If you rely on Bitwarden, be careful using a search engine to look up the password manager. That’s because scammers have been spotted creating fake ads on Google to lure unsuspecting users to malicious Bitwarden sites.
Bitwarden informed users about the risk on its Reddit page. “Typing Bitwarden manually into a search engine each time increases your chances of falling prey to a phishing attempt due to spelling errors or malicious domains (with similar names),” a moderator wrote.
The company posted the warning after users noticed the scam ads popping up on Google Search. One user generated the scam ad by querying the term “bitwarden password manager.” Google returned an ad for “www.appbitwarden.com,” an unofficial domain.
BleepingComputer investigated and found the ad sent users to a fake Bitwarden login page at “bitwardenlogin.com,” which can likely capture the master password from legitimate users.
The fake login page looked identical to Bitwarden’s official portal to access users’ password vaults. Hence, unsuspecting users could have been fooled into thinking the page was real.
Fortunately, some users realized the fake website was a phishing attempt and reported the problem to Google. The scammers appear to have taken the fake site down as a result.
In a statement to PCMag, Bitwarden’s Chief Customer Officer Gary Orenstein said: “We remind users looking for Bitwarden not to rely on search engines when looking for the Bitwarden login page, but to start with Bitwarden.com. A useful tip for users of the web vault is to bookmark http://vault.bitwarden.com. This eliminates the chances of an imposter site grabbing your attention, which can happen when using a search engine.”
The same advice can apply to any password manager or important web service you use. Last month, the FBI warned the public about scammers buying ads on Google Search to trick users into visiting phishing pages that impersonate popular brands.
“When a user searches for that business or service, these advertisements appear at the very top of search results with minimum distinction between an advertisement and an actual search result,” the FBI said.
So to avoid getting phished, the agency advised users to double-check the web address or URL for any ad they're about to click on. If there’s a misspelling or a domain you don’t recognize, then the ad likely leads to a harmful site. Users can also consider installing an ad blocker.
In a statement, Google noted the company is working to crack down on malicious ads over the search engine. This includes identifying more than 10,000 related ads attempting to abuse the company's services and cracking down on the accounts behind them.
"To combat this over the past few years, we’ve launched new certification policies, ramped up advertiser verification, and increased our capacity to detect and prevent coordinated scams. We are aware of the recent uptick in malware campaigns. Addressing it is a critical priority and we are working to resolve these incidents as quickly as possible," the company said in a statement.