An active bug in Google Adwords is letting spammers create ads that display
your URL but redirect to a spam site of their choosing, cloaking the redirect
so Google can’t tell what’s going on.
To see a sploaker in action, search Google for “Canon Rebel”.
You’ll find this ad that falsely claims to be from www.streetprices.com.
The user sees:
When Google verifies the ad, they see:
But when the user follows the ad they get hijacked to this splink page:
At the moment, these sploakers are “only” ruining your online
reputation and driving up the cost of advertising on AdWords.
But this could quickly get a lot worse, if they team up with
phishing sites that look and feel like your own site.
Using such a man-in-the-middle attack, they could steal your customers’
credit card numbers, SSNs, and login information…
and you could lose your customers’ business forever.
Google could take a big hit too. If users can’t rely on the displayed
URL to tell them where they will end up, they might stop clicking as
they lose faith in Google.
To see whether your site is affected, search your web logs for the
User Agent “AdsBot-Google (+http://www.google.com/adsbot.html)”
and look for urls you aren’t currently advertising at Adwords.
I notified Google last Friday, but I’m still seeing the issue.
So far I have noticed that pricefight.com is similarly affected.
Is anyone else seeing this?