Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

    Security Awareness Training Blog

    Phishing Attacks Are Now Leveraging Google Ads to Hijack Employee Payments

    Closeup of young male theift in sweatshirt with hood transfering money from bills of stolen creding cards-1Researchers at Silent Push warn that a phishing campaign is using malicious Google Ads to conduct payroll redirect scams. 

    The attackers are buying search ads with brand keywords to boost their phishing pages to the top of the search results.

    “We have identified hundreds of domains primarily focused on Workday users and high-profile organizations, including the California Employment Development Department (EDD), Kaiser Permanente, Macy’s, New York Life, and Roche,” the researchers write.

    “The threat actors have been utilizing malicious search advertising campaigns with sponsored phishing websites and spoofed HR pages via Google to lure unsuspecting victims into providing access to their employee portals.”

    After compromising an employee’s account, the attackers insert their own banking information in order to hijack the victim’s next paycheck.

    “Armed with additional credential information, such as social security numbers likely obtained from underground forums, once the scammers get into an employee’s portal account, they change the individual’s banking information to redirect funds to a fraudulent bank account, which the threat actors control,” Silent Push says.

    The attackers are abusing legitimate tools to quickly set up new phishing pages in order to stay ahead of security defenses.

    “Website builders, including Leadpages, Mobirise, Wix, and potentially others, are being used to create domains in the campaign to aid in rapid setup,” the researchers write. “Our threat research team found dedicated IP ranges connected to entirely new pools of infrastructure and observed tactical shifts aligning with specific timeframes. The phishing content is typically hosted among the threat actor’s preferred registrars, Dynadot, Porkbun, and Namecheap.”

    New-school security awareness training can give your organization an essential layer of defense by teaching your employees to recognize social engineering attacks. KnowBe4 empowers your workforce to make smarter security decisions every day. Over 70,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.

    Silent Push has the story.

     

    Return To KnowBe4 Security Blog

    BreachSim

    Free downloadable software tool

    How easy is it for bad actors to penetrate your system and exfiltrate your data? Pinpoint vulnerabilities, take action and build stronger cyber defenses with BreachSim, a free downloadable software tool from KnowBe4. Based on techniques outlined in the MITRE Att&CK framework, BreachSim launches 12+ data exfiltration scenarios to uncover the stark reality of what happens when employees unknowingly fall for an attack.

    BreachSim LogoHow BreachSim works:

    • 100% harmless simulation of real breach and data exfiltration attacks
    • Provides secure .txt, .doc, and .bmp test files for the simulation
    • Tests 12+ realistic data exfiltration scenarios following the MITRE Att&CK framework
    • Just download the installer, upload the secure test files, and run

    Results in a few minutes!

    Try Now

    PS: Don't like to click on redirected buttons? Cut and paste this link in your browser:

    https://www.knowbe4.com/free-tools/breachsimu

    Topics: Phishing, Security Awareness Training, Security Culture

    Stu Sjouwerman

    ABOUT STU SJOUWERMAN

    Stu Sjouwerman (pronounced “shower-man”) is the founder and CEO of KnowBe4, Inc., which hosts the world’s most popular integrated security awareness training and simulated phishing platform, with over 54,000 organization customers and more than 50 million users. A serial entrepreneur and data security expert with 30 years in the IT industry, Stu was the co-founder of Inc. 500 company Sunbelt Software, a multiple award-winning anti-malware software company that was acquired in 2010.

    Read more from Stu »

    Subscribe to Our Blog


    Security Awareness Training
    Blog RSS Feed
    Comprehensive Anti-Phishing Guide
    All Posts

    Posts by Tag

    See all

    Posts By Topic

    View All

    Get the latest about social engineering

    Subscribe to CyberheistNews