Open AndreasGassmann opened 3 years ago
I confirm having seen this just now as well. Also reported, please do the same.
Thank you for reporting this! By the way, Duck Duck Go does not show this malicious domain name at all.
It seems like they stopped. But there are still some ads being shoved into bip39
related keywords (mostly unrelated though).
See here: https://docs.google.com/spreadsheets/d/1l01hKNIgDMeRKOoLdkBhPyOohg01Qf36PyGgVNAw6Xo/edit?usp=sharing
One thing that you could implement to make it easier to distinguish it is a couple of emojis in the meta-description of the html:
It may not be a great solution but it could work for the time being
Diabolically cunning.
I googled "bip39" because I was trying to get the link to this tool and noticed that the first result is an ad. Then I saw that the URL used in the ad is slightly different than the original one.
I opened the website (through TOR) and opened the network tab. As expected, the full mnemonic is sent to the attackers server immediately after generating or pasting it.
I reported the ad to google, but it probably takes a while until it is removed. Please do the same to speed up the process. Try to search for "bip39" until the ad shows up. Then you can click the small (i) on the top right of the ad, select "An ad violates other Google Ads policies" and choose "Cyber Frauds" > "Phishing".