More than a week after we reported
deceptive search engine ads being used in Bitcoin wallet attacks, fraudsters
are still using Bing ads to trick
Blockchain users into visiting phishing sites — but this time, the ads are
using some crude social engineering ploys.
Searching for "blockchain" on bing.com currently displays the following
pair of phishing ads at the top of the search results:
(Page requested at 12:15 BST, 2nd July 2014)
The first ad begs the user to "click this one" and warns that all other ads are phishing sites, but clicking on the ad actually sends the victim to a Blockchain phishing site, where he is prompted
to enter his identifier and password. This phishing site is hosted
in a subdirectory on a compromised website, which belongs
to a web development outsourcing company in India.
Similarly, the second phishing ad warns that the other one is a phishing site; however, the fraudster behind this ad has made a mistake. When a victim clicks on this ad, it will try to send him to blockchain.lnfo (.LNFO). This
link won't work because the .lnfo top-level domain does not exist, and probably never will, because as the fraudster has so perfectly demonstrated, it could easily be confused with .info.
As we saw in previous attacks, the green display URLs shown in these ads are carefully chosen by the fraudster to look similar to the real Blockchain website, which uses the blockchain.info domain. Neither of the display URLs accurately reflect the actual location reached after clicking on the ads. Also, the blue link text on the second ad uses an i-acute character in place of the "i" in Blockchain, presumably to make it harder to detect misuse of the Blockchain brand.
The fact that these phishing ads are trying to discredit each other
suggests that there are multiple Bitcoin fraudsters competing for click-through traffic
on sites which display
Bing ads. These
phishing ads also appear on other search engines which use the Yahoo Bing ad network,
such as Yahoo and DuckDuckGo.
July 02, 2014 at 08:52AM
Latest Bitcoin News | BTC/LTC Robot | Mining ASICS | BTC Debit Card
