PhishLabs by HelpSystems has identified attackers leveraging a weakness in Google’s ad service to carry out phishing campaigns on financial institutions.
In this Help Net Security video, Kevin Cryan, Director of Operational Intelligence at PhishLabs, talks about how this type of attack is different from the one identified by Microsoft – threat actors use conditional geolocation logic to present the legitimate landing page when Google scans their ad. Google publishes the ad and displays the legitimate landing URL on hover. As a result, you get a more convincing ad experience (no odd URL) that still redirects targeted victims to a malicious site.
Source: https://www.helpnetsecurity.com/2022/10/21/how-phishing-campaigns-abuse-google-ad-click-tracking-redirects-video/