Brad H. lives in Las Vegas and fancies himself a car guy.
Every so often he finds a car on the other side of the country that he wants to buy.
Recently, Brad found a Jeep Wrangler located in Maryland to purchase.
Brad uses a trusted vehicle transport company called RoadRunner Auto Transport to put the car on a semi-truck and transport it to Las Vegas.
After Brad purchased the Jeep Wrangler, he jumped online to schedule the vehicle pickup.
Since he was unsure of the transport company’s website domain he did a Google search for RoadRunner Auto Transport.
Brad clicked on the first result in the ad section of the Google search.
He mistakenly assumed that since he typed in the company’s entire name it would be the first result.
Once on the website, Brad scheduled the pickup of the Jeep.
He soon received a phone call from the company to confirm the booking and to make the payment.
The woman calling from the company had a Jamaican accent and was very polite.
She sent Brad an email confirming the booking and asked for payment.
This is when Brad realized he wasn’t talking to the company he’d used in the past.
First, the email from the company employee came from a Gmail address with a woman’s name in it.
It wasn’t official-looking and didn’t come from the company’s domain name.
Second, Brad went through the fine print of the email and noticed everything said “RoadRunner Car Transport.”
Brad thought he was using “RoadRunner Auto Transport.”
Thankfully, he ended the phone call without sharing too many details with the company.
The scary thing is that Brad did a simple Google search, and this fake company was the first to pop up.
Like so many people Brad just typed the company name into Google Search and trusted the first thing to pop up.
The problem is that cybercriminals know people do this and they are taking advantage of it.
Criminals are promoting fake websites using Google Ads, making fake pages show up higher in the search results.
According to Google, in 2024 the company blocked more than 415 million ads for violating advertising rules.
Because fake ads are so widespread, here are a few ways to spot them in Google Ad results.
Destination:
Oftentimes fake ads will have a mismatch between the displayed URL and the actual destination URL.
For example, the ad could say PayPal.com, but the destination URL could be PayPa1-support.com.
Look for misspellings, or URLs that don’t appear legitimate.
And make sure the URL matches the website you intend to visit.
HTTP:
In the past, a website with HTTPS or an SSL certificate could be trusted.
But that’s not always true anymore.
Scammers are now using SSL certificates which means the padlock icon appears in the URL.
So, this alone no longer means the website is secure.
Before you click on an ad link, hover over the ad so that you can preview the URL before clicking on it.
Fake logos:
Fake logos and poor designs can be a sign of a fake ad.
Scammers will often copy legitimate logos, but the image might be a bit blurred or look stretched.
The hackers are stealing the logo so it’s like you or I copy and pasting it.
Since scammers aren’t the smartest, they will sometimes use outdated logos, or the colors might be slightly different than the actual logo.
Look for the disclosure:
Legitimate advertisers will often display a “Why this ad?” Option.
This is a way for users to provide feedback to advertisers.
If you click on the disclosure, it will show things like whether it’s a verified business, the business location, or the reason why you are seeing the ad.
A fake ad will typically hide this because they don’t want to give victims more information than they need to trick them.
So always look for the disclosure when looking at ads.
Fake ads are everywhere online.
And even if they aren’t cyber criminals, some people impersonate legitimate businesses to steal customers and their personal or private information.
