Last week, online criminals hijacked twenty online search terms with the intention of stealing bank and credit card details from surfers looking for the Better Business Bureau website, amongst many others. This type of online fraud, known as "phishing", has been around for some time, but the ways in which phishing sites are made available to possible victims continues to diversify and increase in sophistication with every month that passes. On this particular occasion, the attackers used Google AdWords as the platform for online promotion by bidding on popular search terms associated with the Better Business Bureau site. The landing pages from these ads lead to sites which are, in fact, identical copies of the sites targeted in terms of layout and appearance. When a user enters a phishing site, any details they enter - such as username, password and credit card number - are given to the online criminals who set up that site.
Frequently, emails asking users to reset login details or passwords are a way of getting victims to these sites. And as more people become aware of such phishing techniques, online criminals have to adapt to the current situation and look for new ways to pursue their fraudulent activities.
The number of people affected by last week's phishing attack is unknown, and Google said the sponsored results associated were totally removed on Tuesday 24th April - although the actual scam site is still available.
The Exploit Prevention Labs detected this attack and reported the findings after two weeks of research. On Google, search terms such as "modern cars airbags required" gave sponsored search results that saw some phishing sites occupy top ranking positions for those terms. When a visitor is about to enter on a sponsored search result site, the URL associated with the advert is displayed at the left hand side corner. However, fraudulent adverts usually hide the URL. therefore visitors don't know what site they are about to enter.
Once a click is made on this fraudulent advert, which pretends to come from a reputable brand, a piece of software is installed on the victim's computer, which will record private data. Last week's attack targeted more than 100 banks around the world by adding extra HTML on the banks response pages. This is usually the last stage on any SSL transaction coded in plain HTML, rather than encrypted, which makes it more vulnerable and the perfect target for scammers.
Popular internet brands, like eBay and Paypal, have been a usual target of phishing attacks in the past and it seems like the general public is still defenceless against this type of fraud. In the near future, search engines will really need to concentrate on technologies for malware detection, which will stop these sites from getting indexed or approved as legitimate paid campaigns.
