Fraudsters use malicious ads to lure in the victims
Bing search engine continues to be abused by cybercriminals, as they pollute the list of results with malicious links; this time, they are after bitcoins and rely on Bing ads to trap unsuspecting users.Paul Mutton of Netcraft reports that the malvertising is intended for Blockchain users, which is an important bitcoin wallet provider.
According to him, two phishing attempts were displayed at the top of the results returned by Bing for the “blockchain” query. The researcher documented the finding this week, on July 2.
Under the description field, one of the malicious ads asked the potential victim to “click this one,” while the second plastered a warning saying that all other ads were not genuine and led to a phishing site.
Indeed, following one of the links, Mutton discovered it led to a phishing site, where the user was asked to provide the user name and password.
It appears that the fraudsters behind the second ad made a mistake because of the .lnfo (LNFO) top-level domain (TLD) used, which does not exist. The reason for this is the easy confusion that can be made with the .info TLD.
Bing is not the only place polluted by phishing ads, as they have also been encountered in other search engines using the Yahoo Bing advertising network. “These phishing ads also appear on other search engines which use the Yahoo Bing ad network, such as Yahoo and DuckDuckGo,” adds the researcher.