WordPress hosting supplier Kinsta is informing customers that Google ads person been observed promoting phishing sites to bargain hosting credentials.
Kinsta says nan phishing attacks purpose to bargain login credentials for MyKinsta, a cardinal work nan institution offers to negociate WordPress and different cloud-based apps.
In an email sent to its customers, Kinsta said it has identified that nan attackers are leveraging Google Ads, targeting individuals who person antecedently visited Kinsta's charismatic websites. The threat actors create sponsored websites that intimately mimic Kinsta's, tricking users into clicking connected them.
"We are penning to alert you to a phishing scam wherever attackers usage fraudulent sites to stitchery MyKinsta login credentials," Kinsta noted successful an email seen by BleepingComputer.
"The attackers are utilizing Google Ads to target group who person visited kinsta.com or my.kinsta.com. The sponsored websites are dangerous, and you should not click connected immoderate links pinch URLs different than kinsta.com or entree fraudulent sites successful immoderate way."
Kinsta emphasizes these sites are malicious, and users should beryllium vigilant not to sojourn links that do not straight lead to nan charismatic kinsta.com aliases my.kinsta.com websites.
The institution besides recommends users alteration two-factor authentication connected their accounts to forestall entree to nan relationship moreover if credentials are stolen.
Further, nan institution cautioned that these attackers mightiness besides nonstop phishing emails aliases different forms of communication, convincing users to log into nan MyKinsta phishing sites done these malicious links to bargain login credentials.
In consequence to these threats, Kinsta is actively identifying and taking down nan phishing sites but warns users to return proactive steps to safeguard their accounts.
Kinsta recommended accessing MyKinsta straight by typing my.kinsta.com in nan browser and disregarding immoderate matter messages claiming to beryllium from Kinsta.
Google ads progressively utilized by hackers
It is important to statement that this is not an isolated incident pinch Google ads, wherever location has been a notable summation successful akin incidents, including a deceptive advertisement for Amazon.
As BleepinpComputer spotted successful August, bad actors had published an advertisement successful Google hunt results that appeared to beryllium for Amazon.
However, erstwhile users click connected this ad, they are redirected to a tech support scam masquerading arsenic a tech support page from Microsoft Defender.
Other Google ads promoted websites that pretended to beryllium download sites for morganatic software, including Grammarly, MSI Afterburner, Slack, Dashlane, Malwarebytes, Audacity, μTorrent, OBS, Ring, AnyDesk, Libre Office, Teamviewer, Thunderbird, and Brave.
However, these clone installers would instal malware, specified arsenic Raccoon Stealer, a civilization type of nan Vidar Stealer, and nan IcedID malware loader.