Forbes reports that hackers are targeting Microsoft advertiser accounts in an attempt to steal login information and access the advertising platform. Malwarebytes researchers discovered how hackers use malicious ads appearing on Google Search to get sensitive data.
The cybersecurity company discovered that sponsored ads contained malicious links despite Google’s security measures. Malwarebytes contacted Google for a statement and received a response stating, “We expressly prohibit ads that aim to deceive people, and we suspend advertisers’ accounts if they are found to engage in this practice, as we have done here. ”
How do hackers try to steal passwords from Microsoft users? They use tricks to hide malicious traffic from bots, security scanners, and crawlers. If you use a VPN, you are taken to a “white page” with fake marketing, while “authentic” users are directed to a cloaking page with a “Are you human?” verification check. After that, you see a fake Microsoft ads platform login page, which is a malicious domain. The page shows a phony error message, alluring you to change your password. It also tries to bypass any two-factor authentication protections, as Jérôme Segura, senior director of research at Malwarebytes, warns.
Segura gave some beneficial tips so users can stay safe:
- Always double-check the website before entering your login information.
- Use 2FA wisely and always verify requests before granting access.
- Review your advertising accounts for suspicious activity and any unauthorized changes.
- If you see any suspicious ads, report them to benefit others.
Google is aware of these malicious ad campaigns and continues to take action against them. It reviews associated accounts and malicious ads and takes appropriate measures based on its policies. The news reminds us that having a strong password is important, and using one of the best password managers is a great idea.
