Phishing Attacks Are Now Leveraging Google Ads to Hijack Employee Payments
Researchers at Silent Push warn that a phishing campaign is using malicious Google Ads to conduct payroll redirect scams.
The attackers are buying search ads with brand keywords to boost their phishing pages to the top of the search results.
“We have identified hundreds of domains primarily focused on Workday users and high-profile organizations, including the California Employment Development Department (EDD), Kaiser Permanente, Macy’s, New York Life, and Roche,” the researchers write.
“The threat actors have been utilizing malicious search advertising campaigns with sponsored phishing websites and spoofed HR pages via Google to lure unsuspecting victims into providing access to their employee portals.”
After compromising an employee’s account, the attackers insert their own banking information in order to hijack the victim’s next paycheck.
“Armed with additional credential information, such as social security numbers likely obtained from underground forums, once the scammers get into an employee’s portal account, they change the individual’s banking information to redirect funds to a fraudulent bank account, which the threat actors control,” Silent Push says.
The attackers are abusing legitimate tools to quickly set up new phishing pages in order to stay ahead of security defenses.
“Website builders, including Leadpages, Mobirise, Wix, and potentially others, are being used to create domains in the campaign to aid in rapid setup,” the researchers write. “Our threat research team found dedicated IP ranges connected to entirely new pools of infrastructure and observed tactical shifts aligning with specific timeframes. The phishing content is typically hosted among the threat actor’s preferred registrars, Dynadot, Porkbun, and Namecheap.”
New-school security awareness training can give your organization an essential layer of defense by teaching your employees to recognize social engineering attacks. KnowBe4 empowers your workforce to make smarter security decisions every day. Over 70,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.
Silent Push has the story.
Free Phishing Security Test
Would your users fall for convincing phishing attacks? Take the first step now and find out before bad actors do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.
Here’s how it works:
- Immediately start your test for up to 100 users (no need to talk to anyone)
- Select from 20+ languages and customize the phishing test template based on your environment
- Choose the landing page your users see after they click
- Show users which red flags they missed, or a 404 page
- Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
- See how your organization compares to others in your industry
PS: Don’t like to click on redirected buttons? Cut & Paste this link in your browser: https://info.knowbe4.com/phishing-security-test-partner?partnerid=001a000001lWEoJAAW