Singaporean security firm CloudSEK has uncovered a large phishing campaign in which hundreds of eBike phishing sites have abused Google Ads to trick users into giving their personal data to fake investment schemes that are impersonating genuine brands. With large-scale postings of fraudulent websites, the attackers are leveraging Google Ads and SEO to target the Indian audience.
Saryu Nayyar, CEO and Founder, Gurucul had this comment:
“Phishing attacks have proven to be the #1 threat vector for compromising organizations but also luring users into gaining access to credentials or personal data. This is a very sophisticated attack in how the attackers leveraged Google Ads to reroute users to fake websites that looked perfectly legitimate. It also shows why phishing attacks are almost impossible to prevent. Organizations must employ new and advanced analytics that includes a well-crafted set of behavioral analytics and machine learning (ML) models to identify suspicious activity and escalate when appropriate to classify this activity as an actual malicious threat. Detection of redirection to illegitimate sites is one area where this be beneficial above and beyond traditional XDR and SIEM solutions.”
Hopefully Google gets on top of this to stop this attack as this seems like a pretty nasty one.
Like this:
Like Loading...
Related
This entry was posted on March 1, 2022 at 12:55 pm and is filed under Commentary with tags Phishing. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
eBike Phishing Campaign Abuses Google Ads and SEO
Singaporean security firm CloudSEK has uncovered a large phishing campaign in which hundreds of eBike phishing sites have abused Google Ads to trick users into giving their personal data to fake investment schemes that are impersonating genuine brands. With large-scale postings of fraudulent websites, the attackers are leveraging Google Ads and SEO to target the Indian audience.
Saryu Nayyar, CEO and Founder, Gurucul had this comment:
“Phishing attacks have proven to be the #1 threat vector for compromising organizations but also luring users into gaining access to credentials or personal data. This is a very sophisticated attack in how the attackers leveraged Google Ads to reroute users to fake websites that looked perfectly legitimate. It also shows why phishing attacks are almost impossible to prevent. Organizations must employ new and advanced analytics that includes a well-crafted set of behavioral analytics and machine learning (ML) models to identify suspicious activity and escalate when appropriate to classify this activity as an actual malicious threat. Detection of redirection to illegitimate sites is one area where this be beneficial above and beyond traditional XDR and SIEM solutions.”
Hopefully Google gets on top of this to stop this attack as this seems like a pretty nasty one.
Share this:
Like this:
Related
This entry was posted on March 1, 2022 at 12:55 pm and is filed under Commentary with tags Phishing. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.