back to article It was El Reg wot won it: Bing banishes bogus Brit bank banner ad

Microsoft has axed a Bing search result advert that masqueraded as a legit online banking website – but was in fact a sophisticated phishing operation. Searching for "TSB" – as in the UK's TSB Bank – on the Great Britain edition of Bing would bring up, right at the top of the page, a search ad for a phishing website described …

  1. Anonymous Coward
    Anonymous Coward

    Indifference ... Complacency or what...

    With big-search and social in the spotlight over fake news / bad Malware-filters etc, you'd think giants like M$ would be make it foolproof to 'report' suspected cases. More 'Ad' automation glory? No, go directly to- FAIL!

    1. Mark 110

      Re: Indifference ... Complacency or what...

      Yeah - not pleased with their solution. I would have dedicated link for reporting scam adverts that go straight to a dedicated team.

      Not like they can't afford it.

      Just looking on Google - they don't seem to have a reporting mechanism either. Hmmmm.

      1. macjules

        Re: Indifference ... Complacency or what...

        Just looking on Google - they don't seem to have a reporting mechanism either. Hmmmm.

        Probably because you would be reporting one of Google's valued clients.

    2. Anonymous Coward
      Anonymous Coward

      Re: Indifference ... Complacency or what...

      Let me spell it out for you:

      They are all WHORES. PAY TO PLAY. Someone pays, they immediately whore themselves out. All the so called "cloud giants". In fact, mentioning the most ancient profession is a compliment here - its members have more moral fiber and sometimes decline serving the really dubious customers.

      This is what this one is about.

    3. Dr Mantis Toboggan

      Re: Indifference ... Complacency or what...

      What's the real damage thou? Out of the 10 people that use Bing, how many were likely to be TSB customers???

    4. Anonymous Coward
      Anonymous Coward

      Re: Indifference ... Complacency or what...

      "you'd think giants like M$ would be make it foolproof to 'report' suspected cases"

      It already is. From the browser settings menu, goto Safety and then Report Unsafe Website.

  2. Anonymous Coward
    Anonymous Coward

    Bing?

    So, you've saved at least, oh, 8 people from being scammed. Well done.

    1. Ol'Peculier

      Re: Bing?

      As many as that?

      1. Hans 1
        Joke

        Re: Bing?

        As many as that?

        Well, he counted 7 DuckDuckGo users who would not have seen the ad anyways ....

    2. Anonymous Coward
      Anonymous Coward

      Re: Bing?

      I switched to Bing as I was fed up of cr&p results from Google (read scrolling through 2x pages of "sponsored results" before you actually got to the result you actually wanted) - I've found it to be better for the majority of searches I perform (apart from reverse MD5 hash lookups)

      1. Anonymous Coward
        Anonymous Coward

        Re: Bing?

        It's great. Nobody bothers advertising on bing!

      2. Anonymous Coward
        Anonymous Coward

        Re: Bing?

        > I switched to Bing as I was fed up of cr&p results from Google

        For me it's Qwant and occasionally DuckDuckGo. Interesting to see I'm not the only one who finds Gurgle results are not what they used to be.

        1. TheVogon

          Re: Bing?

          "For me it's Qwant and occasionally DuckDuckGo"

          DDG primarily uses Bing!

      3. Anonymous Coward
        Anonymous Coward

        Re: Bing?

        "I switched to Bing as I was fed up of cr&p results from Google (read scrolling through 2x pages of "sponsored results"" startpage.com google without the shite.

        1. Anonymous Coward
          Anonymous Coward

          Re: Bing?

          I use duckduckgo primarily but they often don't have as good results as google. So over to google it is, with all of the ads efficiently blocked out.

  3. TheProf
    Coat

    Bing

    Ha ha ha ha! Bing!

    Also don't click on the adverts.

    Bing! Snigger.

    1. Mark 110

      Re: Bing

      Sometimes its alright. Its the default in work. Its not what I'd choose but Google is no longer the Google I would choose since they started making ads look like results.

      1. Anonymous Coward
        Facepalm

        Re: Bing

        Did you read the article? Not even the pictures?

