How many of you have had problems getting ads approved with Adwords? Usually there is a good reason for an ad not getting approved but what I’ve seen today is a pretty rare sight. Considering how tough Google is when it comes to prohibited content, even affiliate sites, I was shocked to see this.
Google Allows BingAds Phishing Ad
What is phishing?
The activity of defrauding an online account holder of financial information by posing as a legitimate company.
So I typed into Google, “Bing Ads”.
The next thing that comes up is the search result page with the ad on top. Everything looks legit with Google Shopping ratings, ad copy looks good but if you look at the tracking link, the link is to a bit.ly redirect, something that usually never gets approved in Google Adwords.
Looks good doesn’t it? Nobody would ever notice… so let’s go ahead and click and see what happens.
This image consists of the URL, address bar:
Everything still looks good with the exception of the “waxhats.com” in the URL. I never heard of waxhats before, I don’t know what the hell that is supposed to be, but I know it isn’t Bing ads.
The problem though, is how tricky it seems. Take a look at the landing page:
It’s a little fishy.. the phishing, heh, if you try to click on any of the footer links like legal, privacy, advertise, etc. it doesn’t go anywhere. Even though Microsoft is pretty bad about messing things up, I can’t imagine them doing something like that.
Enter Your Email for More Awesome Content
So, if someone doesn’t check the url bar of their browser, or if they don’t bother looking carefully you can see how easy it would be for them to enter their login information for these scammers to harvest.
Once you enter the information, you’re simply redirected to the legitimate bingads/microsoft ad center login.
It’s amazing that Google approved this ad, and one has to wonder if they intentionally let this go? I can’t imagine they would do that intentionally but it’s so strange to see something so high profile happen like this!
Not only was it a phishing site, but it also was using a bit.ly link, which is against the Adwords guidelines.
I guess sometimes we all need a little reminder to be careful when submitting login information to important websites.
Edit: This appears to be something Google is constantly battling in the last few months. The URL is just changing often, EPdigitaltrends.eu has been used as well. Other users on warriorforum are also mentioning different variations but the only one I’ve been able to confirm is the waxhats URL.