google ads

address-bar-shows-hpcom-browser-displays-scammers’-malicious-text-anyway.

Address bar shows hp.com. Browser displays scammers’ malicious text anyway.

Biz & IT, google ads, Security, tech support scams, websites / /

Not the Apple page you’re looking for

“If I showed the [webpage] to my parents, I don’t think they would be able to tell that this is fake,” Jérôme Segura, lead malware intelligence analyst at Malwarebytes, said in an interview. “As the user, if you click on those links, you think, ‘Oh I’m actually on the Apple website and Apple is recommending that I call this number.’”

The unknown actors behind the scam begin by buying Google ads that appear at the top of search results for Microsoft, Apple, HP, PayPal, Netflix, and other sites. While Google displays only the scheme and host name of the site the ad links to (for instance, https://www.microsoft.com), the ad appends parameters to the path to the right of that address. When a target clicks on the ad, it opens a page on the official site. The appended parameters then inject fake phone numbers into the page the target sees.

A fake phone number injected into a Microsoft webpage.

Credit: Malwarebytes

A fake phone number injected into a Microsoft webpage. Credit: Malwarebytes

A fake phone number injected into an HP webpage.

Credit: Malwarebytes

A fake phone number injected into an HP webpage. Credit: Malwarebytes

Google requires ads to display the official domain they link to, but the company allows parameters to be added to the right of it that aren’t visible. The scammers are taking advantage of this by adding strings to the right of the hostname. An example: 

/kb/index?page=search&q=☏☏Call%20Us%20%2B1-805-749-2108%20AppIe%20HeIpIine%2F%2F%2F%2F%2F%2F%2F&product=&doctype=¤tPage=1&includeArchived=false&locale=en_US&type=organic

Credit: Malwarebytes

The parameters aren’t displayed in the Google ad, so a target has no obvious reason to suspect anything is amiss. When clicked on, the ad leads to the correct hostname. The appended parameters, however, inject a fake phone number into the webpage the target sees. The technique works on most browsers and against most websites. Malwarebytes.com was among the sites affected until recently, when the site began filtering out the malicious parameters.

Fake number injected into an Apple webpage.

Credit: Malwarebytes

Fake number injected into an Apple webpage. Credit: Malwarebytes

“If there is a security flaw here it’s that when you run that URL it executes that query against the Apple website and the Apple website is unable to determine that this is not a legitimate query,” Segura explained. “This is a preformed query made by a scammer, but [the website is] not able to figure that out. So they’re just spitting out whatever query you have.”

So far, Segura said, he has seen the scammers abuse only Google ads. It’s not known if ads on other sites can be abused in a similar way.

While many targets will be able to recognize that the injected text is fake, the ruse may not be so obvious to people with vision impairment, cognitive decline, or who are simply tired or in a hurry. When someone calls the injected phone number, they’re connected to a scammer posing as a representative of the company. The scammer can then trick the caller into handing over personal or payment card details or allow remote access to their computer. Scammers who claim to be with Bank of America or PayPal try to gain access to the target’s financial account and drain it of funds.

Malwarebytes’ browser security product now notifies users of such scams. A more comprehensive preventative step is to never click on links in Google ads, and instead, when possible, to click on links in organic results.

Address bar shows hp.com. Browser displays scammers’ malicious text anyway. Read More »

google-might-already-be-replacing-some-ad-sales-jobs-with-ai

Google might already be replacing some Ad sales jobs with AI

Google, google ads, google ai, Tech / /

Better click-through rates than Cyberdyne Systems —

When AI can make assets and text for ads, you don’t need humans to do it anymore.

A large Google logo is displayed amidst foliage.

Google is wrapping its head around the idea of being a generative AI company. The “code red” called in response to ChatGPT has had Googlers scrambling to come up with AI features and ideas. Once all the dust settles on that work, Google might turn inward and try to “optimize” the company with some of its new AI capabilities. With artificial intelligence being the hot new thing, how much of Google’s, uh, natural intelligence needs to be there?

A report at The Information says that AI might already be taking people’s jobs at Google. The report cites people briefed on the plans and says Google intends to “consolidate staff, including through possible layoffs, by reassigning employees at its large customer sales unit who oversee relationships with major advertisers.” According to the report, the jobs are being vacated because Google’s new AI tools have automated them. The report says a future restructuring was apparently already announced at a department-wide Google Ads meeting last week.

