Google AI Search Promotes Scam Websites

Researchers have discovered that Google’s new AI-powered Search Generative Experience (SGE) is recommending scam websites to users. Visitors are being redirected to malicious sites that prompt them to install dangerous Chrome extensions, participate in fake giveaways, subscribe to spam notifications, or interact with fraudulent tech support.

This month, Google began rolling out the Search Generative Experience, which provides quick, AI-generated answers to search queries, including recommendations for other websites related to the search. Soon after, users noticed that SGE’s responses could include links to spammy and malicious sites.

According to Bleeping Computer, the sites recommended by SGE often use .online domains, share identical HTML templates, and utilize the same redirect sites. This suggests they are part of a single malicious campaign using similar SEO poisoning techniques. When users click these links, they are taken through a series of redirects that ultimately land them on scam websites. In tests conducted by Bleeping Computer, these redirects frequently led to fake CAPTCHA pages and sites mimicking YouTube, which attempt to trick visitors into enabling browser notifications.

Scammers use these notifications to send unwanted ads. After subscribing, researchers received spam promoting fake tech support, bogus promotions, prize giveaways, and more.

Examples of Scams Promoted by SGE

• In one case, experts received a fake warning, supposedly from McAfee antivirus, claiming the system was infected with ten viruses. The user was urged to scan their system immediately to “remove the viruses” and renew their license. According to specialists, this type of “ad” is designed to sell McAfee licenses so scammers can earn affiliate commissions.
• Some redirects promoted unwanted browser extensions that can manipulate search results.
• Other cases led victims to fake Amazon gift pages disguised as loyalty programs, supposedly offering an Apple iPhone 15 Pro. This scam is used to collect personal information, which is then sold to other scammers and direct marketers.

The report highlights that Google’s AI responds to search queries in a conversational format, encouraging users to visit scam sites for more information. Since SGE references specific resources in its answers, these malicious sites appear trustworthy.

How Are Scam Sites Getting Recommended?

It remains unclear how exactly malicious and suspicious sites are being surfaced by Google’s AI algorithms. Google representatives told Bleeping Computer that they are constantly updating their systems and ranking algorithms to protect against spam. However, spammers are also improving their evasion techniques to promote their content in search results.

“We continue to improve our advanced spam-fighting systems to prevent spam from appearing in Search, and we use these protections for SGE as well. In line with our policies, we have taken action to remove identified examples that appeared for unusual queries,” Google commented.