Malvertising is a significant threat, in which attackers leverage online advertisements to deceive users and distribute scams, phishing pages, and malware. While prior research has largely focused on low-tier ad networks and high-risk websites, this study examines brand impersonation in mainstream search advertising platforms, specifically Google Ads.

We queried Google with brand-related search terms, capturing and analyzing the advertisements displayed to assess the scale and nature of impersonation. Over a 24-day period, our scraper collected a dataset of 52k ads across 605 brands, extracting key features such as advertiser identity, redirection chains, and landing page content.

Using a combination of manual inspection and six brand-agnostic heuristics, we identify various forms of abuse, including phishing pages, tech support scams, and a previously undocumented category, affiliate brand bidding. This last technique, in which affiliates place search ads to divert users through affiliate links, affects at least 189 brands in our dataset.

In total, 4,160 ads (7.9%) were flagged as abusive, 3781 of which involved affiliate brand bidding. Our results further reveal that verified Google Ads accounts are being rented or resold, enabling systematic evasion of identity checks. These findings expose enforcement gaps in Google’s ad review and verification systems.

Oracles are mechanisms that provide blockchain networks with data that only exists outside of the network, such as asset prices. Decentralized Finance (DeFi) protocols use this data, and therefore their usability depends on the reliability of oracles. One such oracle system, widely used by DeFi protocols for pricing feeds, is Chainlink. The Chainlink system mitigates the risk of oracle manipulation attacks that have occurred in various DeFi protocols with a decentralized data aggregation infrastructure. The participants of the Chainlink system are incentivized by a coordination game, which poses game theoretic risks. While some game theoretic analyses of blockchain based systems exist, no formal study has been done on the incentives securing the Chainlink system. In this paper, we present a formal incentive model of the participants in the Chainlink system. We show that users can not detect whether incentives are aligned such that honest node behaviour is a strictly dominant strategy, making it impossible for users to assess the security of the system. We propose a mitigation which enables users to assess the agent incentives of Chainlink nodes such that they can verify whether honest behaviour is a strictly dominant strategy for all participants.