Feb 25 / Admin

New Scam Alert: Threat Actors Are Using Google Ads to Launch Phishing Attacks

Security Boulevard reported:   

While software gets better at keeping phishing emails from reaching users’ inboxes, and employees get better educated to recognizing phishing, threat actors get better at making phishing emails look legitimate enough to fool both software and humans alike — perpetuating the cybersecurity cat-and-mouse game.

Recently, threat actors have stepped up their game by using Google Ads to trick users into visiting their malicious websites. Security professionals reiterate to users that they should not click links in emails or text messages, and instead advise them to type the full URL of the site referenced directly into their browser. However, that assumes users know what a full URL actually is. For many users, navigating the internet is strictly a matter of using Google and keywords to get where they are going. So instead of typing in “https://apple.com” or even just “apple.com” into their nav bar, they simply type “apple” and click on the first link provided by their preferred search engine (almost always Google).

Unfortunately, that first link (or the first few links) can be purchased using Google Ads and served up based on keywords users are searching. Though these were generally reliable in the past, more and more, these results are being hijacked by threat actors. Now, the first link you get when searching for “zoom” or “download zoom” may not be for a legitimate website, but rather a threat actor controlled website. T

Find the original article and read more here.

Enroll in Training Sessions:  Last Thursday of Every Month is Training on Frauds and New Scam Alerts and How to Combat
* indicates required