Google OK’d ads that led to a fake password manager site – Protect yourself

October 20, 2023

By Kim Komando

Heads up: Google has been caught hosting an ad that’s not just fake — it’s convincingly fake. We’re talking about an ad masquerading as the open-source password manager KeePass. And the kicker? Even security buffs might be falling for it.

The devil’s in the details

The fraudulent Google ad leads you to what appears to be the genuine KeePass website, but it’s a trap. The folks at Malwarebytes found it’s actually a lookalike site pushing malware known as FakeBat. 

According to Google’s Ad Transparency Center, the ads were paid for by a verified advertiser named Digital Eagle. Yep, you read that right. Google verified these guys! The tricky part? The site uses an encoding scheme called Punycode to appear authentic.

Punycode’s been aiding and abetting scams for a while. It changes the way URLs appear without the regular tipoffs. Remember that fake brave.com site a couple of years ago? Yeah, Punycode was behind that, too.

How to spot the fakes

Listen, there’s no foolproof method to steer clear of malicious ads or Punycode URLs, but here are some pointers:

1. Maintain a healthy skepticism

If something seems too good to be true or slightly off, pause and think before clicking.

2. Manual URL entry

Type the URL yourself into a new browser tab. It’s a bit tedious, but it’s one of the most effective ways to dodge lookalike websites. At the very least, scroll down to the organic results past the ads.

3. Inspect the TLS certificate

This one’s crucial, so let’s break it down:

4. Established sites aren’t always safe

Remember, even trusted platforms like Google can host bad ads — just like malicious apps make it into the official app stores all the time.

5. Look for small details

A tiny character can be the difference between a legitimate URL and a malicious one. Pay close attention! You might mistake k0mando[.]com for komando.com if you move too fast.

Stay alert, stay safe. There’s a new trick around every corner, but you’re arming yourself with knowledge. Share this with a loved one who you want to keep safe, too.

https://www.komando.com/tips/cybersecurity/fake-password-manager-ad/