Big tech needs be hold accountable for scam ads on their platforms. I can't believe how many scam ads e.g. Facebook has, it's insane. Thank god my mom knows to ignore them and I installed an adblocker for her.
Every website will suffer from this.
Fix is easy enough - check the http referer before showing a result. E.g in insites.io(or any liquid scripting site) you can check like this: {% assign is_internal_search = context.headers.HTTP_REFERER contains context.location.host %}
Just check the search is happening on a site or device you own. That attack vector is then gone (hackers cannot spoof the refer that google sends via ads.)
The first screenshot in the article shows a page rendering with the top search result saying "Microsoft-Report a technical support scam" right below the malicious text "Call Us 1-805-xxx-xxxx for free". It may of course still fool some, but it's not the case that there's no indication of foul play.
I fail to see, that this is a problem. The website is just showing user entered text in a position that clearly shows user-entered text. E.g. in the MS-Website it is quoted and below it says "n of m search results".
HN is also vulnerable to this attack ;(
https://hn.algolia.com/?q=Your+cloud+account+is+hacked.+To+g...