



It’s an old truism that money needs to be spent to make it, and it’s especially effective in the world of online advertising.

For criminals trying to break into online password managers, the payout can be huge if your fake login page appears high in Google searches. Here are the real reasons why you should be careful not to click on ads in search results:

Google Ads look like real search results

Google’s search results page is different than it used to be. In the early days of search engines, it was convenient to enter a search term and press return to see a page of search results sorted by Google’s algorithm.

These days, the top of the page is usually devoted to the crap Google wants you to see. Typical culprits include snippets taken from websites or dictionaries, a series of questions similar to your query, two or three of his ads, and actual search results.

The visual style of most of these elements is different enough from the nature of the results that it’s easy to scan them and scroll down.

They use the same link colors as regular results and have the same long summary and selection of sitelinks to URLs within your website.

The only clue that you’re seeing a paid ad instead of a genuine organic search result is the word “ad” in black on the left side of the URL and above the headline. In other words, it’s easy to accidentally click on an ad and assume that you’re getting the most relevant search results.

Accidentally clicking on an ad is a common frustration. To make matters worse, older computer users tend to type the name of the service they want to use into the search field and click the top result instead of entering the actual URL.

Do cybercriminals buy top search results on Google?

Considering how easily you can be fooled by the ads that appear as search results, it makes sense that malware mongers, hoaxes, scammers, fishermen, and other obnoxious types of ads buy ad slots on Google. .

After all, if you want people to sign in to a spoofed login page carefully mocked up for outlook.com, it will take years of dedicated SEO work to reach the front page. Still, you can’t knock a genuine Microsoft domain off the top. But if you buy an ad slot so that when someone searches for “outlook,” the ad appears above the search results and is virtually indistinguishable, they’re more likely to attempt a login. Then Outlook username and password.

How do hackers use search results to break into password managers?

So far, however, knowing a user’s email address and password is not enough to catch criminals. Her security-conscious web citizen has started using password managers in recent years. These services allow you to generate and store highly difficult unique usernames and passwords specific to each site.

Not surprisingly, these password vaults are especially attractive to criminals because they contain the keys to your entire online life.

In late January 2023, a Reddit user reported that searching for the term “bitwarden password manager” returned ads for a fake Bitwarden site above the search results (according to Cyber ​​Intel Mag).

Upon clicking the link, the user was directed to the domains bitwardenlogin(dot)com and appbitwarden(dot)com.

The site looks just like the real Bitwarden vault login page. Entering your email address and master password is easy and you won’t notice anything wrong. These details give criminals easy access to the rest of your passwords.

The domain has since been taken down and blocked by multiple DNS providers, but anyone can buy ads for any search term on Google, so I don’t use another spoofed domain or target other password managers. There is no guarantee that ads will not be returned.

How to protect yourself from malicious ads

The easiest way to protect yourself from malicious ads masquerading as genuine services is to pay close attention to the results on the Google search results page. If you see the text “advertising” or “sponsored” near your entry, avoid it. It’s not guaranteed where you’ll end up.

You should see the canonical URL below the resulting text, make sure it matches the canonical URL. If you’d prefer not to see any ads in your Google search results, an add-on such as uBlock Origin in combination with Firefox can help.

Also, you need to enter the actual URL of the site you want to visit instead of searching and clicking the top results. If this is likely to prove too difficult and it’s a site you visit regularly, bookmark it or add it to your favorites instead.

Phishing is a major security threat

Criminals are always looking to steal money and personal data, but the tactics they use evolve as they explore new opportunities and exploits.

Phishing is the most effective way to achieve their goals.

