[thanksforfish]

Good reminder that ad blockers provide security against this sort of thing. Yet another example of ad networks not checking content.

Does anyone know if this also impacts duckduckgo, which uses keyword based ads from Microsoft Advertising?

[auiya]

Not ads-based, but I'd imagine their "I'm feeling ducky" re-director feature could be abused for phishing links quite easily. duckduckgo.com/?q=!ducky+hxxp://badguydomain.com. Google's I'm feeling lucky re-director was already caught being used for phishing re-direction (and patched with a click-through). https://www.microsoft.com/security/blog/2019/12/11/the-quiet...

[hans_castorp]

I ran that search with DuckDuckGo (using Firefox) but it did not show either of the two phishing site. And the ads were clearly marked as ads (after I turned off uBlock)