How URL hijackers are disrupting banks’ PPC campaigns

Last Updated: March 28, 2017

[sc name=”GoogleLinkAds”]

I usually write about search marketing, analytics and conversion optimization, but I felt it was important to share a discovery I made recently. I noticed a major phishing scam hijacking the paid search ads of financial and banking companies on brand keywords. The activity was discovered by an alert I received from BrandVudu, a third-party risk compliance and brand protection tool. The alert uncovered paid search ads that look like official bank or credit card brand ads, but when a consumer clicks the ad, the landing page is a phishing website. In this example the tactic follows this pattern: 1. An ad is triggered on brand or brand-plus searches for popular bank and credit card keywords (e.g., brand + “ login” or “low APR credit card offers”) 2. The ad contains a display URL for the financial institution, and therefore appears genuine and official. 3. Consumers who click on the ad are misdirected to a phishing site which attempts to get the user to call a phone number. After this the following events take place: The site claims that malware has been downloaded onto the user’s machine, along with a troubling pop-up, and loud sound effects including warning bells. The user is directed to call 844-813-5760 or 800-646-0707, which identifies the virus as the ZEUS virus, in order to get assistance from either Apple or Microsoft support. In some cases, the pop-up or the tab can be easily closed. In other cases, the entire computer screen is blocked by the warning message and the only way to get out of it, if you are a Windows user, is to use Task Manager to kill your browser program. The landing page looks like the below, depending on whether you are a Mac or Windows user: BrandVudu identified the following URLs where consumers are being directed.  These URLs seem to rotate daily, with new URLs being used every few days: Destination URL Landing Page Date Detected Knowdailyhoroscope.com majorwarnings.online/alert/chrome_win March 6, 2017 Freedictionarydefinition.com virushelp.xyz/alert/chrome_win   March 6, 2017 clickingads.online   helpvirus.xyz/alert/chrome_win March 2, 2017 thesaurus-dictionaryonline.com   pc-helps.xyz/network7026/chrome_win March 2, 2017 Source: BrandVudu Why aren’t these scams being caught? Misleading ads are a problem, as evidenced by the 2016 Bing Ads Quality Review showing millions of ads needing to be blocked.  You would think that popular malware solutions would find these phishing scams and alert users, right? I thought the same thing, but a scan of the above Destination URLs using several top malware scanners revealed green “all-clear” good grade for each site. The phishing sites are fooling the scanning companies by misdirecting the scanner to a legitimate URL. When they’re visited by a crawler used by malware scanner tools, they usually send users to the…

Source: How URL hijackers are disrupting banks’ PPC campaigns

[sc name=”GoogleLinkAds”]

About the author / 

S K Routray

S K Routray is a computer science graduate and Co founder at Gracioustech.com. He worked as a Online Marketing lead at many MNC Companies. He has passion for writing on SEO techniques, Social Media Marketing and digital marketing techniques. If he wasn’t an online marketer, he'd take his love for food and become a great chef cum hotel entrepreneur. Join NAS Writers team to write for NAS.

[sc name="searchbox"]
[sc name="responsiveads"]

Email Subscriptions

Enter your email address:

Delivered by FeedBurner

Follow us on Twitter