When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.

Google Adwords' top result for "Bing Ads" is a phishing site

News Editor Neowin · · Hot! with 25 comments

If you're looking to advertise with Bing, be wary about the links you click on -- especially if you're navigating to those links through Google.

Google Adwords currently displays one ad result when you query the search engine with any terms related to advertising via Bing or Microsoft, like "Bing ads" or "Microsoft ads." The result looks official -- the displayed URL on Google is bingads.microsoft.com, which is the domain for Microsoft's Bing ads network. But click on the ad, and the result is much more malicious.

From Google, the top result looks safe and official in every way.

Once you load the link, a page appears which, at first glance, looks exactly like a login portal for the Yahoo! Bing network. Look a bit closer, however, and you'll see that the page is actually a very sophisticated phishing website. The only giveaway is the site's URL: what was displayed on Google as bingads.microsoft.com actually redirects to secure.bingads.microsoft.com.waxhats.com.

None of the hyperlinks on this faux phishing page are accessible, and visitors are only able to enter their Bing Ads username and password. We tested the form with a fake username + password combination, and found that the site redirects back to the actual login portal for Microsoft's Yahoo! Bing network. Official sign-in pages for Microsoft sites will typically contain "VeriSign" in the address bar, a point the phishing site ironically addresses.

The page users are redirected to after filling out the form on the phishing site. You can tell its legitimacy by the green "verified" box in the URL bar.

If it wasn't abundantly clear that the Google ad result is a phishing link, the homepage for waxhats.com displays only seemingly poorly made hats for sale through Amazon affiliate links.

Although Bing and Google are fierce competitors in the online ad marketplace, the phishing link was likely not a malicious addition on Google's part. Google Adwords uses advanced software to verify and approve ads for display on their Adwords network, and on rare occasion, a malicious ad slips through the system.

Still, this isn't good news for a good deal of computer users who may not realize the seemingly legitimate Microsoft link actually belongs to a phishing site which could steal your username, password, email, and any other data which may be associated with your account. And since the ad result is displayed at the very top of Google's search results, the site may see some inadvertent clicks from otherwise well-wishing Bing Ads users.

The malicious link has been reported to Google, but at the time of writing, the phishing site still displays whenever a relevant search query is entered.

Source: News tip from Bing Ads user Arvind Kampli

Report a problem with article
Next Article

A playable Super Mario 64 has come to your browser in glorious HD

Previous Article

Microsoft reveals next set of phones to receive Windows 10

Join the conversation!

Login or Sign Up to read and post a comment.

25 Comments - Add comment