Scammers Trick over 500,000 Victims with Fake Google, Bing Ads to Steal Personal Info
Companies Mentioned
Why It Matters
The scheme demonstrates how paid search ads can be weaponized to defeat MFA, exposing millions of workers to credential theft and financial fraud, and underscores the need for organizations to enforce safe browsing practices and robust anti‑phishing defenses.
Summary
Cybersecurity firm Check Point identified a campaign dubbed “Payroll Pirates” that uses paid Google and Bing ads to lure employees to counterfeit payroll, HR, credit‑union and trading‑platform login pages, harvesting credentials and multi‑factor authentication codes. The operation, which has targeted more than 200 services and compromised an estimated 500,000 users, resurfaced in mid‑2024 with upgraded phishing kits that can bypass two‑factor authentication and employ Telegram bots for real‑time code collection. Researchers traced the infrastructure to clusters in Kazakhstan, Vietnam and cloaked Bing domains, and linked at least one operator to Ukraine, indicating a sophisticated, transnational threat network.
Scammers trick over 500,000 victims with fake Google, Bing ads to steal personal info
Comments
Want to join the conversation?
Loading comments...