[pera]

I reported a similar issue to Google early this year and they declined the submission because it "can only result from social engineering" and "we think that addressing it would not make our users significantly less vulnerable".

I won't mention the details here but Google Search sometimes rewrite URLs in such way that an attacker can spoof the actual URL.

My advice is to never trust URLs displayed by websites and apps.

[LelouBil]

> I won't mention the details here but Google Search sometimes rewrite URLs in such way that an attacker can spoof the actual URL.

I think I saw something like this a while ago, with some fake KeePass website maybe.

[chatmasta]

This is an actual feature for AdWords (which show up in search results). But at least there's some moderation of the rendered domain in that case.

[pera]

I know you are referring to those fake KeePass malware ads, but just to clarify: the issue I reported was not related to AdWords - it was for normal search results