Ad Fraud Targets Consumers Searching for Credit Reports and Credit Repair in Google

Google Search

Google Ads is no stranger to ad fraud. Being one of the largest advertising networks on the planet makes you a big target for fraud and scams of all kinds. While Google has continued to improve their fraud detection mechanisms over the years – persistent scammers still find a way to exploit the system. Today we are covering a rather elaborate form of ad fraud that not only provides a poor user experience for Google’s visitors, but also creates artificially inflated click prices for Google’s advertisers. This particular fraudster or group of fraudsters has drawn our attention and we’re going to shine a spotlight on their bad behavior.

Breaking Down the Scam

Recently an alarming number of websites started showing up in Google Ads for terms related to credit reporting and credit repair. At first glance, they might just look like ordinary ads, but upon further review – there is some blatant ad fraud going on. Let’s address some key points:

Types of Ads Being Used

The advertisements involved in this scam are “Call Only” ads, which are available through the Google Ads Platform. Call Only ads only appear on mobile devices. When you tap a Call Only ad, instead of visiting a website you are connected to a phone number.

Websites/Domains Being Used

The websites/domains that appear in the ads are completely unrelated to credit reporting and credit repair. They appear to be hacked websites (more on this in the technical details section below). Often times, scammers will purchase (or steal) “aged” websites for fraudulent use in Google Ads because it takes Google’s system longer to detect them. Presumably, recently registered domains and brand new websites are flagged for manual review much faster in Google Ads. Using aged domains allows the perpetrators to carry out their fraud for a longer period of time. You can find a more complete list of the domains and phone numbers related to this scam in the technical details section at the end of the article.

How Are the Scammers Getting Paid?

The scammers are sending the calls to a range of Credit Repair companies. They are probably getting paid when their calls meet a certain duration, or perhaps only when a sale is made. It probably doesn’t matter either way to the scammers since they are most likely running up the advertising bills on someone else’s credit card.

Noteworthy Conclusions

Because Google Ads has one of the most advanced fraud detection systems on the planet, and based on the number of ads/websites involved in this scam, we can make a few noteworthy conclusions.

  1. The scammers have access to a large number of hacked websites. We explain why we think they are hacked and not directly owned by the scammers in the technical details section at the end. (we’re trying to spare you the nerdiest details)
  2. The scammers have access to a large number of Google Ads accounts. It’s unlikely that someone could run all these ads from one account, or even from one “Master Account or MCC” (used by advertising agencies to manage multiple clients individually). The Google Ads accounts are probably hacked as well.
  3. The scammers have access to a large pool of credit card numbers. Google Ads can easily link accounts that use the same billing information. We think the scammers are using hacked Google Ads accounts and ringing up their fraud on the credit cards of the unsuspecting owners. This is an educated guess on our part. If the scammers are hacking websites and committing advertising fraud, it’s unlikely they would use their own credit card.

Technical Details

This is where it gets nerdy. If you don’t speak geek, we won’t be offended if you check-out early.

Why We Think The Websites Are Hacked

When we performed a whois lookup of the websites contained in the advertisements the registrars and DNS information was different on every single one. The common theme among these websites is they are all using WordPress. WordPress is the most widely used website back-end and content management system. It is also the most widely exploited and most frequently hacked.

The Phone Numbers

We performed a carrier lookup on the phone numbers contained in the advertisements. This tells us who the scammers are using to obtain their phone numbers. The vast majority of the phone numbers came back to Bandwidth.com. A few however, came back to different carriers, leading us to believe that there are possibly multiple people involved – or perhaps the scammer(s) just had the foresight to obtain numbers from multiple carriers with the expectation that some would get shut down.

This scam and all of the websites identified as part of it were reported to Google on 8/23/2019. Google does not provide a phone number to report things like this, so we were at the mercy of their Report an ad form. In the past we have reported sites using this form with mixed results.

Google Ads has a phone number (1-866-2-GOOGLE) but unfortunately it has become increasingly useless over the last few years as Google has outsourced their customer support to India, which has been a huge disappointment to Google’s customers. We tried to report these ads over the phone, but nobody we spoke to was willing to field our complaint. They instead referred us to the cold lifeless web form, where we begrudgingly fired our reports off into the ether.

Below is the complete list of websites we found that were used in the fraudulent ads along with their associated phone numbers. We will continue to update this post as we identify more ads related to this scam.

  • smriccio.com – (248) 270-5566
  • mybusinessforum.com – (570) 754-8154
  • dumbquotebook.com – (657) 276-6872
  • stevesarro.com – (316) 395-0868
  • ilaurus.com – (732) 749-1063
  • telkomedia.com – (978) 393-0043
  • factorytek.com – (855) 246-6956
  • bibanej.com – (831) 218-1528
  • ssi-products.com – (919) 355-5006
  • studiolegaledelrossoserafini.com – (425) 256-3118
  • wolfpacknyc.com – (316) 395-0884
  • slocircuit.com – (818) 851-7860
  • valuesera.com – (336) 421-2151
  • edgetrainings.net – (586) 588-9886
  • brandonconcessionsllc.com – (339) 707-5304

How to Stop the Scam

There are three parties that could stop this scam – but it could turn into a game of whack-a-mole.

