Jeremy B. MerrillDec 21, 2022
the FBI just warned that search engines -- which is to say, Google -- are selling ads that impersonate crypto and finance sites in order to steal logins and install ransomware. https://www.ic3.gov/Media/Y2022/PSA221221
Internet Crime Complaint Center (IC3) | Cyber Criminals Impersonating Brands Using Search Engine Advertisement Services to Defraud Users

Show threadJeremy B. MerrillDec 21, 2022

Google also sells ads that impersonate government agencies like the IRS, including with URLs like irs.gov-whatever.com, I reported last year.

These ads all violate Google's rules, they said, but, of course, Google still sells 'em.

https://themarkup.org/google-the-giant/2021/05/13/ads-are-impersonating-government-websites-in-google-results-despite-ban

Ads Are Impersonating Government Websites in Google Results, Despite Ban – The Markup

The company pledged to eliminate ads for sites that charge hefty fees for otherwise free or inexpensive services—but they continue

Show threadAdam DewDec 22, 2022
@jeremybmerrill this type of fraud detection should not be difficult to implement. There are recaptcha aspects that could be repurposed.
Show threadJeremy B. MerrillDec 22, 2022
@adamdew say more?
Show threadAdam Dew
@jeremybmerrill #1 As all internet goers are aware, recaptcha presents the users some random images and asks the user to identify certain characteristics that some of the pictures may contain. The users responses are given to the google image recognition AI. Essentially we all have been teachers to this machine. Showing it how to identify objects inside rasterized images like pngs of jpgs in the same way we do.
Dec 22, 2022 at 9:05pmWeb
Show threadAdam DewDec 22, 2022
@jeremybmerrill #2 I believe this AI could easily be able to recognize text and logos that we commonly see inside these fraudulent ads. So it seems that google have the tools and have not thought to use them in this way yet. Or they do know, we would have to ask them for an explanation.
Show threadJeremy B. MerrillDec 22, 2022
@adamdew lots of ways to do it. One theory I've heard is that Google's history of being self-service means big orgs have LOTS of ads accounts managed by randos, making it hard to verify who really is a given org versus an imposter.