Authentication apps like Google Authenticator are a better method and they aren’t that difficult to use. One-time, SMS codes may be a popular form of authentication but they’re actually not that secure since an attacker could use sim swapping to hijack your codes. The first of which is to enable multi-factor authentication (MFA) so a hacker would need your password and something else to access your account. If you use a password manager, you need to make sure you’re taking additional steps to protect the passwords stored in your vault. How to protect the credentials stored in your password manager Clicking on the first result you see may seem natural but you could be putting yourself at risk by doing so. Bitwarden and other companies’ actual sites appear further down in the search results. While Google has strict security checks on its ads, bad ads do manage to slip through the cracks from time to time.įor this reason, you should always scroll past the first results on Google Search as they are usually ads. Since anyone can buy an ad online, hackers can as well. However, you should think twice before clicking on any ads in a search engine as they could lead to phishing sites. To make matters worse, the phishing site also tried to steal MFA-backed session cookies or authentication tokens to gain full access to a Bitwarden user’s password vault.īitwarden isn’t the only password manager being targeted by fake ads though, as MalwareHunterTeam (opens in new tab) recently discovered that criminals had turned to fake Google ads to target 1Password users.Īds are an important part of the online ecosystem and without them, we wouldn’t have Google Search, Gmail, Google Docs or any other of the search giant’s online productivity tools. In its testing, BleepingComputer found that the site did accept user credentials but once they were submitted, it would redirect them to Bitwarden’s official login page. This phishing site was carefully designed to look like an exact replica of Bitwarden’s actual Web Vault login page.
While some could easily spot that the ad led to a phishing site due to the fact that the domain was “” instead of just “”, many users did end up clicking on it. They then took to both Reddit and the Bitwarden forums in an attempt to warn others.
0 kommentar(er)
