Generally you can trust the ads on Google to at least be safe. But that’s not the case right now for the top ad being served on the query “Firefox.”
The top ad says it is linking to “Firefox ® OfficiaI Sitе” at the URL www.mozilla.com/firefox/. And that is indeed the official Mozilla Firefox site. But the link actually goes to the much more sinister firefox.mozilla-now.com, a site that dishonestly tries to get users to pay up to $2.50/month for an ongoing subscription to “24/7 Expert Customer Support” (a screenshot of the landing page is below). The credit card provider is based in the Netherlands.
Even advanced users who hover over the link won’t know what’s up before they click, due to Google’s ad redirect URL.
Most savvy Internet users will know this is a con as soon as visiting the site, but a all those middle-America Yahoo users may not know any better, particularly since they were just told it was the Firefox official site. It just goes to show that not even the stuff Google publishes can always be completely trusted.
google should not let advertisers put fake urls in ad content.
Agreed. Display URL should have to match destination URL (or at worst, be a shorter version of the destination URL). If I link to http://www.MySi...ng/as/hell.html I should be able to use http://www.MySite.com as display URL or at even http://www.MySi...e.com/this/page (to show the user they are heading to something targeted more than just MySite.com).
Allowing display URLs that match none of the destination URL is asking for trouble. But…if they do disallow that…a lot of users will not be able to send through a tracking system.
Agreed again. But that should be no excuse for displaying such fake urls. By the way, is this one in a hundred cases or 20 in 100?
Long URLs suck. I get it but that shouldn’t be part of the ad / creative. When you’re allowing the URL to be part of the lure, you’re begging for trouble.
Why not develop a default [automated] URL shortener like TinyURL. Everyone’s URL is changed. No favoritism. No “phishing”.
This has got to be beneficial on the operations front as well. Verifying URLs can’t be a simple task (as evidenced).
—Ivan
I think matching the domain would be more than enough security. They might want to add additional tracking and stuff.
I was under the impression that nefarious people are submitting a url that checks out, but then somehow manage to change it after it’s been checked. This would explain how it got past Google. I am not familiar with the process though so maybe someone else could debunk / prove the theory.
From my experience with Google Adwords, is that you can make an ad with a different url and it will get impressions while google checks it out. When they find the fake url, they will take the ad down, but again, it does get some impressions.
I have to disagree as that is not my experience. I have a client that has been trying to get Google to take down scam sites that are saturating adwords with a particular keyword and they are obvious scam sites to even the most unsophisticated person and they replicate the sites and can occupy as many as 5 ad slots on search results violating pretty much every rule Google has. We have written letters that go unanswered and this is a client that spends a significant amount of money with Google. If this can happen with Firefox, this just shows Google is asleep at the switch.
The domain is possibly displayed “appropriately”, I think their domain name, all in caps to prove the point, is MOZIIIA.COM, as can also be seen demonstrated in their tag line “Firefox ® OfficiaI Sitе”.
WOW, that’s a big scammer site.
It may already be fixed, I just tried the search & the add didn’t show up.
it’s there for me still
Case against this advertiser for Trademark infringement and misleading advertising? If so, they should be prosecuted to discourage them and others.
I have not read the license terms of Mozilla, but by and large GPL licenses allow you to sell the open source software or services around that software…
Trademarks have nothing to do with the GPL. This is misuse of Mozilla’s trademark, plain and simple.
Google can’t do anything about it….most likely the site just did a 301 re-direct to Mozilla’s official site until it got approved, then once it got approved they turned the redirect off and started cashing in
sounds plausible, yeah Google can’t really do anything to prevent that
At least they can add the flag/report ad as Facebook does.
Of course they can. They’ve got an Adwords account morons.
Still, Google shouldn’t display fake URLs in the ads.
Ok, maybe you don’t want to show the complete URL of your landing page, but the real domain itself should be visible.
+1. they claim that its to tidy up landing page URL’s, but that shouldn’t mean that you can change the entire domain.
Its google responsibility do take care of such things otherwise it wont take time for google to lose the kind of respect (:) it gets
The domain name was created today.
Whois Info: MOZILLA-NOW.COM
Updated Date: 21-sep-2009
Creation Date: 21-sep-2009
Expiration Date: 21-sep-2010
Now it redirect’s to filehippo.com Download of FF, hope FH dosen’t have anything to do because I really like their site.
Op’s Sorry a day before.
