#A company worker searched a virtual currency exchange called ‘Yobit’ on Google and accessed a site after clicking on Yobit link that was at the very top. When the worker accessed a corresponding site, Chrome showed a green lock indicating that the site is safe. Although the worker accessed the site after feeling safe, the worker later found out that the site was actually a phishing site that extorts IDs, passwords, and OTPs (One Time Password). The worker checked market price and account information after accessing the site. Within just few minutes, all of virtual money that was worth tens of thousands of dollars and was in the account was withdrawn illegally.
As number of cyber attacks from hackers who are trying to extort virtual money increases, there have also been many phishing sites that utilize Google search advertisements.
A person can face financial damage by having his or her log-in information stolen while searching for virtual currency exchanges on Google and accessing those sites. It is perfect for people to fall into this trap as these phishing sites put up Google ‘advertisement’ sign at the top.
Many virtual currency exchanges use URL such as ___ bit.net. Google search advertisement phishing that was recently found pretended to be a South Korea exchange called korbit and a foreign exchange called Yobit.
In the past, there had been many instances when phishing sites skillfully change ‘.net’ or ‘.com’ with others. However phishing sites nowadays change the alphabet ‘i’ from ‘bit’, which indicates Bitcoin, with ‘í’, which is used in Iceland, Czech, and Hungary. Because this is a subtle difference, it is not easy to differentiate the two. Because phishing sites use ‘https’ instead of an internet communication protocol ‘http’, Google Chrome marks them as safe sites. Hackers use a method where they expose phishing sites on an advertisement section of Google search for a short period of time and disappear. They use this method in order to make tracking difficult.
When South Korean Government put out regulations for virtual currency exchanges, many of them started to move to foreign exchanges. However whether they are located in South Korea or other countries, they are still targets of hackers. Moreover, it is even more difficult to receive financial relief from foreign exchanges when a person becomes a victim of illegal transfers due to phishing.
“Fact that Google is putting up phishing sites as advertisements is a problem.” said a victim. “It is difficult to recognize phishing sites as Google has high credibility and as these phishing sites are advertised as advertisements in search results.” This victim also added that a corresponding virtual currency exchange told the victim that this is Google’s responsibility when the victim asked to block phishing sites. The victim also said that customers are the only ones suffering as virtual currency exchanges and Google are not taking responsibilities.
“Phishing sites are becoming more clever as price of virtual currency is rising continuously and as money is driven towards virtual currency exchanges.” said Choi Sang-myung who is the department head of Hauri. “Even security experts suffer from phishing sites that are exposed at the top of search results of Google.”
Google announced that there is a task force that monitors and detects phishing early on. This task force cross checks advertisements, websites, and advertisers’ accounts. “Although we take immediate actions when we detect suspicious activities, we cannot prevent phishing that changes each method every time and makes continuous attempts all the time.” said Google. “Please report any phishing sites.”
Staff Reporter Kim, Insoon | insoon@etnews.com