We have received many reports lately of clients falling victim to phishing sites appearing in the ads, above the organic search results, of all of the major search engines.
Unfortunately, it seems to be easier to get an ad up than it is to have one taken down. Our efforts at reporting the malignant ads have, so far, only resulted in temporary removal. The matter is now in the hands of our legal team, who are seeking a more permanent cure.
Other services in the ecosystem are suffering the same scourge:
https://www.reddit.com/r/ethereum/comments/4xpj0u/malicious_phisher_is_running_google_ads_for/
Clients who have reused their Kraken password on their email accounts (and other services) likely have had those accounts compromised as well. If an attacker also has control of your email account, you will not receive alerts about the suspicious activity on your Kraken account. This is why it is imperative that passwords not be reused across services.
When dealing with financial services, it is always important to practice safe browsing.
- Assume ads in search results are phishing
- Assume that you can’t tell the difference between an ad and organic search result
- Set yourself bookmarks and rely on those for navigating to the desired site
- Type the desired domain in the address bar yourself
- Verify that you are on the correct domain before entering credentials
Here is a screenshot of the website responsible for the recent phishing attempts.
...
Continues: http://blog.kraken.com/post/148976188862/kraken-phishing-warning