Google ad link impersonating Zotero.org

dstillman Zotero Team
This discussion was created from comments split from: Can’t open zotero website on chrome and safari.
  • DWL-SDCA
    I have an observation that may or may not be relevant. I almost exclusively use Firefox. Two days ago I opened Safari for the first time in forever. I didn't have zotero bookmarked. I entered "Zotero.org" in the URL field and received a list from Google instead of linking to the Zotero website. Like a nitwit in a hurry I clicked the first listed link. I received an error message stating:

    "This connection is not private. This website may be impersonating zotero.org to steal your personal or financial information. You should go back to the previous page."

    I realized that I did something dumb & wrong and what I got was a Google search and the first item's url was to a free utility aggregator site. The link had an Ad mark.

    I entered the full URL with https and was taken to Zotero.org.

    I'm now on my iPad and I tried to replicate the problem and find the shady link but I couldn't get Google to show me any ads at the top of the search list for any word search.
  • dstillman Zotero Team
    You should be able to find the URL you visited in your Safari history. What you describe doesn't make a ton of sense, though:

    1) An actual URL (e.g., "Zotero.org") wouldn't trigger a Google search in a browser address bar. A typo might trigger a search, though.

    2) It hasn't been necessary to manually type HTTPS when accessing zotero.org in many years — zotero.org has been in browsers' lists of HTTPS-only sites for over a decade, so all modern browsers will redirect http:// Zotero URLs to https:// before they hit the network.

    3) If you accessed some malicious site, it wouldn't have a domain of zotero.org, so you wouldn't get that certificate warning. The only exception is if your computer or network (your DNS resolver, specifically) was actually compromised, such that zotero.org was resolving to the wrong IP address — then the browser would redirect you automatically to https://zotero.org and you'd see a certificate warning. But then manually typing https://zotero.org would just take you to the same malicious site.

    In any case, your browser history should show you exactly what you did.
  • DWL-SDCA
    edited February 19, 2024
    The problem url is (separated to avoid linking)
    https://

    zotero-standalone.

    en.lo4d

    .com

    I sent a screen shot of the error message to support@zotero.org.

    edit: I am absolutely certain that I entered zotero.org into the Safari URL field expecting to be taken to Zotero website. Instead I received a Google search listing.
  • dstillman Zotero Team
    OK, that's certainly scammy, but it wouldn't have showed a certificate warning about zotero.org. (It also is serving the genuine installer, not malware, at least to me.)

    Fraudulent search ads for "zotero" can be reported, but whether this counts would probably depend on the exact wording.
  • dstillman Zotero Team
    (That site also has a valid Let's Encrypt certificate. Not sure why you would be getting a certificate error there.)
Sign In or Register to comment.