It’s also a huge vector for actual phishing, especially because google ads doesn’t use puny code, so it’s easy to buy ads for sites that differ by just a diacritic
That's how my stepdad got hacked. He didn't understand bookmarks or urls or homepages, so he just opened his browser at google.com, searched for the name of his bank, clicked the first ad, and went to log in. Usually that worked for him, but once, he got a scam site, and he was on the phone with a call center in India giving them remote desktop access before a single alarm bell went off in his head.
Granted, it's partly my fault for letting a loved one be that computer un-savvy, but that kind of ad should have been detected and blocked before it was ever served.
Agreed. There are so many failures on Google’s end to let this happen. One of which was allowing the advertiser to display a legitimate URL in the ad while redirecting to an illegitimate one. I really hope this isn’t the case any more.
Granted, it's partly my fault for letting a loved one be that computer un-savvy, but that kind of ad should have been detected and blocked before it was ever served.