  4. Anonymous Coward
    Anonymous Coward

    https://advertise.bingads.microsoft.com/en-us/resources/policies/report-spam-form

    Just rolls off the tongue. Pithy, even.

    1. Mark 110

      Re: https://advertise.bingads.microsoft.com/en-us/resources/policies/report-spam-form

      And its not spam. Its fraud. Where's the 'report fraudulent adverts' link?

      1. Terry 6 Silver badge

        Re: https://advertise.bingads.microsoft.com/en-us/resources/policies/report-spam-form

        Good point. The spam reporting link implies a place to report an annoyance - to be duly ignored. Not for a serious report of criminality.

      2. Pen-y-gors

        Re: https://advertise.bingads.microsoft.com/en-us/resources/policies/report-spam-form

        Correct it's fraud. So there should be a link that takes you straight to the Metropolitan Police. Who will then ignore it.

        1. This post has been deleted by its author

    2. ThatOne Silver badge

      Re: https://advertise.bingads.microsoft.com/en-us/resources/policies/report-spam-form

      Scam sites usually only live for 24-48h, so if the scam was online the whole weekend they got their money's worth and are pretty pleased with Bing. They will be happy to use it again.

      On the other hand Bing got their money and are pretty pleased with the scammers too; They will be looking forward to do business with them again.

      I don't understand why you wonder about the report link pointing to the disused lavatory in the basement.

      1. DJV Silver badge

        Re: report link pointing to the disused lavatory in the basement

        Is that the one to which they couldn't even be bothered to afix the standard "Beware of the Leopard" sign?

  5. Ben Burch

    Good job, lads!

  6. Disgruntled of TW
    Stop

    Follow the money ...

    So for real kudos ... are Microsoft following the money that paid for the ad? Surely a scammer like this leaves a trail? How did they cover their tracks, and how are Microsoft preventing the same ad from being placed again?

    1. Muscleguy

      Re: Follow the money ...

      Prepaid credit card, false box address.

      1. Hans 1

        Re: Follow the money ...

        Prepaid credit card, false box address.

        Well, if you got had, I assume that pre-paid credit card is MS' problem, not, hey ?

    2. Alister

      Re: Follow the money ...

      are Microsoft following the money that paid for the ad?

      No, why would they?

      Microsoft would have to pay it back, then.

  7. Ivan Headache

    What worries me

    is not the fact that this bogus site was listed but the tendency for 'ordinary' folks to use the search box of whatever search engine they use to go sites they regularly visit.

    I've seen it myself - people typing 'BT email' into a yahoo search box!

    It's particularly common with the over 60s - many who think that Google is the internet and the only way in is through the search box.

    I try to explain that it's unwise to trust search results if what you are looking for is financial, and that if you've already been on the website you are searching for then the computer knows it already.

    Having said that, if they've been on the bogus site - then that is known too.

    1. Dan 55 Silver badge

      Re: What worries me

      Edge's home page is a Bing search box in the middle of the page with the cursor blinking in it and an invisible address bar, herding people towards whatever ad is top.

      I guess that's okay if there's actually some control over advertising, but there so obviously isn't.

      1. joed

        Re: What worries me

        It's not just Edge's home page. It's also Windows 10 search agent (the name shall live in infamy;) that's making it more and more difficult to differentiate local vs web searches (with resulting ads, phishing sites etc dished onto more clueless users). The last Win 10 build I've checked, snitch's settings (now called notebook, why not dossier?) can only be adjusted when logged on with MS account. An irony of sort.

    2. Dominion

      Re: What worries me

      From experience, the opposite is true. My parents only go to the list of favourites that I've created for them - and on-line banking isn't one of them, whereas tech savvy work colleagues type bbc into a search engine.

    3. teknopaul

      Re: What worries me

      Agreed mate,

      - Turn off search from address bar

      - Get rid of auto .com suffix

      - stop browser from googling localhst and the like

      FireFox needs this mode by default on desktop. No hope of Chrome ever doing it.

