According to the reports given byPaul Mutton of Netcraft , two phishing attempts were displayed at the top of the results returned by Bing for the “blockchain” query. The researcher documented the finding this week, on July 2.
Under the description field, one of the malicious ads asked the potential victim to “click this one,” while the second plastered a warning saying that all other ads were not genuine and led to a phishing site.
Indeed, following one of the links, Mutton discovered it led to a phishing site, where the user was asked to provide the user name and password.
It appears that the fraudsters behind the second ad made a mistake because of the .lnfo (LNFO) top-level domain (TLD) used, which does not exist. The reason for this is the easy confusion that can be made with the .info TLD.
Bing is not the only place polluted by phishing ads, as they have also been encountered in other search engines using the Yahoo Bing advertising network. “These phishing ads also appear on other search engines which use the Yahoo Bing ad network, such as Yahoo and DuckDuckGo,” adds the researcher.
