Select Page

Cyren Security Blog

The Cyren Security Blog is where Cyren engineers and thought leaders provide insights, research and analysis on a range of current cybersecurity topics.

Bitcoin Phishing Targets Users via Google AdWords

As we have pointed out several times, cybercrime is a business, and running a malware or phishing campaign does require some financial investment by the bad actors. Rental of botnets, purchase of exploit kits, and acquisition of compromised site lists are all expenses that need to be covered by the campaign.

A recent phishing attack detected by Cyren clearly shows this investment, as the attack vector is pay-per-click advertising via Google AdWords.

“blockchain” vs. “bioklchain”

The Ad showed up in response to searches for “blockchain” – a bitcoin related term. Close analysis of the advert shows that the link is actually to bioklchain.info – but at a casual glance the link appears to lead to the legitimate “blockchain.info”. Interestingly, Bitcoin addresses are Base58Check encoded so they exclude potentially confusing characters such as 0 (number zero), O (capital o), l (lower L), I (capital i), and the symbols ‘+’ and ‘/,’”.

Blockchain

Google is aware that this sort of abuse of AdWords is possible and claim to have blocked 7,000 phishing sites that tried to use AdWords in 2015: http://adwords.blogspot.co.il/2016/01/how-we-fought-bad-ads-in-2015.html

Fake Login Page

Unwary victims who clicked on the link were led to the phishing page with only one working link – the “login now” button – none of the other buttons are actually clickable.

AdWords Login

Clicking on “Login now” leads to a credential entry page that is quite similar to the “legacy login” of the real site. This is the page where the actual phishing happens.

Blockchain_MyWallet

A similar attack from 2014 also used AdWords and also targeted blockchain searchers – suggesting that the current attack was the work of the same group.

Learn more about how to get protected against phishing attacks.

You might also like

Protect Office 365 Email from Ransomware

Ransomware is continually evolving. It has become the “most prominent malware threat”, with experts estimating that ransomware attacks in 2021 resulted in total damage costs of $20 billion. While there is no ransomware that specifically targets Office 365 data, it can...