Bitwarden Vault Fake Phishing Site!

I searched for Bitwarden Vault on Bing and clicked the link, entered my details, but then realised in horror that I’d clicked through to a fake site, with identical log-in page design, padlock symbol in browser and https:// URL. The only giveaway was the letter S to spell Bitswarden. I spent 5 hours changing my passwords and I cancelled my bank cards. I let Bitwarden support know and they said they would get on the case, and that it was a phishing site. As of tonight, this fake site is in the top 3 results on Bing.

1 Like

FAKE LINK
https://bitswarden.com/
Do not use this

1 Like

Report this as a deceptive site from your browser. I don’t know if it would help, but it is an option.

1 Like

That’s it! A VERY professional effort, and extremely dangerous. I reckon it steals your login, then forwards you to the real site, even logging you in so you don’t realise what’s happened.

I’ll have a look and see if that is an option for me. You might do it too, in case I can’t.

1 Like

I too had come across several sites. I once contacted support. They told it might be self hosted bitwarden instances. BTW didn’t you notice this was not there. image
Also notice the version difference.

2 Likes

This has happened before and someone else reported another site on Github. Seems like hosting Bitwarden is a pretty easy thing to do. All you need to do is rent a server and install the software.

3 Likes

It makes me lose confidence in Bitwarden. I found a flatpak app in Linux Mint software manager. I downloaded it. I’m not sure if I logged into it. I read on a forum, maybe this one, that ‘the community manages it’. It seems bizarre to allow ‘a community’ to manage such an important tool.

Are these self-hosted instances criminal enterprises? What would happen if you logged in? I will be A LOT More careful in future before logging into any security or banking site!

I reported this particular site to Bitwarden support, Google, Bing, and the US government agency which looks into these phishing sites.

1 Like

I don’t know any of these sites. I manually type the URL caeruflly :slightly_smiling_face: to avoid any typos. Once you logged in to another site like that go to official bitwarden site and maybe deauthorize all sessions if you have any doubts.

Another WEBSITE
https://vibeproject.net/
It is not linked.

1 Like

I’ve spent the last 7 hours changing passwords and 2FA, and I’ve cancelled ALL my bank cards.

Please save the URL to your bookmarks.

2 Likes

Yes, I’ve done that, but I find myself being really paranoid now. IS IT the real URL? Is THIS the real Windows download? :grimacing:

This would appear to be the real vault:

I’m not sure what the # is for?

The # is there for me as well
Always check the domain and make sure that it is spelled correctly.
No one else can use the domain bitwarden.com

1 Like

I notice that URL no longer points to bitswarden.com but now to example.com :thinking:

1 Like

Yeah, I bookmarked it now, so I will not make this mistake again! I now have no access to money, because all my bank cards are cancelled, and I await replacements which will not arrive until next week. :confounded:

Changed the link because I don’t want anyone to accidentally enter their credentials. @anon13423310 also did it. That is why.
If you copy the link and paste it, then you will go to that site.

1 Like

Were you able to login and see your items in bitswarden