So this is interesting. @paulbrians started a thread in early March about how he was given the phone number of a scammer by a Google search, and then just a few days ago, another Google search sent him to a fake version of Dropbox.
I haven’t been able to reproduce these results, and I suspect others haven’t either. Google personalizes search results for each user, which enables Google to give me results that are sensible for living in Ithaca and wouldn’t make sense for someone in another country. Much more than location goes into personalized results, of course, and for Paul, I wonder if something he has inadvertently done has tainted his personalization so Google is actively feeding him scam sites.
I also suspected malware or something that was hijacking Paul’s browser, but Malwarebytes didn’t find anything when he scanned. Hence, my curiosity about whether his Google search personalization could be tainted.
Has anyone ever seen or heard of similar cases? The closest I can find talks about SEO poisoning, but that would affect lots of people at the same time for a short while, rather than one person over multiple days.
I’d say some factors that have an influence on one’s Google search results are:
Using Google logged-in or logged-out
Google products used across all devices
Google-owned devices used (phone, tablet, router, thermostat…)
Demographics
Search history
Location
All this matters because search engine scammers rely a lot on “Sponsored” results and ad targeting algorithms in addition to SEO tactics. Plus advertising real estate often passes through many ad publishing networks with the ultimate publisher of an ad many steps removed from the website’s operator.
Consequently, differences between peoples’ online activity dossiers and online demographic profiles might account for the varying presence of toll-free-number scams in search results. It’s essentially a corruption of the process that helps Meta and Google determine when a woman is pregnant and begin delivering ads for baby products.
—————
ETA: here is a stripped down(!!!) primer on how ad buyers can target people on Meta’s advertising networks:
ETA 2: “ The scammers were able to do this via a local business listing for Delta customer service at JFK because Google allows members of the public to suggest edits to a company’s contact information.”
The article raised further questions. Would Google accept an edit to a company’s contact information that included a new or replaced URL? Do other search engines allow public edits or pick up on edited information from Google?
My recollection from setting up a Google business listing is that it’s tied to a Google account, so scammers wouldn’t be able to edit an existing one without compromising the account first. It’s more likely that someone would set up a fraudulent business listing that looks legitimate enough to pass all the automated checks.