Massive Scam Surge: Google Ads Fueling Fraud

With a massive proportion of any household budget made up of energy costs, scammers are just a phone call away when people seek to talk about their bills or how they might save.

Now you are entering the utility scam, wherein crooks pose as your utility company to threaten and extract as much money from you as they can. This scam, which has persisted for years, typically begins with an unexpected phone call or, in some instances, a doorstep visit. The scalability of phone-based scams enables their operation from abroad, enhancing their reach. Yet, the effectiveness of these scams often increases when the victim initiates the call. A recent Malwarebytes Labs investigation unveiled a significant campaign of fraudulent ads served to users through Google searches, with the scale of these ads surpassing those in prior malvertising cases.

When users search for terms related to their energy bill, they encounter these scam ads, designed exclusively for mobile devices to exploit the frequency of smartphone use. Additionally, the ads employ geolocation to ensure relevance to the user’s specific area.

Image: Malwarebytes Labs

Malwarebytes Labs identified 28 advertisers behind over 300 ads, mostly registered by individuals from Pakistan, and noted the abuse of legitimate but compromised advertiser accounts belonging to US entities. While the investigation did not delve deeply into the scammers’ whereabouts, Pakistan emerged as a potential hotspot.

Typically, interacting with these ads does not redirect to a website but prompts a phone call instead—precisely what the fraudsters aim for, exploiting the general unawareness about the potential deceitfulness of Google-approved ads.

Image: Malwarebytes Labs

The utility scam thrives on intimidation and fear, pressuring victims into rash decisions with threats of unpaid bills or too-good-to-refuse offers demanding immediate acceptance. Once the call is made, victims are ensnared and at high risk of significant financial loss.

Scammers might also guide victims to their websites to feign legitimacy. These sites, often convincingly genuine, mislead victims into believing they are making the right decisions, far from reality.

The scam’s infrastructure is extensive, with fraudsters registering numerous domain names and creating template websites appearing to offer energy or utility savings. These simple sites typically feature customer-oriented text and contact numbers. The fraudulent nature of these domains can sometimes be inferred from their registration dates and association with search ads.

However, challenging these domains’ validity requires comprehensive investigation, including engaging with the scammers, documenting interactions, and presenting evidence, a process demanding substantial time and resources.

In the meantime, efforts to track and report as many domains as possible to the relevant registrars have been made, hoping some may act to suspend them.

To safeguard against these scams, the current advice includes avoiding clicking on search ads, as malicious ones significantly outnumber legitimate ones.