top | item 13413399

“The ad is malicious, despite specifying the "bestbuy.com" domain clearly”

25 points| ocdtrekkie | 9 years ago |plus.google.com | reply

7 comments

[+] asteadman|9 years ago|reply

My guess is that it's using substituting one or more of the letters for some look-alike character out of the extended unicode character set. see: https://en.wikipedia.org/wiki/IDN_homograph_attack

[+] devoply|9 years ago|reply

ｂestbuy.com < homograph domain resolves apparently to the right domain.

Here is a generator you can fiddle with http://www.irongeek.com/homoglyph-attack-generator.php

Maybe you can find one.

[+] itcrowd|9 years ago|reply

There could also be an open redirect in bestbuy.com somewhere which is exploited

[+] ocdtrekkie|9 years ago|reply

I'm a little mystified, as I have a general standing advice to recommend to people to look at the URL line in search (which is green on Google search pages) to verify the domain of the destination is correct, rather than trusting the title. But this ad appears to successfully pretend to be bestbuy.com

[+] detaro|9 years ago|reply

I thought in ads the ad publisher can specify what appears there, so they can redirect you through external ad tracking services etc and still show their normal domain? (Can't find a reference for that right now, but that's what I remember from previous discussions about misleading ads)

Of course Google should validate those somehow, but it seems not unlikely someone could cheat that process.

[+] adityar|9 years ago|reply

Think this is not showing up now - seeing bestbuy.com in the URL bar as well for the ad.