Google AdWords scam epidemic shows social engineering is evolving
Check out all the Smart Security Summit on-demand sessions here.
Social engineering scams are everywhere. Every day cybercriminals use all possible means to trick users into handing over their data. This includes not only e-mail, SMS and messaging services, but also online advertising services.
Today, security browser extension provider Guardio Labs unveiled new research as part of a blog post warning that the Google AdWords advertising platform is "mass-spreading promoted search results malevolent".
In these scams, called "MasquerAds", fraudsters produce fake advertisements designed to rank on search engines and direct targeted users to malicious phishing sites. These sites are designed to trick users into downloading hidden malicious payloads with file sharing or code hosting servers like GitHub or Dropbox.
Above all, research indicates that social engineering scams are continually evolving, and malicious advertising is one of the preferred ways to harvest details from unsuspecting users.
EventOn-Demand Smart Security Summit
Learn about the essential role of AI and ML in cybersecurity and industry-specific case studies. Watch the on-demand sessions today.
look hereThe report comes shortly after the FBI issued a warning that cybercriminals were using search engine advertising services to impersonate trustmarks and direct users to malicious websites to infect their devices with ransomware or steal their login credentials.
In this latest study, one of the biggest threat actors, known as Vermux, uses hundreds of social engineering sites and domains, mostly served from Russia, to target GPUs and the cryptowallets of US and Canadian residents.
Given the scale of these attacks, organizations need to increase their efforts in security awareness training and endpoint protection tools to ensure employees are equipped to do deal with malicious ads, the same way they do with phishing emails.
“Making mistakes is human, and you only need one to compromise the whole business, so other layers of security are mandatory,” said Nati Tal, head of Guardio Labs.
"EDR [endpoint detection and response] integration is a must, but it's also not enough: Threat actors continue to evolve and test their capabilities against enterprise EDR algorithms So we can also see in our research here: refactoring malware payloads, and the combination with real software, short uptimes, and user trust and intent is almost entirely resistant to detection said Tal.
Tal also notes that preventive detection inside the browser is a must, as it is the "gateway" to many phishing, malvertising, and scams. In-browser protection can help users detect threats before malicious payloads and malware can be downloaded onto their system.
VentureBeat's mission is to be a digital public square for technical decision-making...
Check out all the Smart Security Summit on-demand sessions here.
Social engineering scams are everywhere. Every day cybercriminals use all possible means to trick users into handing over their data. This includes not only e-mail, SMS and messaging services, but also online advertising services.
Today, security browser extension provider Guardio Labs unveiled new research as part of a blog post warning that the Google AdWords advertising platform is "mass-spreading promoted search results malevolent".
In these scams, called "MasquerAds", fraudsters produce fake advertisements designed to rank on search engines and direct targeted users to malicious phishing sites. These sites are designed to trick users into downloading hidden malicious payloads with file sharing or code hosting servers like GitHub or Dropbox.
Above all, research indicates that social engineering scams are continually evolving, and malicious advertising is one of the preferred ways to harvest details from unsuspecting users.
EventOn-Demand Smart Security Summit
Learn about the essential role of AI and ML in cybersecurity and industry-specific case studies. Watch the on-demand sessions today.
look hereThe report comes shortly after the FBI issued a warning that cybercriminals were using search engine advertising services to impersonate trustmarks and direct users to malicious websites to infect their devices with ransomware or steal their login credentials.
In this latest study, one of the biggest threat actors, known as Vermux, uses hundreds of social engineering sites and domains, mostly served from Russia, to target GPUs and the cryptowallets of US and Canadian residents.
Given the scale of these attacks, organizations need to increase their efforts in security awareness training and endpoint protection tools to ensure employees are equipped to do deal with malicious ads, the same way they do with phishing emails.
“Making mistakes is human, and you only need one to compromise the whole business, so other layers of security are mandatory,” said Nati Tal, head of Guardio Labs.
"EDR [endpoint detection and response] integration is a must, but it's also not enough: Threat actors continue to evolve and test their capabilities against enterprise EDR algorithms So we can also see in our research here: refactoring malware payloads, and the combination with real software, short uptimes, and user trust and intent is almost entirely resistant to detection said Tal.
Tal also notes that preventive detection inside the browser is a must, as it is the "gateway" to many phishing, malvertising, and scams. In-browser protection can help users detect threats before malicious payloads and malware can be downloaded onto their system.
VentureBeat's mission is to be a digital public square for technical decision-making...
What's Your Reaction?
![Three of ID's top PR executives quit ad firm Powerhouse [EXCLUSIVE]](https://variety.com/wp-content/uploads/2023/02/ID-PR-Logo.jpg?#){kind=logo}
