
“The ad is malicious, despite specifying the "bestbuy.com" domain clearly” - ocdtrekkie
https://plus.google.com/+JakeWeisz/posts/fSPmYYLu2pH?sfc=true
======
asteadman
My guess is that it's using substituting one or more of the letters for some
look-alike character out of the extended unicode character set. see:
[https://en.wikipedia.org/wiki/IDN_homograph_attack](https://en.wikipedia.org/wiki/IDN_homograph_attack)

~~~
devoply
ｂestbuy.com < homograph domain resolves apparently to the right domain.

Here is a generator you can fiddle with [http://www.irongeek.com/homoglyph-
attack-generator.php](http://www.irongeek.com/homoglyph-attack-generator.php)

Maybe you can find one.

------
ocdtrekkie
I'm a little mystified, as I have a general standing advice to recommend to
people to look at the URL line in search (which is green on Google search
pages) to verify the domain of the destination is correct, rather than
trusting the title. But this ad appears to successfully pretend to be
bestbuy.com

~~~
detaro
I thought in ads the ad publisher can specify what appears there, so they can
redirect you through external ad tracking services etc and still show their
normal domain? (Can't find a reference for that right now, but that's what I
remember from previous discussions about misleading ads)

Of course Google should validate those somehow, but it seems not unlikely
someone could cheat that process.

~~~
legohead
I believe this is correct. I recently setup an adword for the first time, and
remember being confused/shocked that I could specify whatever I wanted for the
display URL, which had no bearing on the linked URL.

------
adityar
Think this is not showing up now - seeing bestbuy.com in the URL bar as well
for the ad.

