CyberSecurity news
FlagThis
@The DefendOps Diaries
//
Cybercriminals are actively targeting SEO professionals through a sophisticated phishing campaign that exploits Google Ads. The attackers are using fake Semrush advertisements to trick users into visiting deceptive login pages designed to steal their Google account credentials. This campaign is a new twist in phishing, going after users of the Semrush SaaS platform, which is popular among SEO professionals and businesses, and is trusted by 40% of Fortune 500 companies.
This scheme is effective due to the SEO professionals' trust in Semrush, a platform used for advertising and market research. The malicious ads appear when users search for Semrush and redirect them to counterfeit login pages, which look similar to legitimate Semrush URLs. The attackers register domain names that closely resemble real Semrush domains and the only login option is with a Google account, harvesting Google account information for further malicious activities. This provides the attackers with valuable access to Google Analytics and Google Search Console, giving them insight into the companies' financial performance.
ImgSrc: thedefendopsdia
References :
This scheme is effective due to the SEO professionals' trust in Semrush, a platform used for advertising and market research. The malicious ads appear when users search for Semrush and redirect them to counterfeit login pages, which look similar to legitimate Semrush URLs. The attackers register domain names that closely resemble real Semrush domains and the only login option is with a Google account, harvesting Google account information for further malicious activities. This provides the attackers with valuable access to Google Analytics and Google Search Console, giving them insight into the companies' financial performance.
ImgSrc: thedefendopsdia
Share:
References :
- The DefendOps Diaries: Cybercriminals exploit Google Ads to target SEO pros, using fake Semrush ads to steal Google credentials.
- Help Net Security: Malicious ads target Semrush users to steal Google account credentials
- Malwarebytes: Semrush impersonation scam hits Google Ads
- www.tripwire.com: Tech support scams leverage Google ads again and again, fleecing unsuspecting internet users
- BleepingComputer: A new phishing campaign is targeting SEO professionals with malicious Semrush Google Ads that aim to steal their Google account credentials.
- BleepingComputer: A new phishing campaign is targeting SEO professionals with malicious Semrush Google Ads that aim to steal their Google account credentials.
- bsky.app: Fake Semrush ads used to steal SEO professionals’ Google accounts
- BleepingComputer: A new phishing campaign is targeting SEO professionals with malicious Semrush Google Ads that aim to steal their Google account credentials.
- : Threat actors are looking to compromise Google accounts to further malvertising and data theft
- Email Security - Blog: Cyber criminals have launched a sophisticated phishing campaign that exploits the trusted reputation of Semrush — an SEO firm that's captured of Fortune 500 brands as customers — to compromise Google account credentials.
- gbhackers.com: Hackers Deploy Fake Semrush Ads to Steal Google Account Credentials
Classification:
- HashTags: #Phishing #GoogleAds #CredentialTheft
- Company: Google
- Target: SEO professionals
- Attacker: Cybercriminals
- Product: Google Ads
- Feature: Ad fraud
- Malware: Semrush impersonation
- Type: Phishing
- Severity: Medium