Massive eBay Scam Campaign Exploits Google Ads’ Sponsored Results

• The Google Ads search results are getting out of hand lately as the number of malicious websites bypassing safeguards increases.
• Security researchers observed a new malvertising campaign, this time impersonating eBay’s customer service.
• The fake ads redirect to counterfeit websites that provide phone numbers that belong to the scammers.

Tech support scammers exploit fraudulent Google ads to deceive unsuspecting users in a significant malvertising campaign targeting eBay users in the United States. Victims are redirected to fake websites with misleading prompts to contact bogus customer support numbers. 

Scammers often employ tactics to gain remote access to victims' devices under the guise of assistance, subsequently stealing sensitive information and funds by requesting gift cards or taking over people’s bank accounts, the latest Malwarebytes investigation revealed.

These fraudulent ads appear during searches for 'eBay phone number' or 'eBay customer service.' 

Created from four separate advertiser accounts – some new and some belonging to legitimate entities – these malicious ads use destination URLs that redirect users to scams hosted on various cloud services, such as BitBucket. 

Some advertisements even mimic eBay's branding using domain masking techniques to appear legitimate, and scammers can find a way around Google’s strict rules regarding advertisers. The trick they use is to have the ad lead to a URL with the same domain or a subdomain that matches the one shown in the ad.

These malicious ads are using developer.ebay.com (part of eBay’s Developers Program Search), which has eBay’s main domain attached. Yet, the destination URL shows a search portal with a printed search result with a fake eBay customer service phone number.

The attackers perform a calculated search query even though no result will be found, with the intention to get your search query to appear on screen, such as “eBay.Customer-Service +1 (866) 409[-]9281.”

The security researchers reported the offending advertisements to Google, and they are actively monitoring for similar campaigns targeting other brands. This breach impacts both consumers and digital advertisers by compromising trust in online platforms.

It is crucial for users to verify contact information directly from official websites. For genuine assistance, visit the brand’s official website to use verified contact methods such as live chat or direct customer service numbers.

Google is dealing with a lawsuit accusing Alphabet Inc. of profiting from Google ads that promote pirate websites and asked a U.S. court to dismiss lawsuit claims.

In recent news, a phishing site impersonating ‘Google Safety Centre’ deployed infostealers under the guise of downloading the trusted multi-factor authentication (MFA) app Google Authenticator.

Also, an infostealers-disseminating advertisement for Authenticator that seemed to come from official sources appeared among Google search results, and Google even verified the advertiser’s identity.

In other cases, people reporting paid ads in Google results that led to scamming or phishing websites were dismissed because the promoted results “did not infringe” the Alphabet Inc.-owned company’s rules.