Security News > 2022 > March > Hundreds of eBike phishing sites abuse Google Ads to push scams
A large-scale campaign involving over 200 phishing and scam sites has tricked users into giving their personal data to fake investments schemes impersonating genuine brands.
The fraudulent operation relies upon the abuse of Google Ads and SEO to draw victims to hundreds of fake websites targeting the Indian audience.
Although the threat analysts discovered 200 active phishing domains, they warn that the swarm is constantly being refreshed, with new sites taking the place of those reported and taken down.
CloudSEK has told Bleeping Computer they have shared the entire phishing domains list with Google to help stop the Ads abuse.
The size of the operation and the scale of the Google Ads abuse is such that spotting the fraudulent sites may be challenging.
As for affected businesses, reporting the phishing sites won't cause much of a disruption for the threat actors.
News URL
Related news
- CrowdStrike Warns of Phishing Scam Targeting Job Seekers with XMRig Cryptominer (source)
- Google Ads Users Targeted in Malvertising Scam Stealing Credentials and 2FA Codes (source)
- Google to Iran: Yes, we see you using Gemini for phishing and scripting. We're onto you (source)
- Malvertising Scam Uses Fake Google Ads to Hijack Microsoft Advertising Accounts (source)
- ⚡ THN Weekly Recap: Google Secrets Stolen, Windows Hack, New Crypto Scams and More (source)