It’s an age-old truth that you need to spend money to make money, and this can be especially effective in the world of online advertising.
For criminals looking to break into online password managers, the payoff is potentially huge if their fake login pages rank at the top of a Google search. Here’s a very real reason why you should be careful to avoid clicking on ads in search results.
Google ads look like real search results
The Google search results page is not what it used to be. In the early days of the search engine’s rise to dominance, you’d type in your search term, hit Return, and see a page of search results sorted by Google’s algorithm to be useful.
More recently, the top of the page has usually been dedicated to the cruft Google wants you to see. Typical offenders include a snippet from a website or dictionary, a series of questions similar to your query, two or three ads, and then the actual search result.
The visual style of most of these elements is different enough from the meat of the results that it’s easy to scan them and scroll down. However, advertisements are not immediately recognisable.
They use the same link color as regular results, and have the same length of summary and selection of sitelinks for URLs within the website. There are also no suspicious tracking URLs here.
The only clue that you’re seeing a paid ad rather than an actual organic search result is the word “Advertisement” in black on the left side of the URL and above the title. This means that it is easy to click on an ad by mistake, and think that you will be taken to the most relevant search result.
Accidentally clicking on ads is a familiar and frustrating feeling. This is made worse by the fact that there is a tendency among older computer users to simply type the name of the service they want to use into the search field and then click on the top result instead of typing in the actual URL.
Do Cyber Criminals Buy Top Search Results on Google?
Given how easy it is to be fooled by ads that appear as search results, it makes sense for malware mongers, hoaxers, grifters, fishermen, and other unsavory types to buy up advertising slots on Google.
After all, if you want people to sign in to your carefully faked-up spoof login page for Outlook.com, it’s going to take years of dedicated SEO work to get to the first page – even then, you’ll never be able to do anything with the real one. Microsoft won’t knock on the domain. from the top position. But if you buy an ad slot so that when someone searches for “outlook,” your ad appears at the top of the search results, and it’s virtually indistinguishable, there’s a good chance they’ll try to log in. Then you have their Outlook username and password.
How are hackers using search results to hack into password managers?
But having a user’s email address and password can only get criminals so far. Security conscious citizens of the web have, in recent years, started using password managers. These services allow you to generate and store extremely difficult unique usernames and passwords that are unique to each site.
Naturally, these password vaults are especially attractive to criminals because they contain the keys to your entire online life.
In late January 2023, Reddit users reported that searching for the term “Bitwarden password manager” returned ads for fake Bitwarden sites at the top of the search results (according to Cyber Intel Mag).
Clicking on the link took users to the domains, bitwardenlogin(dot)com and appbitwarden(dot)com.
The sites look very similar to the actual Bitwarden Vault login page, and it will be easy for you to enter your email address and master password without ever realizing you’re wrong. With these details, criminals can easily access the rest of your passwords.