Do you trust Google search with navigating you to your trusted sites?
Most people do. But you shouldn’t. Or at least not without doing your due diligence.
This scam specifically targets Bing Ads advertisers but this loophole can be exploited for your online banking, financial institutions, email accounts social media accounts and anything you can think of that contains sensitive information. The hackers have swindled at least a hundred thousand dollars of which that have been confirmed from multiple undisclosed but reliable direct sources of mine.
I have broken this article into three critical sections:
- What is a phishing scam?
- How was money stolen using this phishing scam?
- How can you prevent getting scammed and swindled of your hard earned money?
What is a Phishing Scam?
By definition, a phishing scam an email that falsely claims to be a legitimate enterprise in an attempt to scam the user into surrendering private information to be used for identity theft. The Bing Ads phishing scam extends the mechanism used for phishing from email to search, specifically Google search.
How Was Money Stolen in the Bing Ads Phishing Scam?
The Bing Ads advertiser would type in bing ads into Google, or a similar keyword. The advertiser, which is the business owner or proxy of the business owner, will click into the first link that comes up.
Continue reading “Bing Ads Phishing Scam Hi-Jacks Google Search Using Google Adwords Loophole”
What is HTTPS? It stands for Hyper text Transfer Protocol Secure and is the secure variation of HTTP, which is the protocol you use to browse websites. HTTPS adds a layer of security by encryption all of the data transferred between you and the website. Unlike many other factors pertaining to influencing organic SERP rankings, this one has been officially confirmed as a ranking signal by Google.
- Keep realistic expectations. Implementing SSL will not sky rocket your SERP rankings. Personally, I am skeptical the influence will be significant.
- If you are doing this for the SEO brownie points, go with something economical such as Rapid SSL or Comodo SSL
- Add the HTTPS version of your domain name to Google Webmaster Tools by using the standard “Add a site” button and typing https://yourdomain.com
- Change absolute paths that reference to HTTP to relative paths. Otherwise, you may get SSL warning errors telling you there are unsecured items on your page.
- After you have moved your website to SSL, Google recommends that you use the Qualsys SSL Labs tool to verify the status of your HTTPS.
My Tips for Business Owners:
- Have your web host do the installation for the SSL certificate
- Have your webmaster change the absolute paths to relative paths, and add the HTTPS version to Google Webmaster Tools
My Tips for Geeks:
- I prefer to use /folder/file.jpg as oppose to folder/file.jpg when I am referencing files because it references from the root directory of the website so you do not have to worry about references breaking if you use slashes as part of your custom URLs for SEO.
- If you have iframe or embedded elements, you may want to consider stripping the http: or https: so instead of http://example.com/iframe.html or https://example.com/iframe.html, you would reference to //example.com/iframe.html and this will pull up the same protocol as being accessed from the parent page.
Lastly, why do I think Google wants all sites to have HTTPS?
Accordingly to Google, they want websites to be safer but the problem with that is most websites that have e-commerce or transact sensitive information already have HTTPS. I don’t buy that explanation.
One of the inherent problems with website analytics tracking is search query data cannot be passed from HTTPS to HTTP, and Google Analytics is no exception. That means if somebody is logged into Google, Yahoo or Bing or simply goes to the HTTPS version of the search engines, types a search query and then lands on your website, Google Analytics isn’t able to capture that information. Notice in Google Analytics, sometimes you see “(not provided)” as the Keyword? That is the reason why. By having people to migrate their sites to HTTPS, Google will have access to data that they did not have before.