New phishing scam targets banking credentials through Bing search results
A new phishing scam targeting KeyBank users on Bing search results is redirecting users to fake login pages that capture credentials. Hackers use advanced cloaking tactics to evade detection, with sites appearing ahead of the official bank page.
Malwarebytes Labs reports a new wave of phishing attacks targeting banking customers is exploiting Microsoft’s Bing search engine, where a search for “KeyBank login” now returns malicious links among the top results. This concerning discovery, reported Oct. 29, reveals that the phishing website—registered only two weeks ago—appears even above the legitimate KeyBank website in some cases. Security experts have reported the malicious links to Microsoft.
While Bing has just a 4% market share, hackers are increasingly turning to it as an alternative to Google, due to relatively less competition in scam filtering.
Through a technique known as “search engine poisoning,” cybercriminals rapidly index their websites by creating fake “friendly” pages to evade detection.
These phishing sites often mimic legitimate login portals and use HTTPS, giving an impression of security to unsuspecting users.
