Bitcoiners beware — Google is allowing malicious “phishing” sites to create ads that appear right there in your search results. If you’re a newcomer to Bitcoin, or don’t carefully check the URLs of every site you visit, you could lose your money.
Google Lets Fake Sites Appear in Top Search Results
Phishing sites are actively stealing bitcoin users’ money using sponsored Google Ads. That these would be allowed by a high-profile company like Google is shocking. Scammers are not only stealing your information and money, but also bringing the cryptocurrency market down.
It was already difficult for people to gain trust on cryptocurrencies and such things make it even harder for people to trust these virtual currencies. Here is what happened when we searched for the popular site “Blockchain” on Google — and look where we ended up.
The first result showed was a sponsored ad displayed was blockchain.info – Online – Wallet Ad www.blockchain.info/. There doesn’t seem anything unusual about that.
However when we clicked on the ad’s URL, it landed on this domain instead (note spelling):
The above is a phishing website, with a similar but different address. The true website is https://blockchain.info and https://blockchain.com
It is almost impossible to distinguish between the two in terms of design and functionality. You can only notice the difference if you read the URL once it opens. If you you’re not paying attention and don’t read it, then the hackers who made the fake site will record your name and password, and you will lose all the money in your wallet.
The same happened when we searched for “blockchain login” and “blockchain wallet” the same ad showed on top of the page as a sponsored ad.
What Is Phishing and Why Is It Bad for Bitcoin?
Most of us now know what phishing is. However, there are still some who may not have heard of it at all. Hence, here is a basic definition of phishing:
An unlawful way to digitally acquire information such as email, contact details and bank details pretending to be a reputable company or organization.
As much as technology has made our lives more convenient, it also has made our personal information more vulnerable. There are various scams in the digital world, and it’s no different in the world of cryptocurrencies.
One of the key problems that hampers the growth of cryptocurrencies is these phishing sites.
Phishing sites are sending your money straight to criminals. Things even get more complicated when Google search ads (paid ads) display these phishing sites. Bitcoin is the most popular among cryptocurrencies. There are various sites that have been identified which mimic the actual and reputable Bitcoin sites to phish users’ valuable data.
The Same Thing Happened With ShapeShift
A similar incident happened with popular exchange ShapeShift — showing how difficult it can be to spot the difference between real and phishing sites. Remember, always check the website before you log in to your wallet.
Here are the original and the phishing URLs:
ShapeShifth.io – Phishing Website
Shapeshift.io – Genuine & Verified Website.
As you notice the only difference is the letter “h”, which generally most wouldn’t notice. You will end up losing all your money if you input your details on this site. In most cases, these sites steal your money immediately after you enter your information.
Bitcoin owners have to be alert at all times while searching the web to avoid landing on a phishing website. One safe approach is to bookmark the genuine and verified website, to be safe at all times.
Tips to Protect Yourself Against Phishing Attacks
Typing the web address manually is not a recommended practice — errors could also lead you to a phishing website. The majority of times, the first link on Google is a sponsored one. However, fraudulent websites have found a way to rank on paid search as well. In fact sometimes, the first sponsored result can be a phishing website.
No one knows how long these paid ads have been running, and how many more there are. This comes as no surprise, knowing the value of these cryptocurrencies. This method of stealing information and valuables has always been a popular one, especially among hackers.
Therefore, make sure you go to the verified address and reconfirm it twice. Once you know it to be true, then bookmark it for further usage. After that, it’s in the hands of Google to find and remove all the phishing websites that pay it to advertise.
Have you ever landed on a phishing site by mistake? Tell us about what happened.
Images via Pixabay, Google