We all know that internet’s biggest market is advertising, and Google is the shining star in that. Although the company has been branching out to other software and hardware as well, internet advertisement remains its largest source of income so far. However, have you ever been sent to a webpage that’s reported to be malicious by clicking those ads you see on Google SERP?
SERP stands for Search Engine Result Page. Whenever you “Google” something, you land on a SERP. Google will show you ads based on what you search for. If there are advertisers paying for a specific or related search term, their ads will be shown. Google sometimes puts the ads to the right side of the page. But it’s not uncommon for you to notice ads immediately below the search bar on top of all other results.
A Reddit user posted his frustration after searching for Firefox web browser — a competing software from Mozilla — from Chrome on Google. He was presented with an ad before the actual result which led to a website that’s reported to be malicious.
It would seem highly unlikely for Google to approve an ad that leads users to a malicious website. But it’s not impossible. Advertisers show ads on Google network via a program called AdWords. Getting approved through AdWords means someone at Google looking over the website that the advertiser submits for the advertisement campaign. But once an advertiser’s campaign/account is approved, Google does not always monitor the webpages that AdWords ads lead to.
It’s almost identical to how AdSense works. Publishers can sign up for an AdSense account showing Google a website where they wish to place ads. Someone from Google’s AdSense department takes a look at the website and if it complies with the Program Policies, they approve it. After that, the AdSense publisher is free to put ads on any website that complies with the Program Policies. At this time, publishers can actually place ads on sites that violate the Program Policies. Only when someone reports it or during the finalizing payments when Google takes a look at where each clicks and impressions came from, Google notices and may ban the user from the program.
In the same way, AdWords publishers tend to get approval from a website that has content that comply with Google’s policies. But once they get the approval, some advertisers tend to change the content of the website thus creating situations like above.
On the Reddit thread, a user with the ID BasicBitcoiner who claimed to have worked with SEO and AdWords at a company wrote, “The only real way to stop it is for people to report the abuse.”
“Either that, or Google completely re-visits its AdWords strategy, which seems unlikely to me,” he added.
This makes the matter clear that malware on Google search result page may show up as an ad. Being Google such a big company, it’s not impossible for something like this to happen. While it is ironic that the user faced this situation when searching for a competitor’s product, the best course of action after that would be to report the page to Google so that they can take down the advertisement.
Have you ever seen any malicious webpage as an ad on Google search result page, or anywhere on the web for that matter?