The current domain is new, but I’ve seen these ads for weeks. Reported them to Google, but it looks like they’re still popping up.
No, it doesn’t redirect to filehippo.com – even worse, it embeds filehippo.com at the same URL. This is getting freaky…
The least we can all do is click on the ad. At least then they have to pay for it.
lmao! Yeah, ~50,000 worthless clicks will add up quickly.
Probably used stolen credit card, so won’t pay.
i just read the mozilla trademark terms. it seems this is ok, and note they also don’t use the logo, but just the name. they are charging to download an unmodified version of firefox – so technically, how is this different to the sites that charge a membership fee for ‘premium’ downloads? (like the game demo sites etc.)
Google policy (https://adwords...;subtopic=16864) seems to be that they will not take it down based on a complaint, but will judge the ads against their own guidlines themselves.
forget phishing by email – seems to be even easier now via google
well they clearly say in the ad that they’re the official firefox site, so that’s a lie right there.
second part of this, which makes it more worrying – user tendancy to type into a search engine rather than full domains into a browser address bar. it is very very common, and instead of the trust we have in DNS, the trust is being moved to the search engines – who we assume are not going to point us to sites that are not what we expected (but they do – because they are being paid for it).
about to take out an ad for ‘bank of america’ and point it to somewhere else. lets see how that works out …
this is why a while ago I stopped clicking on the top add and went to the first search result.
I watch my girlfriend doing this all the time and internally a both laugh and cringe. Google must make millions out of people typing in SiteName and then clicking on the first (paid!) link that appears in the search results. It’s like an ignorance tax that Google is charging you to send users to your site.
The Firefox and Mozilla names are both trademarks of the Mozilla Foundation so it isn’t ok that they are just using a name, and, while it isn’t strictly enforced, anyone wanting to use a Mozilla trademark in their domain name (like AccessFirefox.org) must file for a domain name license through Mozilla.
Reading here that Google can’t do anything about this is total bull especially when they work side by side with Mozilla to protect users from scamming.
This is a case of a customer and so Google can refuse services. The last thing that Google wants is to gain a reputation for providing misleading and false information through their search services.
It would devastate them.
I don’t know how it relates to overall legality, but it seems to me charging people to download a free program is a scam and I don’t know how either Google or Mozilla can allow it – Mozilla especially – users paying for open-source free software defeats the purpose of why it is created and distributed for free. If the people distributing Firefox via paid download don’t have a direct association with Mozilla whereby Mozilla profits from them then Mozilla should request the website stop charging for downloads and/or take the website down. Mozilla should also wonder why Google allows another company to profit from Mozilla software – to line their own pockets, obviously, making the unwitting consumer who does not know Firefox is free the victim of one of the most artful online scams around.
Fine, but blanket statements slamming ‘the middle-America Yahoo users’ is just lazy. There are lunkheads everywhere, Michael. Show some vision and get off that snobby bandwagon.
Plus, the link for that phrase merely goes to yr recent article about Jerry of Yahoo. Which is of course a west coast thing. Thanks for the sharp-eye on the scam, but lose the provincial snark, willya?
That was the part of the article that made me laugh out loud. It’s called a little dig and it’s all in good humour. Thanks Mike, you tree-hugging bandwagoning Californian.
Junobear, you realize that term middle America isn’t a geographically jab, right? It refers to a section of the population.
Never click any ad! Never!!
Just imagine all the press you just gave this site….meaning people will probably click through the ad to the page, but not buy into the b.s!!
Costing the advertiser??? Google banks????
But how does Mozilla make money anyways??
Good catch. And in a blogging mood tonight i see
This is not something new. I saw ads on google with virus and walware.
Know the way to combat this? Get a few thousand of us to click on the text ad and close out after their page loads.
Wonder how exactly those AdS on Google work.. and such a blunt error..
Use adblock plus on Mozilla. No ads ever. Simple.
Without these redirects, it’s hard for the affiliate networks to operate. The solution though is for Google to allow multiple URL’s to be notified of a click.
The actual registrant of the site seems to be in Tibet, so… good luck there.
However, all links on the site point to signup-pages.com, which seems to have similar scams running for other types of content (http://google.c...ignup-pages.com).
A WHOIS search returns a registration through GoDaddy’s Domains by Proxy, so the trail ends there. But, getting that info out of GoDaddy is as simple as a tersely worded note on legal letterhead, so it shouldn’t be too difficult.
