WordPress hosting provider Kinsta is warning customers that Google ads have been observed promoting phishing sites to steal hosting credentials.
Kinsta says the phishing attacks aim to steal login credentials for MyKinsta, a key service the company offers to manage WordPress and other cloud-based apps.
In an email sent to its customers, Kinsta said it has identified that the attackers are leveraging Google Ads, targeting individuals who have previously visited Kinsta's official websites.
The threat actors create sponsored websites that closely mimic Kinsta's, tricking users into clicking on them.
Kinsta emphasizes these sites are malicious, and users should be vigilant not to visit links that do not directly lead to the official kinsta.com or my.
The company also recommends users enable two-factor authentication on their accounts to prevent access to the account even if credentials are stolen.
Further, the company cautioned that these attackers might also send phishing emails or other forms of communication, convincing users to log into the MyKinsta phishing sites through these malicious links to steal login credentials.
In response to these threats, Kinsta is actively identifying and taking down the phishing sites but warns users to take proactive steps to safeguard their accounts.
Kinsta recommended accessing MyKinsta directly by typing my.
Kinsta.com in the browser and disregarding any text messages claiming to be from Kinsta.
It is important to note that this is not an isolated incident with Google ads, where there has been a notable increase in similar incidents, including a deceptive ad for Amazon.
As BleepinpComputer spotted in August, bad actors had published an ad in Google search results that appeared to be for Amazon.
When users click on this ad, they are redirected to a tech support scam masquerading as a tech support page from Microsoft Defender.
These fake installers would install malware, such as Raccoon Stealer, a custom version of the Vidar Stealer, and the IcedID malware loader.
Fake WordPress security advisory pushes backdoor plugin.
Qbot malware returns in campaign targeting hospitality industry.
Discord adds Security Key support for all users to enhance security.
BazarCall attacks abuse Google Forms to legitimize phishing emails.
Microsoft: OAuth apps used to automate BEC and cryptomining attacks.
This Cyber News was published on www.bleepingcomputer.com. Publication date: Sun, 17 Dec 2023 23:50:07 +0000