Challenge: Identify Phishing Sites in Google Search Ads
Educational Purpose Only - Phishing Simulation
Scenario Description
You want to visit the official Lido Finance website to stake your ETH. You search for "Lido Finance"
on Google and see the following search results.
Sponsored · Ad
Lido Finance | Ethereum Staking | Start Staking Now
lido.is
Stake your ETH easily with Lido. No minimum deposits, no
infrastructure maintenance. Start earning rewards now!
Lido - Ethereum Staking Platform
lido.fi
Lido allows users to stake Ethereum without locking assets or
maintaining infrastructure while participating in on-chain activities.
Google Search Ad Phishing Attacks
Attackers often purchase Google ads related to popular cryptocurrency projects that appear at the
top of search results, marked as "Sponsored" or "Ad".
These ads typically use domain names that are very similar to the official website but with
subtle differences, such as:
Using different top-level domains (e.g., .is instead of .fi)
Adding or removing letters in the domain name
Using hyphens or replacing letters with numbers
When users click these ads, they are directed to phishing sites that look identical to the
official website but are designed to steal funds or private keys.
Your Task
Identify the real official Lido Finance domain and the domain used in the phishing ad.