HN is also vulnerable to this attack ;(

https://hn.algolia.com/?q=Your+cloud+account+is+hacked.+To+g...

Every website will suffer from this.

Fix is easy enough - check the http referer before showing a result. E.g in insites.io(or any liquid scripting site) you can check like this: {% assign is_internal_search = context.headers.HTTP_REFERER contains context.location.host %}

Just check the search is happening on a site or device you own. That attack vector is then gone (hackers cannot spoof the refer that google sends via ads.)

Big tech needs be hold accountable for scam ads on their platforms. I can't believe how many scam ads e.g. Facebook has, it's insane. Thank god my mom knows to ignore them and I installed an adblocker for her.

The first screenshot in the article shows a page rendering with the top search result saying "Microsoft-Report a technical support scam" right below the malicious text "Call Us 1-805-xxx-xxxx for free". It may of course still fool some, but it's not the case that there's no indication of foul play.

I fail to see, that this is a problem. The website is just showing user entered text in a position that clearly shows user-entered text. E.g. in the MS-Website it is quoted and below it says "n of m search results".