If you"re looking to advertise with Bing, be wary about the links you click on -- especially if you"re navigating to those links through Google.
Google Adwords currently displays one ad result when you query the search engine with any terms related to advertising via Bing or Microsoft, like "Bing ads" or "Microsoft ads." The result looks official -- the displayed URL on Google is bingads.microsoft.com, which is the domain for Microsoft"s Bing ads network. But click on the ad, and the result is much more malicious.
Once you load the link, a page appears which, at first glance, looks exactly like a login portal for the Yahoo! Bing network. Look a bit closer, however, and you"ll see that the page is actually a very sophisticated phishing website. The only giveaway is the site"s URL: what was displayed on Google as bingads.microsoft.com actually redirects to secure.bingads.microsoft.com.waxhats.com.
None of the hyperlinks on this faux phishing page are accessible, and visitors are only able to enter their Bing Ads username and password. We tested the form with a fake username + password combination, and found that the site redirects back to the actual login portal for Microsoft"s Yahoo! Bing network. Official sign-in pages for Microsoft sites will typically contain "VeriSign" in the address bar, a point the phishing site ironically addresses.
If it wasn"t abundantly clear that the Google ad result is a phishing link, the homepage for waxhats.com displays only seemingly poorly made hats for sale through Amazon affiliate links.
Although Bing and Google are fierce competitors in the online ad marketplace, the phishing link was likely not a malicious addition on Google"s part. Google Adwords uses advanced software to verify and approve ads for display on their Adwords network, and on rare occasion, a malicious ad slips through the system.
Still, this isn"t good news for a good deal of computer users who may not realize the seemingly legitimate Microsoft link actually belongs to a phishing site which could steal your username, password, email, and any other data which may be associated with your account. And since the ad result is displayed at the very top of Google"s search results, the site may see some inadvertent clicks from otherwise well-wishing Bing Ads users.
The malicious link has been reported to Google, but at the time of writing, the phishing site still displays whenever a relevant search query is entered.
Source: News tip from Bing Ads user Arvind Kampli