The growing list of travel scams has a new entry. One that targets major U.S. airlines on Google – and in a most interesting way.
Seeing that airlines are suffering massive delays and cancellations and sensing that travelers are probably scrambling for help in those situations, scammers are buying ads on Google searches, pretending to be the help desks at these airlines.
The trigger point? If a United passenger is stranded at O’Hare looking for options and sees one of these ads, then dials the phone number listed, that call is probably headed to Whoknowswhere, India and not to the real United service center.
If you recently attempted to call one of the major airlines using a phone number posted on Google, you may want to check your credit card statement to make sure you weren’t a victim of a scam.
“My @delta flight got canceled from JFK. The customer service line was huge, so I google a Delta JFK phone number,” is how Shmuli Evers narrated what happened to them. The number was 1-888-571-4869 Thinking I reached Delta, I started telling them about getting me on a new flight.
“After a minute the line broke up, but they called me back... from the number +33-4-56-38-67-82 (French number that came up as DTI Publishing in Caller ID). First Red flag. He had a very strong Indian accent (Red Flag), and was overly eager to help me,” Evers said.
The cat-and-mouse chase escalated from there with text messages, screenshots, and of course, a request for a credit card payment – for FIVE TIMES the price of the original ticket.
Delta hasn’t been the only target, unfortunately. Evers decided to play detective on what other airlines might have been impersonated and soon discovered the phone numbers of American Airlines, Southwest Airlines, Air France, Qantas, ITA Airways, and Turkish Airlines were all being used to scam pained travelers.
'I will never click another sponsored link on Google again'
Google knows these sponsored ad impersonations are an issue and, in a statement to NBC News, said it does not “tolerate this misleading activity,” and was working to correct the issues.
But how hard, how far, and how effectively? That remains to be seen.
“We've been watching phishing tactics evolve over the years, and while buying ads to impersonate free and open-source apps isn't a new method for would-be scammers, it seems to have increased,” said PCGamer’s Katie Wickens.
Bleeping Computer found that phishing scams have taken over a disturbing number of top Google ad positions, and only some of them have been flagged by antivirus software.
Typosquatting has also been used by scammers, as Wickens noted in the case of "notepad-plus-plus.com" – a website address that’s just close enough to a reasonable-sounding URL that many do not think it is harmful.
Is there a way you can protect yourself from these search scams?
Until Google gets rid of this nightmare forever, consumers are basically on their own. You can be vigilant, but that doesn’t always work when we’re searching for something on the web.
More often than not, we’re looking for something we want the answer to now and we just don’t take the time to look to see if a search result is “sponsored” or not and tend to click on the first thing we see, figuring it’s gotta be the best.
One workaround, the FBI suggests, is to get yourself an adblocker. Supposedly, an effective ad blocker will go as far as keeping any rogue ads from showing up in Google searches – supposedly. If you’re interested, Google offers a number of ad blockers as Chrome extensions.
In the meantime, security analysts at Adlock suggest concerned internet users take at least some of these steps:
Always check the URL of the website you’re going to visit. A malicious website usually has “typos” or misplaced letters/characters.
Save bookmarks for the sites you use the most.
Never click “Ad”/”Sponsored” results in the search.
Always have an antivirus on top of your adblocker.
Never click anything that says “Virus detected on your device” on your browser — it’s a scam.
Preview the page when unsure if it’s a real destination — hover your cursor over the link.
Google also offers this video on how to spot -- as well as verify and report -- a fake ad.