Google Advertising – The new phishing campaign?
As mail filtering platforms have kept up with new threats, and become more effective at safeguarding organisations – hackers are now looking for easier ways to compromise user accounts.
We are increasingly seeing Google Adverts being used as an easier method of capturing user attention in a way they aren’t expecting.
Need a new software tool – Google
Need a new service – Google
Shopping for something – Google
When a user Google’s something and the result comes to the top of the page, that lends credibility to the site the advert links to – the user trusts that Google has made sure the advert isn’t malicious – unfortunately that’s no longer the case.
We’re seeing more and more of this being used as an attack vector where the user is directed to a site with only the image of a “reCAPTCHA” link. By clicking on it the user downloads a malicious Javascript payload.
We’ve also seen this recently utilised to great effect in the “Zoom Bomb” attack – you can read more on that here:
A Different Kind of Zoombomb (inde.nz)