An Elaborate Darknet Phishing Scam Is the Top Google Result for Basic Bitcoin Tutorials
“This is probably the best phishing scam I’ve ever seen.”
Image: Flickr/Mr TGT. Composition: Author
As far as online scams designed to steal money and information go, a site called darknetmarkets.org is very impressive and equally scary—not least because Google is currently serving it as a top search result for Bitcoin tutorials.
Darknetmarkets.org, for all intents and purposes, is a "real" website. Its logo looks to be made of chopped-up cocaine, and the site is filled with legitimate-seeming resources for anybody looking to buy drugs on the darknet. News articles populate its homepage, and the site features how-tos on topics like using "mixing" services to hide your Bitcoin transactions from the authorities. A sidebar contains links to the "top" sites to buy drugs on the darknet. If you search Google for "how to mix bitcoins," darknetmarkets.org comes up as the number one result.
But there's a catch: The advice is real, but the links send unsuspecting users to fake versions of real "mixing" services designed to steal money from victims. The supposed darknet markets linked on the sidebar also appear to be faithful recreations of the real deal. One link sends the user to a working login page for AlphaBay, which was at one time the largest darknet market around. AlphaBay was taken offline in July during an internationally-coordinated law enforcement operation.
Whoever is behind darknetmarkets.org has clearly invested a lot of time into making their scam appear as legitimate as possible for maximum impact. Motherboard reached out to the site's owners for comment, but they did not respond by publishing time. CompariTech, a site that reviews and compares information security products, spotted the scam first and wrote up a blog post laying out their findings on Wednesday. Motherboard independently verified that several links on the site take users to sites that appear legitimate but have different URLs than the real versions and are stylistically out of date.
"This is pulling people in who are looking for a particular phrase on google, lulling them into a false sense of security with good information, and then hitting them with a dodgy link to steal their money," said Lee Munson, a CompariTech security researcher, over the phone. "Whoever has done this has done their homework. This is probably the best phishing scam I've ever seen."
The scam website has been up and running since at least 2015, when it was first archived by the Wayback Machine. It doesn't appear to have been updated substantially since then, but still enjoys top billing on Google. Several posts on Reddit have called out the site as a scam over the past year, but none of them were very popular. On the subreddit for the Grams mixing service, several people have reported being scammed. So, how did this convincing scam make it all the way to the top of Google's search results?
Munson speculated that the site may be getting linked to by legitimate sites that don't realize it's a phishing scam, which may lead to the site being valued by Google's search algorithm. He also speculated that the site might be using some standard search engine optimization techniques.
Google did not comment on the record but a spokesperson told Motherboard that phishing sites should be reported to the company.
If nothing else, darknetmarkets.org is a case study in just how far some people are willing to go in order to scam people out of some cryptocurrency online.
Get six of our favorite Motherboard stories every day by signing up for our newsletter.
UPDATE: This article was updated to include comment from Google.