Quote: A WHOIS search returns a registration through GoDaddy’s Domains by Proxy, so the trail ends there. But, getting that info out of GoDaddy is as simple as a tersely worded note on legal letterhead, so it shouldn’t be too difficult.
Think again. Domains By Proxy is a very secure service and won’t give up that information without a court order.
Google is still showing it on queries for “firefox”
Fake URL redirects to scammer site below ==>
http://firefox.....php?aff=304300
Curious, it redirects to the real Firefox site now. Must have been altered by the host or ISP.
Good points…thanks for the warning.
I thought Google sent an email out a few months ago that said that your display URL and destination URL had to match? I remember reading the email and thinking how that wouldn’t work for long URLs, like a link to a specific product in my store, but didn’t look into it any further since I have temporarily suspended my Google ads while I get into other marketing venues.
Did anyone else get that email within the last couple of months?
The whois *historical* info for signup-pages.com also it’s been behind Privacy Guard thw entire time since first registered on 2009-06-02.
Last week, I absentmindedly typed in the word google in my Google toolbar. Guess what the top ad was:
something.g00gle.something
Guess they have to block all variations too!
I love how the fraudulent site is registered under the name “san zhang” (”Whatshisname”) in Lhasa, Tibet.
The redirect has since been changed: links to bonefide Firefox now.
I suspect all those middle-American Yahoo users will be fine, because this is Google we’re talking about, and they are most likely using Yahoo!
I saw that ad about a month ago and was quite shocked eventhough I was surprised that mozilla would spend their fund on advertising in google. I don’t believe they actually need it …
In this techworld we cannot expect them that there should no scam/spam or whatever. Moreover in my blog i have discussed about this wherein i got as a mail http://charubha...4/shall-i-trust . Look funny, ain’t i?
Charu
A popular technique to improve your “Ad score” for the longest time was to display the URL of some big content site (usually Wikipedia).
Imagine if I were to show an ad like this:
“Lose Weight Fast”
blah blah blah
blah blah blah
http://www.wikipedia.org
Wouldn’t you automatically trust and click on an ad that said “Wikipedia”
sorry that is not ain’t i? that is ain’t it?(sorry for the type)
Charu
sigh. this is why my girlfriend told me she was trying to pay for firefox and her card kept getting declined…oh great.
Try also searching for “download film” (my intent was legal, of course!) and one of the top sponsored links point to lovefilm. However, it redirects me to zml.com (I tried the trial, and the films have bad sound, or Russian text).
I emailed lovefilm, so hopefully they can confirm this as unlawful.
Searching for ‘cancer information’ on Google regularly returns an ad for CancerFightingStrategies.com, a site where people get ripped off with nonsensical alternative treatments like ‘Love elixirs’ that cost $400 a go (after first being subjected to many pages of pseudo-scientific jargon).
There are a lot of people out there taking advantage of legal grey areas for their own financial benefit – often at the expense of others. They might not be breaking any laws, but I think some of Google’s advertising guidelines need updating. This kind of behaviour is highly unethical and shouldn’t be allowed.
you know what else gets my goat… the 700 club…
http://www.cbn.com/
what a bunch of false prophets! All they are doing is trying to make money off of their insanely liberal world view by tricking unsuspecting people into believing that they have authoritay! Right now if you google for christian club, cbn.com is in the top 10 results!!! Obviously Google isn’t doing enough to check for this crap.
Westboro Baptist Church, now that is a good web site that people should give money to.
http://www.goog...b0eee87a4434375
I hope that you are kidding about WBC…
Google should always check the ads before displaying it in live… I never get why they didn’t.
yeah and my ISP should proof every e-mail I send to make sure it’s not a scam.
/////////////////*** Do the search, and CLICK ON IT.. Drain that advertiser’s budget (since google isn’t doing anything about it) so other less knowledgeable people don’t get stuck in a scam.
it’s probably paid for with a stolen credit card.
you know what else is bad… it’s insanely easy and cheap to get ahold of credit and debit card numbers and make yourself fake credit cards and go buy stuff with them. Untold hundreds of hundreds of millions if not billions of dollars are lost to credit card fraud every year. but you know what, to make the credit card system more secure, it would make the system a little more inconvenient to use, which would mean people would use it less, which would mean a loss of profit and market share that far exceeds the loss to fraud. You and I pay for credit card fraud and link fraud and so on through higher costs of the products that are sold through these systems.
