Text only | Text with Images

The Core

Why We Are Here => Traffic => Topic started by: rcjordan on June 20, 2025, 12:22:06 AM

Title: Address bar shows HP.com site. Browser displays scammers’ malicious text anyway
Post by: rcjordan on June 20, 2025, 12:22:06 AM

https://arstechnica.com/security/2025/06/tech-support-scammers-inject-malicious-phone-numbers-into-big-name-websites/

Google ad injects page parameters in browser
Title: Re: Address bar shows HP.com site. Browser displays scammers’ malicious text anyway
Post by: littleman on June 20, 2025, 02:07:39 AM
It's been a while since I've seen a display URL spoofing via IDN Homograph Attacks or JavaScript manipulation.  I guess this is the next stage. 
Title: Re: Address bar shows HP.com site. Browser displays scammers’ malicious text anyway
Post by: ergophobe on June 20, 2025, 08:26:34 PM
Interesting. The basic problem here is that Google lets anyone buy an ad that links to any site, right? The domain has to match the final destination, but anyone can send traffic to MS if they want to.

I like this little "fix" for the problem:

"A more comprehensive preventative step is to never click on links in Google ads, and instead, when possible, to click on links in organic results."

If widely adopted, that could fix a lot of things  other than this one exploit :)
Title: Re: Address bar shows HP.com site. Browser displays scammers’ malicious text anyway
Post by: rcjordan on June 20, 2025, 09:11:46 PM
>fix

Google has ads?
Title: Re: Address bar shows HP.com site. Browser displays scammers’ malicious text anyway
Post by: ergophobe on June 20, 2025, 09:22:34 PM
Yes. If you see a company you don't like, you click on them. If you see a company you like, you scroll to organic.
Text only | Text with Images