  1. The companies paying for these leads could terminate their relationship with the affiliate(s) is responsible for the fraud. There is still a chance the scammers may attempt to partner with a different credit repair company.
  2. The phone number provider (Bandwidth.com) could shut down the phone numbers being used along with any related accounts. Unfortunately there are dozens of carriers who rent out phone numbers.
  3. Google Ads could suspend the accounts in question and hopefully the scammers eventually run out of stolen/hacked accounts to victimize.
  4. The authorities could get involved to locate the perpetrator and bring them to justice.

All three parties should be reporting the people responsible to the authorities. If you have information related to this scam (or any other advertising scam) tell us about it through our contact form and we will investigate and publicize our findings. The best way to make roaches scatter is to shine some daylight on them.

What To Do If Your Website Is One of the Hacked Sites

  1. First you should login and remove any users you don’t recognize that have an Administrator role assigned.
  2. You should immediately change your WordPress password to a strong password.
  3. You should locate the page/post created by the scammers and remove it.
  4. You should contact Google Ads to let them know someone is using your website on their platform without your permission. You can reach Google Ads at 1-866-2-GOOGLE (1-866-246-6453).

Ongoing Updates

8/24/2019 Update

We reached out to every website owner included in the list above to inform them that their websites are compromised. Some were contacted by email and some were contacted by phone. We felt this was necessary because many of these websites belong to businesses who may rely on Google Advertising now or in the future.

As a result of their websites being compromised, they are at grave risk of becoming blacklisted from promotion in Google Ads. After speaking to several of the website owners over the phone, we are 100% certain that they are indeed victims. None of them were aware of the nefarious ads being run under their business names. Hopefully this will allow the website owners to secure their websites with new passwords and remove the pages that were created by the scammers.

8/26/2019 Update

Google responded to our report of the ads above, advising us that the report has been escalated for review. There are new ads showing up today, and some of the ads we previously reported are still showing. Here is a screenshot of a few that were popping up today.

Below is the full list of websites we uncovered today with their corresponding phone numbers (not including ones from the list above – some of which are still showing up):

  • jasonhumble.biz – (828)-552-5015
  • slidemodo.com – (252) 513-0376
  • techmyster.com – (855) 626-2712
  • thatmarkjohnson.com – (775) 981-0230
  • edgetrainings.net – (586) 588-9886

We will continue to update you with all the details.

8/27/2019 Update

Some ads from last week are still showing in spite of being reported to Google. New ads are still showing up. Some of the phone numbers that appear in the ads are now saying the name of the “Business” (hacked website) prior to transferring the call. This is a requirement to run Call Only ads in Google. So while these scammers are committing blatant fraud – they are going out of their way to stay under the radar in Google Ads.

8/28/2019 Update

The fraud ads are spreading and the scale of the fraud operation is growing. New hacked websites are showing up in Google every single day with similar ads. They are occupying high ad positions in Google for terms like “credit report” and “credit score”. Many of the websites we reported to Google Ads are still up and running. Any new ones we have noticed have also been reported.

A bit of good news to report – Many of the website owners we reached out to have managed to secure their websites and remove the offending pages.

8/29/2019 Update

The fraud continued to metastasize for the first half of the day. We have spoken directly to several webmasters, helping them secure their WordPress sites and providing guidance on how to get their website to stop showing in Google Ads without their permission. As the day rolled on, it appears that the credit repair companies have started to isolate the scammers and cut them off. The ads are still showing in Google, but if you call them, you just hear a busy signal. So while the scammers supply of money has been cut-off for now, there are still dozens of people with compromised websites, and the misleading ads are still running in Google Search.

8/30/2019 Update

Most of the fraud ads are back up and running. These ads have all been reported to Google Ads, but no action seems to have been taken. It’s fairly astonishing that these advertisements are still live in Google’s search engine. Alas, we will continue to notify the webmasters their sites are hacked so they can secure them. Unfortunately there is nothing we can do to help the people who’s credit cards are being used to finance the scam – that part is up to Google.

8/31/2019 Update

The fraud continues. Last week we called the carrier who is providing phone numbers to the criminals (Bandwidth.com) and attempted to speak to their fraud department. Unfortunately there wasn’t anyone available to take our call. We left a voicemail with Bandwidth.com’s fraud department and our call went un-returned. Here are a few more of the ads that are currently showing. There is a seemingly endless stream of new hacked websites.

9/18/2019 Update

This fraud scheme has been eradicated. We worked with many of the victims to secure their WordPress sites. It was shocking to see how seemingly defenseless Google was in terms of their ability to stop this scam in a timely manner. Ultimately the phone numbers being used by the scammers all seemed to be shut down by the companies they were trying to send the calls to.

10/3/2019 Update (Old Scams Die Hard)

The fraudster is back to their old tricks, with a new round of hacked WordPress sites and another line to a buyer – the fraudulent Google Ads are back online. Shockingly, some of the same websites we reported to Google almost a month ago were still being used. Yikes! That brings us to another very important point: You should be using two-step authentication for your Google Account login. Based on what we are seeing, Google is either unable, or unwilling to suspend the associated Google Ads accounts – which are very likely being funded by victims of identity theft.

About Post Author

ScamBlaster

See author's posts

Related Posts

fishing license scam page

Fishing License Scam

ScamBlaster