|
Title: Scam Alert: Fake Google Ad for coinmarketcap.com (very well done) Post by: 12000suns on February 25, 2018, 11:34:40 PM What happened::
There is high quality forged Google ad, impersonating coinmarketcap.com (see screenshot below) After inspection we are unable to determine the mechanism but the following was observed: URL is exactly the same. No homoglyphs, no mixed alphabets, it hashes the same with the legit string. The excerpt from source: Code: <a style="display:none" href="/aclk?sa=L&ai=DChcSEwi8oK7ejsLZAhVZibIKHQHCBHAYABABGgJscg&sig=AOD64_0ZJhvOZ-0Nf2kK_QgC2W8ewzFjKw&q=&ved=0ahUKEwi64KjejsLZAhVFhiwKHQCbBLUQ0QwIKA&adurl=" id="n1s0p2c0"></a> shows replaced data-preconnect-urls argument which is used for redirection to whatever the attacker needs. Currently it redirects to https://thebitcoincode.com/, but as you can imagine same technique can be used in numerous phishing attempts. If anyone has explanation how they did it, please submit a bug report @ Google Disclaimer: Reproduced on different machines with different browsers. Unable to reproduce with another google account. Reference screenshot: https://imgur.com/a/t63y0 (https://imgur.com/a/t63y0) Additional Notes: The domain is privacy protected and is linked to vps hosted in Moscow. Title: Re: Scam Alert: Fake Google Ad for coinmarketcap.com (very well done) Post by: Coinky on February 26, 2018, 01:05:48 AM I don't think this is a scam or phishing attempt.This is link cloaking generally used by affiliate marketers.Generally the landing page link is originally pointed to the real site,but after the approval of ad,it will be redirected to their own page
This has to do with Google banning crypto ads ,may be Title: Re: Scam Alert: Fake Google Ad for coinmarketcap.com (very well done) Post by: timerland on February 26, 2018, 08:50:46 AM I don't think this is a scam or phishing attempt.This is link cloaking generally used by affiliate marketers.Generally the landing page link is originally pointed to the real site,but after the approval of ad,it will be redirected to their own page This has to do with Google banning crypto ads ,may be Well, isn't that the same as phishing? You're getting someone who wants to go to one site to another. Isn't that the definition of phishing? I have no idea how they do it, I don't have any experience in this field. But what I can say is that thebitcoincode is definitely not legit and if there is a way to make thousands of dollars in a day, then everyone would be doing it and nobody would be bothering to do anything else on this world. Whoever implemented this phishing ad is obviously wanting to make affiliate earnings off this ripoff/scam. |