The free market will never make these systems secure because these systems are more profitable if they are convenient, which means inherently insecure.
If you want these systems to get fixed, you’d need some kind of incentive for people to change their behavior and/or for companies to make the systems more secure. here’s an idea:
I think it was the FTC that had an operation going where they put up a bunch of phishing sites, and when consumers took the bait, they sent the consumer an educational e-mail. How about this instead… put up a bunch of fake phishing web sites… when a consumer takes the bait, first offense is a $500 fine. Second offense is their internet gets disconnected for 30 days.
I bet then you’d see a whole different approach to online security…
err.. hundreds… not hundreds of hundreds…
so you want to make being naive a crime?
and wouldnt the $500 fine, make it a real phishing site?
There was a ruling just recently that allowed Google to display adwords for fake handbags and the like along with the actual company name provided they said the word fake. I.e buy your fake Gucci bag here etc.
Google also used to run lots of fake adverts for phone scam sites that gave out “official” information about obtaining passports and immigration details but the user had to pay £1.50 a minute to listen to it, thinking they were on an official site. Google didnt seem to mind, but the phone regulator here has shut them down instead.
Some time ago, I was doing some WoW related googling and was presented with add of site which claimed to be “official wow site”, had correct http://www.worldofwarcraft.com url shown, but was landing you on http://www.worldorwarcraft.com ( “or” instead of “of” ). That site was blant attempt to phish you WoW credentials. How this kind of AD getting through Google is completely incomprehensible.
Its a good thing those “middle-America Yahoo users” are “middle-America Yahoo users” and are not middle-America Google users. That way they will not click on the GOOGLE AD.
PS. Good investigative journalism
We need to call more of these creeps out.
It looks to me like they’re violating Google AdWords policy, I believe that the display URL must match at least the domain of landing page URL:
http://adwords....;subtopic=16868
“Your display URL must accurately reflect the URL of the website you’re advertising. It should match the domain of your landing page so that users will know which site they’ll be taken to when they click on your ad.”
Google has been showing these type of ads on AdSense for at least 18 months. I sent them maybe half a dozen screen snaps that were appearing on pages on my site. It’s a problem and causes confusion.
I can’t see the ad in Canada, and that URL resolves to a different looking site (confusingly offering me AVG) but that might be based on referrer IDs and such.
Please feel free to file a bug at https://bugzill...onent=Trademark in order to get our team looking into these sorts of violations.
one more reason for everyone to be cautious when using a credit-card online.
if in doubt, don’t use them magical numbers
I am surprised to see this post from you Michael, its common knowledge that Google ad urls are misleading, that has been the case for ages now. Everyone knows this.
Whats new with this?
Same thing with Openoffice. Good thing my grandmother is at least a little bit web savvy.
I wonder when Google is going to stop these fraudsters, people tend to trust google and they end up falling for these scams.
The same thing happens for FrostWire, LimeWire, iTunes and other free software offerings.
Here a video explaining the scam
http://www.yout...h?v=WX7pTPx-8ZY
“Most savvy Internet users will know this is a con as soon as visiting the site, but a all those middle-America Yahoo users may not know any better”
So middle America is full of idiots? Nice way to slander half your readership.
But what about all the middle America Google users. We shall not leave them out. lol
I pointed that very ad out in a comment on TechCrunch months and months ago in relation to something written on this site, and everyone, as usual, completely ignored me. Much credit to you Mike for finally pointing this out to the public at large (since your posts get a lot more readers than my stupid comments ever will) because this ONE result has been burning me up forever – I’ve been aware of it for, to take a good guess, most of this year/some of last year.
Just to update, it took me hours to find the comment I left about this “months ago”, but it wasn’t on TC that I left the comment but on AlleyInsider (my memory failed, sorry), but the thing is the same ad was being shown on http://firefox-v2009.com when I wrote the comment about it back in June – I believe the same company bought the domain Mike is writing about now, while firefox-v2009.com seems to be inactive as far as Firefox downloads goes. Funny that the URL determines the overall importance of what I felt has been a scam Google perpetuated by allowing it from day one.
Another site with the same exact ad as in Mike’s screen shot:
http://firefox-...-site-2009.com/
These “official” sites are…spawn.
Just an update on this: a Google search for “Firefox” or “Firefox download” now shows no ads at all (except for one ad for IE8 on the latter). Firefox ad moratorium, I guess….
…and I thought Google was perfect. Imagine the excoriation if it had been a MS product.