Researchers who study online security have uncovered a troubling scheme aimed at people using Microsoft’s advertising service. This trick involves phony advertisements popping up on Google Search, set up to fool users into handing over their account details. When someone types “Microsoft Ads” into Google, they might see these paid ads at the top of the results. Clicking one leads to a fake website that looks almost exactly like Microsoft’s real advertising page, with the goal of snatching login information and security codes to take over accounts.
How the Attack Works
The attackers employ several sophisticated techniques to execute their plan:
Creation of Malicious Ads: They start by placing a fake ad on Google Search. They pay to show up when you search for things like “Microsoft Ads,” so their dodgy link appears as a paid result. Click it, and you land on a site that’s almost a perfect copy of the real one, something like “ads.mcrosoftt.com” instead of “ads.microsoft.com”. Notice that extra “t”? It’s easy to miss when you’re busy.
Deceptive Redirection: Upon clicking the malicious ad, users are redirected to phishing sites that are nearly identical to the real Microsoft Ads login page. The fraudulent domain names often have subtle misspellings or use lookalike characters to deceive users.
Credential Harvesting: Once on the fake login page, users are prompted to enter their Microsoft account credentials and 2FA codes. This information is captured by the attackers, granting them full access to the victim’s advertising account.
This strategy is alarmingly effective due to the trust users place in search engine ads and the convincing nature of the phishing sites.
Why Google and Microsoft are Struggling to Stop It
Google’s dealing with millions of ads every day, and picking out the fakes is tough. A Google spokesperson told The Hacker News, “We don’t allow ads that try to trick people,” and they’ve already removed billions of bad ones in 2023. But the scammers keep finding new ways to slip through, like changing words or hiding what the ad really does.
For Microsoft, the trouble comes after your details are stolen. If the crooks have your password and security code, it’s hard to stop them logging in. Both companies are working on solutions, but the scammers are quick to adapt.
What Businesses Can Do Differently
To protect your business from such malvertising scams, consider implementing the following measures:
Direct Navigation: Instead of using search engines to access platforms like Microsoft Ads, bookmark the official login page and access it directly.
Verify URLs: Always check the URL before entering login credentials. Ensure it matches the official domain and look out for subtle misspellings or unusual characters.
Employee Training: Educate your team about the risks of malvertising and phishing. Regular training can help employees recognise suspicious ads and websites.
Enhanced Security Measures: Utilise security solutions that can detect and block malicious websites and ads. Implementing multi-factor authentication (MFA) adds an extra layer of security to your accounts.
What to Do If Your Account Is Compromised
If you think someone’s taken over your Microsoft advertising account, act fast. Try logging in from a device you trust, then change your password right away and end any sessions you don’t recognise. Get in touch with Microsoft’s support team as soon as possible—tell them what’s happened and ask for help locking things down.
After that, check your account for anything unusual, like new campaigns or spending you didn’t approve. If you find issues, deal with them quickly. It’s also worth contacting your bank or card provider in case money’s been taken.
The rise of malvertising scams underscores the importance of vigilance in the digital advertising space. By staying informed, verifying sources, and implementing robust security practices, businesses can mitigate the risks associated with these deceptive tactics. Remember, in the digital realm, caution and awareness are your best defences against cyber threats.
