eBike Phishing Campaign Abuses Google Ads and SEO

Singaporean security firm CloudSEK has uncovered a large phishing campaign in which hundreds of eBike phishing sites have abused Google Ads to trick users into giving their personal data to fake investment schemes that are impersonating genuine brands. With large-scale postings of fraudulent websites, the attackers are leveraging Google Ads and SEO to target the Indian audience. 

Saryu Nayyar, CEO and Founder, Gurucul had this comment:

“Phishing attacks have proven to be the #1 threat vector for compromising organizations but also luring users into gaining access to credentials or personal data. This is a very sophisticated attack in how the attackers leveraged Google Ads to reroute users to fake websites that looked perfectly legitimate. It also shows why phishing attacks are almost impossible to prevent. Organizations must employ new and advanced analytics that includes a well-crafted set of behavioral analytics and machine learning (ML) models to identify suspicious activity and escalate when appropriate to classify this activity as an actual malicious threat. Detection of redirection to illegitimate sites is one area where this be beneficial above and beyond traditional XDR and SIEM solutions.”

Hopefully Google gets on top of this to stop this attack as this seems like a pretty nasty one.

Leave a Reply

%d bloggers like this: