims, this announcement by Google will be welcomed. It is also in Google’s interest to police its own advertising platform because it provides a significant source of revenue.

We can all take precautions to stop ourselves / our businesses from falling victim to this type of scam. These precautions include:

  • Remembering that any legitimate tech support company are unlikely to initiate unsolicited contact with you / your company.
  • Installing ad-blocking software to eliminate / reduce pop-ups and malvertising (online advertising to spread malware), and making sure that all computer anti-virus, security, and malware protection is up to date.
  • Being very cautious of any support numbers that have been obtained via open source searching i.e. via sponsored links /
  • Google ads.
  • Not giving any unverified people remote access to any devices or accounts.