Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

    Security Awareness Training Blog

    Malvertising Campaign Impersonates Dozens of Google Products

    Google Calendar Reduce Use of Calendar Invites for Phishing ToolsA malvertising campaign is abusing Google ads to impersonate Google’s entire product line, according to researchers at Malwarebytes. The malicious ads are designed to lure victims into a tech support scam.

    “While brand impersonation is commonly done via tracking templates, in this instance the fraudsters relied on keyword insertion to do the work for them,” Malwarebytes explains. “This is particularly useful when targeting a single company and its entire portfolio.”

    The scammers are abusing Looker Studio (another Google product) to trick users into thinking something is wrong with their computer. When a user clicks on the malicious ad, Looker Studio will display a full-screen image of Google’s home page. This image contains a hyperlink that will take the victim to a page that displays a fake Microsoft or Apple alert page with a phone number to call for help. Once the scammer has the victim on the phone, they’ll attempt to trick the victim into installing malware or handing over sensitive information.

    Malwarebytes has reported this campaign to Google, but the criminals can use the same tactics to spin up similar operations.

    “Malicious ads can be combined with a number of tricks to evade detection from Google and defenders in general,” the researchers write. “Dynamic keyword insertion can be abused to target a larger audience related to the same topic, which in this case was Google’s products. Finally, it’s worth noting that in this particular scheme, all web resources used from start to finish are provided by cloud providers, often free of charge. That means more flexibility for the criminals while increasing difficulty to block.”

    New-school security awareness training can give your organization an essential layer of defense against social engineering attacks. KnowBe4 empowers your workforce to make smarter security decisions every day. Over 65,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.

    Malwarebytes has the story.

     

    Return To KnowBe4 Security Blog

    Get Your Ransomware Hostage Rescue Manual

    Ransomware Hostage Rescue Manual Cover 2022This 26-page manual is packed with actionable info that you need to prevent infections, and what to do when you are hit with ransomware. You also get a Ransomware Attack Response Checklist and Prevention Checklist. You will learn more about:

    1. What is Ransomware?
    2. Am I Infected?
    3. I’m Infected, Now What?
    4. Protecting Yourself in the Future
    5. Resources

    Don’t be taken hostage by ransomware. Download your rescue manual now! 

    Get Your Manual

    PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

    https://info.knowbe4.com/ransomware-hostage-rescue-manual-0

    Topics: Social Engineering, Security Awareness Training, Security Culture

    Stu Sjouwerman

    ABOUT STU SJOUWERMAN

    Stu Sjouwerman (pronounced “shower-man”) is the founder and CEO of KnowBe4, Inc., which hosts the world’s most popular integrated security awareness training and simulated phishing platform, with over 54,000 organization customers and more than 50 million users. A serial entrepreneur and data security expert with 30 years in the IT industry, Stu was the co-founder of Inc. 500 company Sunbelt Software, a multiple award-winning anti-malware software company that was acquired in 2010.

    Read more from Stu »

    Subscribe to Our Blog


    Security Awareness Training
    Blog RSS Feed
    Comprehensive Anti-Phishing Guide
    All Posts

    Posts by Tag

    See all

    Posts By Topic

    View All

    Get the latest about social engineering

    Subscribe to CyberheistNews