Mobile subscriptions, AdWords, Vkontakte application and phishing

Long thought about how to correctly formulate the title, so that it reflects the essence of the situation. I want to tell about an interesting way of divorcing VKontakte users, which we had to face today.

It's no secret that so many users enter the name of the site they want to go to in the search box. Above, you see google ads for “vk.com”. It would seem that www.vk.com is listed as the landing domain and even an attentive user with a clear conscience clicks on the ad. And gets on ... site with a simple domain type vk.com.uohu8.tk
')


The user is prompted to regain control of the account:

• enter a phone number
• get the code in the message
• enter the code in the form.

True, the scheme of the scammers could be better; after entering the code from the message, the phishing site indicates an error with the cellular operator and asks for a number from another operator. Although it could just redirect to the real vk.com.



The code came from MegafonPro and in fact there was a subscription to tooportal.com .


And now the main question: " How is this possible? "

AdWords creates the landing page domain based on the link that the advertiser indicated. What is it, AdWords bug? Not. Everything is very simple.

The advertiser indicated in the landing page the address of the application VKontakte. Therefore, the advertising system is absolutely honest and correctly shows the domain vk.com.

But already the VKontakte application is among the users for the phisher's domain. Everything happens very quickly and the user does not understand that something is wrong. Moreover, the domains change dynamically by the application itself. Here is the application - vk.com/app3395740 ( UPD: the application was blocked by the administration UPD 2 : The link in the advertisement was replaced with vk.com/app3397737 .).

Who is to blame and what to do?

It is difficult to unequivocally answer this question.

On the one hand, the advertiser should be able to land the user in the application or VKontakte group. Moreover, now all the activity that used to spin around all sorts of amateur hamsters (homepage) has moved to social networks: groups and publics. Obviously, this is not a problem on the AdWords side.

No one bothers to post a link to the VKontakte application in any other popular place on the Internet, sign the user, and then send it to the real application.

It seems that the security of VK applications is a VK problem. But even a thorough application check will not do anything. The programmer can make the application the first time to be an application, and after a month or two (when all the checks are completed) it becomes a redirect to a phishing site.

What do you think about this?

UPD: VKontakte Reaction

The guys from VKontakte are great. React very quickly. I saw just such a warning.