Microsoft has taken down thousands of ads for tech support scams that had infested the company’s TechNet support domain in a sly attempt to boost their search ranking.
According to Cody Johnston, the self-styled ad hunter who reported the issue to Microsoft, until a few days ago Microsoft’s site was home to around 3,000 of these ads, mostly associated with the gallery.technet.microsoft.com downloads section. The ads covered a wide range of fraudulent support issues, from virtual currency sites to Google Wallet and Instagram. Johnston told ZDNet After reporting the problem to Microsoft, the ads were taken down within 24 hours, he said on Twitter. However, within hours new ads quickly replaced the deleted ones on the same domains, which brings home the scale of Microsoft’s content monitoring challenge. Finding the ads wasn't hard, requiring a custom Google search that anyone could run. So why didn't Microsoft notice the issue and react sooner? Probably because it didn't anticipate how quickly this can become a problem – and it doesn't appear to be only one caught napping. Tech support scammers never stop looking for prominent places to host their rotten content, whether by squirreling it away on high-ranking domains or by simply buying prominent ad spots from search companies which don’t do enough manual checking. The latter has become such a popular approach that Google recently announced that it would require companies advertising tech support to sign up for its advanced verification process that subjects them to manual checks. Borrowing domains such as Microsoft’s is a free alternative with a big SEO pay-off. Since last year, Johnston said he’d noticed the issue on other forums, including Spotify, Tinder, Linksys, AOL, Turbotax, and the Salesforce-owned Quip.It’s a simple tactic – bypass a site’s user authentication (assuming the site has any), post the content and wait for search engines to pick it up. The bigger the domain reputation, the bigger the ad boost. One counter is to force the spammers to jump through more hoops by enforcing user checks before they are allowed to post content.