Select Page

Cyren Security Blog

The Cyren Security Blog is where Cyren engineers and thought leaders provide insights, research and analysis on a range of current cybersecurity topics.

Bitcoin Phishing Targets Users via Google AdWords

As we have pointed out several times, cybercrime is a business, and running a malware or phishing campaign does require some financial investment by the bad actors. Rental of botnets, purchase of exploit kits, and acquisition of compromised site lists are all expenses that need to be covered by the campaign.

A recent phishing attack detected by Cyren clearly shows this investment, as the attack vector is pay-per-click advertising via Google AdWords.

“blockchain” vs. “bioklchain”

The Ad showed up in response to searches for “blockchain” – a bitcoin related term. Close analysis of the advert shows that the link is actually to bioklchain.info – but at a casual glance the link appears to lead to the legitimate “blockchain.info”. Interestingly, Bitcoin addresses are Base58Check encoded so they exclude potentially confusing characters such as 0 (number zero), O (capital o), l (lower L), I (capital i), and the symbols ‘+’ and ‘/,’”.

Blockchain

Google is aware that this sort of abuse of AdWords is possible and claim to have blocked 7,000 phishing sites that tried to use AdWords in 2015: http://adwords.blogspot.co.il/2016/01/how-we-fought-bad-ads-in-2015.html

Fake Login Page

Unwary victims who clicked on the link were led to the phishing page with only one working link – the “login now” button – none of the other buttons are actually clickable.

AdWords Login

Clicking on “Login now” leads to a credential entry page that is quite similar to the “legacy login” of the real site. This is the page where the actual phishing happens.

Blockchain_MyWallet

A similar attack from 2014 also used AdWords and also targeted blockchain searchers – suggesting that the current attack was the work of the same group.

Learn more about how to get protected against phishing attacks.

You might also like

What is Microsoft Office 365 Advanced Threat Protection?

Office 365 Advanced Threat Protection (also known as ATP and Defender) can provide your organization with advanced security features - keeping you protected from cybersecurity threats. With today's cybersecurity landscape, where new threats appear daily, if not...

The Hidden Costs of Phishing & BEC

By Max Avory A couple of months ago we sat down with Damian Stalls, vCIO director at Fluid Networks to discuss how they dramatically reduced the time their security analysts spent managing the problem of phishing, BEC, and user education. Here were some of the...