      :)

    4. teknopaul

      Re: What worries me

      The most common search term on Google used to be "facebook". I bet facebook love that.

    5. nagyeger
      FAIL

      Re: What worries me

      What worries me even more is that I've seen a big-roadside-screen add showing people how to get to their wonderful site.... just enter our URL into google's search box.

      Complete with the http:// bit.

      WHY???

      1. rmason

        Re: What worries me

        @nagyeger

        Because that is EXACTLY how an unbelievable amount of people use "the internet" (the default search engine on their default browser. You can't have never seen one in the wild.

        Even if presented with a full URL, it gets "googled or binged" and the top result gets clicked.

        1. David Nash Silver badge

          Re: What worries me

          Because they don't know what a URL or an "address bar" is.

          And allowing people to search via the address bar only blurs the distinction.

          I do find autocomplete of URLs handy but only from previous sites visited, I don't want it going and searching for it.

    6. Hans 1

      Re: What worries me

      It's particularly common with the over 60s - many who think that Google is the internet and the only way in is through the search box.

      No, no, no ... it has to do with AOL and their keywords ....

  8. Anonymous Coward
    Anonymous Coward

    Lesson 1, use an add blocker.

    Lessen 2, see lesson 1.

    1. jtaylor

      Re: Lesson 1, use an add blocker.

      Excellent idea. ADD is tough when a page has animated advertisements.

      1. Sir Runcible Spoon
        Facepalm

        Re: Lesson 1, use an add blocker.

        Shit, if I had an automated ADD blocker I wouldn't have to take tablets every day!

  9. Phil Endecott

    "We would like to show you a description here but this site won't allow us to."

    I love how the real site seems less legitimate due to this line under the page title.

  10. Anonymous South African Coward Bronze badge

    Bing bong bingely bong it is eleveeeeen peeeee emmmmm...

  11. Anonymous Coward
    WTF?

    FAIL!!

    It should have been obvious that it was a scam site; it worked!!!

    Anyone who has had to deal with TSB will tell you that NOTHING WORKS!!

    I am amazed at how they have a single customer after my experiences in trying to open an account.

    1. Sir Runcible Spoon
      Coat

      Re: FAIL!!

      How obvious was the typo in that URL?! I mean, the letter q is nowhere near the o :P

    2. Fading
      Facepalm

      Re: FAIL!!

      Have an uptick - TSB the bank that likes to say 404 error.....

      Though to be fair Nationwide has recently topped the "computer says no" charts.

  12. Munkstar

    Google

    Type in a search for free government agency websites and Google still has paid for me-too hits at the top of the page.

  13. Munkstar

    ‘Check car tax on’ Google

    Top hit is ‘Vehicleinfirnation.uk ......

    “Service is charged at £10 for 12 months access. You agree to the full terms and conditions, that you are 16+ and you will be charged to your mobile account. You will be shown the due date of your MOT and tax for the vehicle registration you have entered. We will send you alert reminders by text message before your MOT and tax are due. These reminder messages are free, not charged. Information supplied through the service can be obtained for free from the DVLA”.... etc

    1. Alister

      Re: ‘Check car tax on’ Google

      Interesting how personalised search works.

      If I Google "check car tax" I get the top five results all starting with "https://www.gov.uk/"

  14. Anonymous Coward
    Anonymous Coward

    And then there is the greedy domain registrar who did not even do the most basic of address checking before registering the domain:

    https://www.nominet.uk/whois/?query=persqnal-tsb.co.uk#whois-results

    Domain name:

    persqnal-tsb.co.uk

    Registrant:

    kloind lioaun

    Registrant type:

    UK Individual

    Registrant's address:

    12 street

    london

    london

    ME1 1EL

    United Kingdom

    Data validation:

    Nominet was not able to match the registrant's name and/or address against a 3rd party source on 17-Nov-2017

    1. sitta_europea Silver badge

      [quote]

      Nominet was not able to match the registrant's name and/or address against a 3rd party source on 17-Nov-2017

      [/quote]

      And Nominet doesn't give a flying fuck anyway.

