Fraudsters are abusing Google AdWords to advertise malicious domains that phish for users' account credentials and personal information.
Amanda Kline of PhishLabs explains the phishers have been targeting banks, online gambling websites, and numerous Bitcoin services like Blockchain and Kraken with ads for look-alike domains that are malicious in nature:
"When a victim searches for their respective bitcoin wallet service or bank via their internet browser, these malicious domains appear in the Google Ads at the top and sides of their screen. Once clicked, the victim is taken to a phishing page where they can enter in login and account information which the hacker can then use to access the victims’ accounts and personal information."
The attack campaigns are simple in design. But as Google AdWords is a cost-per-click (CPC) service, they're not as easy to fund. Those responsible for the attacks need to pay Google each time someone clicks on the ad for the malicious domain, including when a user clicks on the ad but for one reason or another doesn't enter their information into the phishing page
Kline therefore suspects the attackers "have significant upfront financing" to continually fund their campaigns and mitigate the effect of such potential losses.
Users can protect themselves against scams that advertise malicious domains by never clicking on a Google Ad, by verifying the grammatical accuracy and URL or a link, and by typing a URL directly into a browser to visit a web page.
These recommendations are lessons that all organisations should strive to relate to their employees. Companies can accomplish that goal by investing in a security awareness training program and/or purchasing anti-phishing e-learning software.
Fortunately, Metacompliance has both and is willing to work with all types of organisations to bolster their compliance and policy management programs.
Learn more about how Metacompliance's solutions can help protect your organisation against scams and other digital threats.
Image by - GoingTo