Kinsta, a WordPress hosting service, recently disclosed that fraudsters are using Google ads to spread phishing sites designed to steal hosting credentials.
Kinsta informed its clients via email about the discovery of fraudsters using Google Ads. They primarily target people who have already visited Kinsta’s official websites. These threat actors create sponsored websites that closely resemble Kinsta’s to trick visitors into clicking on them.
In an email, Kinsta highlighted:
We are writing to alert you to a phishing scam where attackers use fraudulent sites to gather MyKinsta login credentials. The attackers are using Google Ads to target people who have visited kinsta.com or my.kinsta.com. The sponsored websites are dangerous, and you should not click on any links with URLs other than kinsta.com or access fraudulent sites in any way.
Victims unintentionally reveal their login credentials to attackers by accidentally logging onto these fake websites. As a result, attackers can use these compromised credentials to gain unauthorised access to, and control over, the targeted websites.
Surge of Cyberattacks using Google Ads
Unfortunately, hackers and fraudsters increasingly prefer using Google Ads, a widely used advertising network. These people and groups cause a serious threat to users and advertisers alike by taking advantage of the platform’s extensive reach and accessibility to carry out a variety of malicious activities.
The recent incident shows the alarming trend of cybercriminals using Google Ads to trick users and compromise their security. Continuous phishing advertisements appeared all year long, even though the first significant incident was in January 2023.
Notably, there have been recent reports of deceptive adverts masquerading as official Amazon sites. By clicking on these adverts, users become victims of tech support scams.
Kinsta strives to actively finding and taking down phishing websites to give its customers the maximum level of protection. However, Kinsta highlights how crucial it is for customers to take proactive measures to secure their accounts.
These websites could be risky for your security, so visit with precautions. Clicking on links that do not take users directly to the official kinsta.com or my.kinsta.com websites is recommended to avoid.
Protecting against potential risks requires caution when dealing with online ads. Verify website URLs before visiting and avoid clicking on suspicious links or giving login information in response to unfamiliar messages. To ensure a trustworthy connection, avoid clicking on any adverts in Google Search.
Furthermore, attackers may use different techniques such as sending phishing emails. Their aim is to trick users into clicking on malicious links that lead to fake MyKinsta websites, which will ultimately result in a breach of login information.
Phishing attacks are on the rise, and it is important to protect your organisation. One effective way to do this is by increasing user awareness about these types of attacks. Phishing Tackle is a great resource that can help you in this regard. They offer a free 14-day trial to help train your users to recognise and avoid phishing attacks.
Although technology can be helpful, it cannot spot 100% of phishing emails. Therefore, user education is important to minimising the impact of any successful attacks. Consulting with Phishing Tackle can provide valuable insights and tools to help you strengthen your defences against phishing attacks.