Beware: Google Ads Phishing Scams Targeting Password Manager Websites

Cybersecurity experts have recently raised alarm regarding the use of Google Ads by hackers to target popular password manager sites such as Bitwarden, LastPass, 1Password, and others for phishing attacks. These attacks aim to steal users’ passwords and vault credentials, presenting a significant threat to sensitive information. 

Password managers store sensitive information in cloud-based vaults, which, although usually encrypted, can still be vulnerable to hacking attempts. Hackers may use fake websites to trick users into providing their data and authentication cookies, giving them access to the entire vault of confidential credentials. 

Bitwarden password manager users have reported seeing Google Ads with titles such as “Bitward – Password Manager” when searching for the actual Bitwarden website. Furthermore, other ads with similar but fake domain names, such as “appbitwarden.com” and “bitwardenlogin.com,” have been pushed to the top of Google search results.

Google Ads by hackers

Source Reddit  

When users went to these fake sites, they found an exact replica of Bitwarden’s legitimate web vault login page.  

Source Bleeping Computer

Source Bleeping Computer  

In testing these fake pages, cyberanalysts found they redirected to legitimate Bitwarden log in pages. Users online discussed how scared they were because they were unable to tell which page was fake or not.  

“God damn. In situations like this how can I detect the fake one? This is truly scary,” – Reddit 

“People are saying to look at the URL, maybe it’s just my tiny brain but I can’t tell which is the real one,”Reddit 

“Scammers are getting crafty with their URLs. Virtually impossible to convey any type of wisdom for elderly and computer illiterate. Too many variables”Reddit 

Scammers are getting crafty with their URLs

Source Bleeping Computer 

Other password managers are being targeted as well, as seen above for 1Password.  

To ensure the protection of your sensitive information, it is crucial to set up multi-factor authentication (MFA) with your password manager in the event of an accidental entry on a phishing site. 

In terms of the most effective MFA verification methods, hardware security keys top the list for their strength in security. An authentication app and tokens are also a good option, being easier to use compared to security keys. SMS verification, though still viable, is susceptible to hijacking through sim swapping attacks and is therefore ranked last and urged against being used. 

What is Phishing?  

Phishing is a form of cybercrime where attackers try to trick users into giving away sensitive information such as passwords, credit card numbers, and other personal information. They do this by creating fake websites that look like legitimate ones and asking users to enter their information. In the case of Bitwarden, the attackers created a fake website that looked like the official Bitwarden site, and asked users to enter their login credentials. 

Why is it Dangerous?  

Phishing attacks can be extremely dangerous because they can lead to the theft of sensitive information. This information can be used for identity theft, financial fraud, and other malicious activities. In the case of password managers like Bitwarden, the consequences of a successful phishing attack can be even more severe, as the attacker would have access to all the user’s passwords and sensitive information. 

How to Protect Yourself To protect yourself from phishing attacks, it is important to take the following steps: 

In July, Microsoft issued a warning about the prevalence of attacks that have successfully bypassed MFA for 10,000 organizations. 

In conclusion, the recent reports of phishing attacks on Bitwarden highlight the importance of being vigilant when entering sensitive information online. By taking the necessary steps to protect yourself, you can reduce the risk of falling victim to a phishing attack and keep your information safe. 

We at Motiva Networks can help you plan and see if your data has been compromised with a Free Confidential Cybersecurity Risk Assessment. Or you can schedule a quick 10-minute call to discuss the best options for your Agency or small business, or go over any questions you might have HERE.