100
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
this post was submitted on 18 Jul 2023
100 points (98.1% liked)
Asklemmy
43974 readers
1220 users here now
A loosely moderated place to ask open-ended questions
If your post meets the following criteria, it's welcome here!
- Open-ended question
- Not offensive: at this point, we do not have the bandwidth to moderate overtly political discussions. Assume best intent and be excellent to each other.
- Not regarding using or support for Lemmy: context, see the list of support communities and tools for finding communities below
- Not ad nauseam inducing: please make sure it is a question that would be new to most members
- An actual topic of discussion
Looking for support?
Looking for a community?
- Lemmyverse: community search
- sub.rehab: maps old subreddits to fediverse options, marks official as such
- !lemmy411@lemmy.ca: a community for finding communities
~Icon~ ~by~ ~@Double_A@discuss.tchncs.de~
founded 5 years ago
MODERATORS
A few weeks ago I shipped a package USPS and I wanted to track it's progress. I googled USPS tracking and clicked on the first link that popped up. The search result looked like the USPS website and said USPS .com and had the same preview text that the actual website used but it was actually a Google ad that redirected me to supertracking .com. This fake website looked exactly like the USPS tracking website, the domain the web browser displayed was wrong but everything on the page was right, the buttons on the bottom and top even sent you back to the official USPS site. The fake site was set up so that no matter what you entered it would say the address was wrong and you had to update it for a $1.50 address update fee. I would have grown suspicious here except I actually did put the wrong zip code down when I shipped it. Again all the forms looked legit so I put my credit card info in after updating the address, then it wanted me to confirm my bank account login and pin. This is where I stopped because there is no reason for them to collect that data. I saw it was the wrong website and looked back in my history and sure enough I clicked on an ad without realizing it. I reported the domain, reported the ad, and cancelled my credit card. It was really scary how real the website felt, I didn't suspect anything until they wanted bank info.
These ads are getting so much more prevalent, and so much more subtly marked. Google (and places like reddit and Facebook) designs them to feel as much like organic content as possible. I have a pihole on my home network, in part to prevent exactly the type of mistake you described.
One way that google explicitly enables these types of scams is by allowing advertisers to display a fake url in the ad footer. Ostensibly this is so advertisers can link to an intermediary 3rd-party tracking url instead of the target page without scaring the customers, but this is precisely what allows scammers to display usps.com in the link to a fraud site. Google even uses javascript to display the fake url in the browser tooltip when you hover over the link!
I switched to Kagi the other day and it’s fantastic compared to Google now. I haven’t gotten bad results a single time.