Big tech needs be hold accountable for scam ads on their platforms. I can't believe how many scam ads e.g. Facebook has, it's insane. Thank god my mom knows to ignore them and I installed an adblocker for her.
Fix is easy enough - check the http referer before showing a result.
E.g in insites.io(or any liquid scripting site) you can check like this:
{% assign is_internal_search = context.headers.HTTP_REFERER contains context.location.host %}
Just check the search is happening on a site or device you own. That attack vector is then gone (hackers cannot spoof the refer that google sends via ads.)
The first screenshot in the article shows a page rendering with the top search result saying "Microsoft-Report a technical support scam" right below the malicious text "Call Us 1-805-xxx-xxxx for free". It may of course still fool some, but it's not the case that there's no indication of foul play.
I fail to see, that this is a problem. The website is just showing user entered text in a position that clearly shows user-entered text. E.g. in the MS-Website it is quoted and below it says "n of m search results".
Depending on character limits the content could be pushed down out of sight. It doesn't appear to allow newline characters or HTML from my testing so the low hanging fruit is gone.
https://hn.algolia.com/?q=Your+cloud+account+is+hacked.+To+g...