In an alarming development for businesses, Google Ads has been found to host a phishing attack targeting Google account credentials. The fraudulent ad appears when users search for "my business", a common practice for accessing Google Business Profile accounts. This attack, which emerged late last night, exploits the familiarity of Google's interface to deceive users into sharing their login information.
The phishing scheme was uncovered by Dan Foland, who detailed the process in a series of posts on X. Foland revealed that the deceptive ad mimics a legitimate Google ad and directs users to a fake login page designed to steal their credentials. He demonstrated how easily the attack could compromise accounts, warning users of the risks involved.
"Google 'my business' as many people do to manage their GBP profiles. There's an ad that LOOKS like it's from Google", Foland posted, including a screenshot of the misleading ad.
"When you click on any link you get a pop-up that looks like a legit Google login (it's not). P.S. [email protected] doesn't exist, so a real Google login form would stop you after you click Next", he added, exposing the fake login process.
"Paste the code, and boom. You've just given them access to your computer, passwords, files etc. All while assuming you were on a legit Google-owned site the entire time", Foland further explained in his warnings.
The discovery has raised serious concerns about the safety of user credentials, especially for businesses relying heavily on Google Business Profile accounts. Despite the fact that such malicious ads are not common, this incident highlights the need for users to remain vigilant when interacting with online ads.
As a precaution, users are urged to avoid clicking on ads when searching for "my business" or similar terms. Instead, accessing accounts directly through the official Google website is the safest approach to prevent falling victim to these attacks.
This phishing attempt serves as a reminder that even trusted platforms like Google can unintentionally host malicious content. Businesses and users alike are encouraged to exercise caution and report any suspicious behavior to ensure the security of their accounts.
0 comments