      1. Sir Runcible Spoon
        Joke

        [quote]

        You need to use < blockquote > rather than [ quote ]

    2. Kevin Johnston

      Good job they didn't use a real location like 'The Buildings, West Sussex'...lovely little hamlet although rural enough they probably only have wet string for broadband connections.

      It's not far from The Haven and Dragon's Green. Such wonderful names they used unlike up in Cumbria where they have no imagination and there are at least 12 'New Biggings' and two of them are only a few miles apart

    3. Anonymous Coward
      Anonymous Coward

      Didn't I read somewhere on El Reg recently that WhoIs was going to be shut down because of the potential to leak personal information like that of our fictional Mr Kloind Lioaun above?

    4. Anonymous Coward
      Anonymous Coward

      And its gone - pity fraud detection didn't stop it in the first place.

      No match for "persqnal-tsb.co.uk".

      This domain name has not been registered.

      WHOIS lookup made at 11:59:48 21-Nov-2017

    5. Hans 1
      Holmes

      And then there is the greedy domain registrar who did not even do the most basic of address checking before registering the domain

      So, first sue MS, they have money, then go after registrar .... because, this has to stop! These guyz have to take responsibility ... and have to be sure they can re-claim from their clients. Easy solution.

  15. fireflies

    Tip of the iceberg

    Great so Microsoft took down one entire advertisement... I wonder if it will last as long as the fake "www.google.com/chrome" advert (that didn't go to www.google.com) ... take one advert down and they just fill in another form.

    But ultimately this is just scratching the surface of the issue - when are search engines like google and bing going to deal with all the fake mcafee, office, norton, etc. sites that prey on customers who have just purchased their "we don't believe in friendly CDs anymore, lets see if you're savvy enough to tell the difference between an address bar and a search box" software.

    Case in point, type in the mcafee "url" to activate their software into google... you would think that google would be helpful enough to rank the ACTUAL page you searched for at the top... but its actually slightly further down on... err... well... apparently it doesn't feature at all... gee thanks google.

    Instead we have 7 out of the first 10 results are scams, all with much better URLS than mcafee bothered to think up.

    Bing is no better - their page is covered with adverts and fraudulent pages claiming to be mcafee.

    Duckduckgo - maybe a little better in terms of results provided but they display the URLs in light grey so you can't see so easily that the higher ranked mcafeeactivate pages are fraudulent

    The big question is however, many of these companies have got UK FREEPHONE numbers - someone, somewhere is actively paying money to have a phone number that you can dial for free, and that number is then linking directly to people who are actively committing fraud on a daily basis... so where are measures in place to report this? Who out there actually cares that crimes are being committed on a daily basis?

    Browsers have allowed search engines to hijack their intended purpose - the address bar is hidden out of the way and the search box is prominent.

    Did you know that if you accidentally do a google search for a URL and then attempt to type that URL into the address bar, it autocompletes that same url in the address bar for chrome and if you press enter upon seeing it completed, it will take you back to a google search despite showing the full URL in the address bar?

    As more and more new users start using computers for the first time without any awareness of the traps that befall them, everything is being stacked up against them - fraudsters are seemingly working in unison with search engines who happily direct customers away from the direct link to the correct page in order to offer spurious search results.

    A simple solution would be for search engines to detect when you have searched for a URL and give you that URL link at the very top as the first result.

    For sites like mcafee, they are oblivious to their own obvious failure - the url to activate their product redirects to another link unnecessarily, so as far as search engines like google are concerned, there is no website on the correct link. It will never rank on search engines despite it being an exact match for the search.

    Sadly this has become the first test that many new computer owners experience and fail on a daily basis. They are the tree that falls in the woods, with no one around to hear.

    1. David Nash Silver badge

      Re: Tip of the iceberg

      "A simple solution would be for search engines to detect when you have searched for a URL and give you that URL link at the very top as the first result."

      Or the ONLY result. At least if you put https(s) on it.

  16. Anonymous Coward
    Anonymous Coward

    One more time! It's back in bing and stop on the list. In my country there is such as thing as Aiding and Abetting a felon. Microsoft never ceases to amaze me.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like