I was recently checking out a search for PayPal and noticed something interesting, www.paypal.com was listed twice as the URL of a domain in the first page. The first was the correct address, which directed you to paypal.com, the second sent you off to another domain.  Not only did they make the page displayed as paypal.com, but they also are top ten for a fairly high trafficked keyword.  Imagine if someone did this for banks, trading websites, and even eBay, etc….

This allows the website owner to display a URL that is not owned by them in the URL information location in Google’s results page. I also noticed that Yahoo and MSN do not have this result in their top 10, only Google. Tracking it down, I realized this exploit is really not that difficult, and is something Google really needs to fix immediately. Talk about your ultimate phishing opportunity, my goodness!

Imagine if there was a person out there that wanted to steal your information, how difficult would it be with a page cloaked from Google.com, not very.