Fake Google ads are on the rise and hackers are making the most of this opportunity to steal advertisers’ credentials located on the Google Ads Platform.
Cybercriminals not only run fake ads on Search that seem like they are real but also display sponsored results that redirect victims to the wrong locations to achieve their purpose. This includes fake login pages hosted on sites that appear like they are the actual homepage for Google Ads but are not. This way, users get tricked into plugging in credentials so they can log in.
Google Sites therefore host phishing-related pages as it enables attackers to disguise fake ads provided their URL matches the one seen on Google Ads’ main domain. In this way, they achieve impersonation flawlessly.
Experts from MalwareBytes spoke about how URLs cannot be displayed on ads unless the landing page is the same as the domain name. This helps users stay safeguarded but it’s also a rule that can easily be bypassed.
Remember, sites.google.com makes use of the same root domain advertisements as ads.google.com. Therefore, it just makes it hard to appreciate the difference. Now the attack does not take place in one go but is broken down into different stages.
For starters, the victim enters account information linked to Google into phishing pages. The kit bundles up identifiers, cookies, and all kinds of credentials. After that, victims get emails talking about logins from different locations. In case the victim does not stop this attack, the new administrator is included in the ads account through a unique Gmail address. In the end, the threat actor spreads the issue and locks out a victim when and if they can.
Three cybercrime groups get behind the attacks and happen to be speakers who might appear to talk in their native languages but are located outside of their home country. Experts believe the end target is selling stolen accounts and also using the details to carry out future phishing attempts.
Stolen ads from Google accounts are very much in demand by attackers. They keep using them on a routine basis to fuel their phishing acts that end up abusing ads on Google Search as well. This further makes the matter worse and spreads scams with malware.
Read next: Can Americans Surpass The TikTok Ban In The US With VPNs?
Cybercriminals not only run fake ads on Search that seem like they are real but also display sponsored results that redirect victims to the wrong locations to achieve their purpose. This includes fake login pages hosted on sites that appear like they are the actual homepage for Google Ads but are not. This way, users get tricked into plugging in credentials so they can log in.
Google Sites therefore host phishing-related pages as it enables attackers to disguise fake ads provided their URL matches the one seen on Google Ads’ main domain. In this way, they achieve impersonation flawlessly.
Experts from MalwareBytes spoke about how URLs cannot be displayed on ads unless the landing page is the same as the domain name. This helps users stay safeguarded but it’s also a rule that can easily be bypassed.
Remember, sites.google.com makes use of the same root domain advertisements as ads.google.com. Therefore, it just makes it hard to appreciate the difference. Now the attack does not take place in one go but is broken down into different stages.
For starters, the victim enters account information linked to Google into phishing pages. The kit bundles up identifiers, cookies, and all kinds of credentials. After that, victims get emails talking about logins from different locations. In case the victim does not stop this attack, the new administrator is included in the ads account through a unique Gmail address. In the end, the threat actor spreads the issue and locks out a victim when and if they can.
Three cybercrime groups get behind the attacks and happen to be speakers who might appear to talk in their native languages but are located outside of their home country. Experts believe the end target is selling stolen accounts and also using the details to carry out future phishing attempts.
Stolen ads from Google accounts are very much in demand by attackers. They keep using them on a routine basis to fuel their phishing acts that end up abusing ads on Google Search as well. This further makes the matter worse and spreads scams with malware.
Read next: Can Americans Surpass The TikTok Ban In The US With VPNs?
