Breach

Fraudulent Google Ads Seek To Breach The Credentials of Microsoft Advertisers

Logo of Google on skyscraper

Microsoft advertisers have been targeted with fake Google ads impersonating Microsoft in a bid to exfiltrate their credentials as part of a new malvertising campaign, The Hacker News reports.

Malwarebytes researchers Jerome Segura said attacks involved luring targets looking for "Microsoft Ads" and other similar terms on Google Search into clicking on nefarious sponsored links, which redirect to a phishing page resembling the "ads.microsoft[.]com" site that seeks users' login credentials and two-factor authentication codes later used for account takeovers.

Additional findings revealed that Brazil accounted for most of the phishing domains used in the campaign. Google has reiterated its commitment to combat malicious ads that target user data. Such a development follows a Zimperium zLabs report detailing a novel mobile-targeted SMS phishing campaign that involved U.S. Postal Service spoofing.

"This campaign employs sophisticated social engineering tactics and a never-before-seen means of obfuscation to deliver malicious PDF files designed to steal credentials and compromise sensitive data," said Zimperium zLabs researcher Fernando Ortega.

Related Terms

Attack Vector

You can skip this ad in 5 seconds