eBike Phishing Campaign Abuses Google Ads and SEO

Singaporean security firm CloudSEK has uncovered a large phishing campaign in which hundreds of eBike phishing sites have abused Google Ads to trick users into giving their personal data to fake investment schemes that are impersonating genuine brands. With large-scale postings of fraudulent websites, the attackers are leveraging Google Ads and SEO to target the Indian audience. 

Saryu Nayyar, CEO and Founder, Gurucul had this comment:

“Phishing attacks have proven to be the #1 threat vector for compromising organizations but also luring users into gaining access to credentials or personal data. This is a very sophisticated attack in how the attackers leveraged Google Ads to reroute users to fake websites that looked perfectly legitimate. It also shows why phishing attacks are almost impossible to prevent. Organizations must employ new and advanced analytics that includes a well-crafted set of behavioral analytics and machine learning (ML) models to identify suspicious activity and escalate when appropriate to classify this activity as an actual malicious threat. Detection of redirection to illegitimate sites is one area where this be beneficial above and beyond traditional XDR and SIEM solutions.”

Hopefully Google gets on top of this to stop this attack as this seems like a pretty nasty one.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: