I ran that search with DuckDuckGo (using Firefox) but it did not show either of the two phishing site. And the ads were clearly marked as ads (after I turned off uBlock)
Not ads-based, but I'd imagine their "I'm feeling ducky" re-director feature could be abused for phishing links quite easily. duckduckgo.com/?q=!ducky+hxxp://badguydomain.com. Google's I'm feeling lucky re-director was already caught being used for phishing re-direction (and patched with a click-through). https://www.microsoft.com/security/blog/2019/12/11/the-quiet...
Well, to word it like that says it's new to edge, not a new feature worldwide. When Apple came out with the Apple Pencil fro iPads, it wasn't the first stylus, but it was new for Apple.
It's the default on a number of platforms. Have you encountered the argument that the terrible spelling and grammar on scam emails is a form of screening only the most likely to engage? I think we can safely assume that the most likely people to fall for a scam are hanging out with the default search engine their platform gave then.
If you hover over links on the post, you would notice that the author recently changed jobs, from Google to Microsoft. It seems reasonable for a Microsoft employee to use Bing as primary search ;)
Anyhow, I'm disappointed that Bing also has the practice of styling ads the same was search results, as Google has normalized.
Actually I never been employed by any of them, I referred to switching because as a lifelong Google user I was now switching to MS for online services. I will clarify that in the post!
Bunq or any financial services company is in a perfect position to trace these criminals. If they would create some actual Bunq login accounts and actual Bunq ATM card numbers, with zero balance or low $5 balance, they could feed some of these account numbers to the malware site before shutting it down, and later monitor where those account numbers end up getting used.
Does anyone know if banks, MasterCard, Visa, etc., are already doing this? It seems obvious and straightforward, but maybe banks are averse to giving out actual credentials (no matter how limited the account) in case something goes wrong.
14 comments
[ 5.3 ms ] story [ 48.2 ms ] threadDoes anyone know if this also impacts duckduckgo, which uses keyword based ads from Microsoft Advertising?
its quite an ingenious way of doing it. I imagine it also means this way they get round the lets encrypt phishing crawlers
Anyhow, I'm disappointed that Bing also has the practice of styling ads the same was search results, as Google has normalized.
Does anyone know if banks, MasterCard, Visa, etc., are already doing this? It seems obvious and straightforward, but maybe banks are averse to giving out actual credentials (no matter how limited the account) in case something goes wrong.