Google announced a “new era of AI-powered ads” in May, featuring a “natural-language conversational experience within Google Ads, designed to jump-start campaign creation and simplify Search ads.” Google said its new AI could scan your website and “generate relevant and effective keywords, headlines, descriptions, images, and other assets,” making the Google Ads chatbot one part designer and one part sales expert.

One ad tool, Google’s Performance Max (or “PMax” for short), got a generative AI boost after May’s announcement and can now “create custom assets and scale them in a few clicks.” First, it helps advertisers decide if an ad should be in places like YouTube, Search, Discover, Gmail, Maps, or banner ads on third-party sites. Then, it can just make the ad content, thanks to generative AI that can scan your website for material. (A human advertiser is still in the loop approving content—for now.) It’s called “Performance Max” because variations of your ad are still left up to the machines, which can constantly remix your ads in real time using click-through rates as feedback. Google’s official description is that “Assets are automatically mixed and matched to find the top performing combinations based on which Google Ads channel your ad is appearing on.”

Changing ads on the fly with immediate click-through-rate validation and A/B testing is a task that no person would have the time to do. Also, no one would want to pay a human to do this much work, so having an AI monitor your ad performance sounds like a smart solution. The report also notes another benefit of making AI do this work: “Because these tools don’t require much employee attention, they carry relatively few expenses, so the ad revenue carries a high-profit margin.”

The Information report says, “A growing number of advertisers have adopted PMax since [launch], eliminating the need for some employees who specialized in selling ads for a particular Google service, like search, working together to design ad campaigns for big customers.”

According to the report, as of a year ago, Google had about 13,500 people devoted to this kind of sales work, a huge chunk of the 30,000-strong ad division. These 13,500 people aren’t necessarily all going to be affected, and those who are won’t necessarily be laid off—they could be reassigned to other areas in Google. We should know the scale of Google Ad’s big re-org soon. The report says, “Some employees expect the changes to be announced next month.”

Google might already be replacing some Ad sales jobs with AI Read More »

four-years-after-apple,-google-will-finally-kill-third-party-cookies-in-2024

Four years after Apple, Google will finally kill third-party cookies in 2024

browser cookies, Google, google ad business, google ads, google advertising, google chrome, privacy sandbox, Tech, third party cookies / /

It’s all going to plan —

Google delayed long enough to secure its ad business with new tracking methods.

Extreme close-up photograph of finger above Chrome icon on smartphone.

Chrome has finally announced plans to kill third-party cookies. It’s been almost four years since third-party cookies have been disabled in Firefox and Safari, but Google, one of the world’s largest ad companies, has been slow-rolling the death of the tracking cookie. Ad companies use third-party cookies to track users across the web, and that web activity is used to show users relevant ads. Now that Google’s alternative user-tracking ad system, the “Privacy Sandbox,” has launched in Chrome, it’s finally ready to do away with the previous form of ad tracking. The new timeline to kill third-party cookies is the second half of 2024.

Google’s blog post calls the rollout “Tracking Protection” and says the first tests will begin on January 4, where 1 percent of Chrome users will get the feature. By the second half of 2024, the rollout should hit everyone on desktop Chrome and Android (Chrome on iOS is just a reskinned Safari and is not applicable). The rollout comes with some new UI bits for Chrome, with Google saying, “If a site doesn’t work without third-party cookies and Chrome notices you’re having issues—like if you refresh a page multiple times—we’ll prompt you with an option to temporarily re-enable third-party cookies for that website from the eye icon on the right side of your address bar.” Since other browsers have been doing this for four years, it’s hard to imagine many web admins not being ready for it.

Chrome's new third-party cookies controls.

Enlarge / Chrome’s new third-party cookies controls.

Google

Google says the rollout is “subject to addressing any remaining competition concerns from the UK’s Competition and Markets Authority.” Chrome’s Privacy Sandbox switch represents the world’s most popular browser (Google Chrome) integrating with the web’s biggest advertising platform (Google Ads) and shutting down alternative tracking methods used by competing ad companies. So, some regulators are naturally interested in the whole process.

Google says its choice to offer this privacy feature four years after its competitors is a “responsible approach” to phasing out third-party cookies. That responsibility seems to primarily be about responsibility to Google’s shareholders since turning off tracking cookies was previously seen as an attack on Google’s business model. Google’s position as the world’s biggest browser vendor allowed it to delay the death of tracking cookies long enough to create an alternative tracking system, which launched earlier this year in Chrome. With the ad business secured, it’s now acceptable to phase out cookies. So far, everything is going to plan.

Four years after Apple, Google will finally kill third-party cookies in 2024 Read More »