In today’s fast-paced digital landscape, employees frequently interact with a myriad of online services through web browsers. While some users rely on memorized URLs or bookmarks, a significant portion habitually uses search engines to access online services, clicking on the first link that appears. Cybercriminals have identified this behavior as a lucrative opportunity to exploit, leveraging Google Ads to promote phishing sites that rank higher than legitimate websites in search results.
According to Google’s Ads Safety Report 2024, the tech giant blocked or removed an astonishing 415 million ads last year for policy violations, predominantly involving scams. Additionally, Google suspended five million advertising accounts that were associated with these misleading ads. These figures underscore the massive scale of the issue and highlight the misuse of Google Ads as a tool for spreading malicious content.
Phishing Attack on Semrush Users
Semrush, a renowned tool among SEO professionals for keyword research and competitor analysis, has recently become a target for cybercriminals. These attackers have crafted a series of fraudulent websites that mimic the Semrush login page to perfection. The fake domains, such as semrush[.]click, semrush[.]tech, and auth.seem-rush[.]com, are promoted through Google Ads to appear credible.
A closer inspection reveals that these counterfeit pages replicate the legitimate Semrush login interface, offering two authentication options: signing in with a Google account or entering Semrush credentials. However, the fields for entering Semrush credentials are disabled, compelling users to log in using their Google account. This cunning tactic leads users to a fake Google login page, where any entered credentials are captured by the attackers.
Deceptive Google Ads in Google Ads
In a more audacious scheme, cybercriminals have used Google Ads to advertise fake versions of Google Ads itself. This method is akin to the Semrush phishing strategy but with a unique twist: the displayed website address in the fake ad is identical to the real one (ads.google[.]com). This is achieved by exploiting Google Sites, a platform for building websites under the google.com domain.
Google’s advertising guidelines permit ads to display any page address, provided the domain matches the destination website. By creating an intermediary site on Google Sites with a google.com domain, the scammers can legally display ads.google.com in their ads. This deceptive strategy redirects unsuspecting users to a counterfeit Google Ads login page, where credentials are harvested if entered.
Safeguarding Against Phishing Threats
While Google has promptly addressed these fraudulent sites by demoting them in search results, organizations must remain vigilant. To protect against such phishing attacks, companies should:
– Encourage Bookmarking : Advise employees to bookmark frequently visited websites rather than relying on search engines.
– Phishing Awareness Training : Implement training programs to help employees recognize and respond to potential phishing threats. Automated e-learning platforms like the Kaspersky Automated Security Awareness Platform can streamline this process.
– Multi-Factor Authentication (MFA) : Enforce MFA for all supported services, prioritizing the use of passkeys for Google accounts.
– Robust Security Solutions : Deploy comprehensive security software on all devices to detect and block access to suspicious sites.
By adopting these proactive measures, organizations can mitigate the risk of falling victim to phishing scams propagated through Google Ads.
Note: This article is inspired by content from https://www.kaspersky.com/blog/semrush-phishing-websites-in-google-ads/53460/. It has been rephrased for originality. Images are credited to the original source.