[GNC] [GNC-dev] URGENT: Fake gnucash website with fake download, most likely compromised file

Vincent Dawans dawansv at gmail.com
Fri Dec 9 19:02:53 EST 2022 

You need to go to the main.php page link to see the fake site. Full link is
https://gnu-cash.org/main.php or possibly  https://www.gnu-cash.org/main.php

Google ads are location and search history dependent so might not show up
everywhere.

Google has a separate tool to report phishing sites. But make sure you
report the whole URL with the main.php
https://safebrowsing.google.com/safebrowsing/report_phish/?hl=en

That said the https://gnu-cash.org/main.php doesn't seem to work in
incognito mode nor on microsft edge. Only on regular chrome does it open. I
don't have another browser installed so can't test/

On Fri, Dec 9, 2022 at 3:51 PM John Ralls <jralls at ceridwen.us> wrote:

> I don't see that ad when I search Google for gnucash; when I type
> https://www.gnu-cash.org/ into my browser's address bar I'm taken to a
> page titled "Dot Com Inovations"[sic] with a heading "October 20, 2022" and
> nothing at all about GnuCash.
>
> Not that there would be anything we could do about it if it did exist.
>
> Regards,
> John Ralls
>
>
> > On Dec 9, 2022, at 3:39 PM, Vincent Dawans <dawansv at gmail.com> wrote:
> >
> > Added screenshot showing fake gnucash site ad at top of google results.
> >
> > On Fri, Dec 9, 2022 at 3:31 PM Vincent Dawans <dawansv at gmail.com> wrote:
> >
> >> Precision: the link to the fake site reported below is actually
> >> https://gnu-cash.org/main.php -- you need the full page link to see the
> >> fake site that shows in the google ad.
> >>
> >> On Fri, Dec 9, 2022 at 3:24 PM Vincent Dawans <dawansv at gmail.com>
> wrote:
> >>
> >>> I just typed gnucash in google and the first hit was an ad pointing to
> >>> gnu-cash.org (with a dash). It is a fake site that is a carbon copy of
> >>> the official site but the download link goes to a setup.exe that is
> most
> >>> likely a corrupted virus file.
> >>>
> >>> We need this removed ASAP. There is an option in google to report the
> >>> site and mark it as spam/phishing. I imagine if more people do this it
> will
> >>> get removed faster hopefully.
> >>>
> >>
> > <fake-gnucash-site.png>_______________________________________________
> > gnucash-devel mailing list
> > gnucash-devel at gnucash.org
> > https://lists.gnucash.org/mailman/listinfo/gnucash-devel
>
>

More information about the gnucash-user mailing list