Select Page

Cyren Security Blog

The Cyren Security Blog is where Cyren engineers and thought leaders provide insights, research and analysis on a range of current cybersecurity topics.

Bitcoin Phishing Targets Users via Google AdWords

As we have pointed out several times, cybercrime is a business, and running a malware or phishing campaign does require some financial investment by the bad actors. Rental of botnets, purchase of exploit kits, and acquisition of compromised site lists are all expenses that need to be covered by the campaign.

A recent phishing attack detected by Cyren clearly shows this investment, as the attack vector is pay-per-click advertising via Google AdWords.

“blockchain” vs. “bioklchain”

The Ad showed up in response to searches for “blockchain” – a bitcoin related term. Close analysis of the advert shows that the link is actually to – but at a casual glance the link appears to lead to the legitimate “”. Interestingly, Bitcoin addresses are Base58Check encoded so they exclude potentially confusing characters such as 0 (number zero), O (capital o), l (lower L), I (capital i), and the symbols ‘+’ and ‘/,’”.


Google is aware that this sort of abuse of AdWords is possible and claim to have blocked 7,000 phishing sites that tried to use AdWords in 2015:

Fake Login Page

Unwary victims who clicked on the link were led to the phishing page with only one working link – the “login now” button – none of the other buttons are actually clickable.

AdWords Login

Clicking on “Login now” leads to a credential entry page that is quite similar to the “legacy login” of the real site. This is the page where the actual phishing happens.


A similar attack from 2014 also used AdWords and also targeted blockchain searchers – suggesting that the current attack was the work of the same group.

Learn more about how to get protected against phishing attacks.

You might also like

Phishing with QR codes

Don’t Scan or be Scammed By Maharlito Aquino, Kervin Alintanahin and Dexter To In 1994, a type of the matrix barcode known as the Quick Response code, now widely known as QR code, was invented by Masahiro Hara from a Japanese company Denso Wave. The purpose of the...