Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label cybersecurity challenges. Show all posts
Phishing Scams
2FA Cyber Attacks cybersecurity challenges Google Google Ads Hackers MalwareBytes Online Advertising Online Scams phishing kit Phishing Scams

Google Ads Phishing Scam Reaches New Extreme, Experts Warn of Ongoing Threat


Cybercriminals Target Google Ads Users in Sophisticated Phishing Attacks

Cybercriminals are intensifying their phishing campaigns against Google Ads users, employing advanced techniques to steal credentials and bypass two-factor authentication (2FA). This new wave of attacks is considered one of the most aggressive credential theft schemes, enabling hackers to gain unauthorized access to advertiser accounts and exploit them for fraudulent purposes.

According to cybersecurity firm Malwarebytes, attackers are creating highly convincing fake Google Ads login pages to deceive advertisers into entering their credentials. Once stolen, these login details allow hackers to fully control compromised accounts, running malicious ads or reselling access on cybercrime forums. Jérôme Segura, Senior Director of Research at Malwarebytes, described the campaign as a significant escalation in malvertising tactics, potentially affecting thousands of advertisers worldwide.

How the Attack Works

The attack process is alarmingly effective. Cybercriminals design fake Google Ads login pages that closely mimic official ones. When advertisers enter their credentials, the phishing kits deployed by attackers capture login details, session cookies, and even 2FA tokens. With this information, hackers can take over accounts instantly, running deceptive ads or selling access to these accounts on the dark web.

Additionally, attackers use techniques like cloaking to bypass Google’s ad policies. Cloaking involves showing different content to Google’s reviewers and unsuspecting users, allowing fraudulent ads to pass through Google's checks while leading victims to harmful websites.

Google’s Response and Recommendations

Google has acknowledged the issue and stated that measures are being taken to address the threat. “We have strict policies to prevent deceptive ads and actively remove bad actors from our platforms,” a Google spokesperson explained. The company is urging advertisers to take immediate steps if they suspect their accounts have been compromised. These steps include resetting passwords, reviewing account activity, and enabling enhanced security measures like security keys.

Cybersecurity experts, including Segura, recommend advertisers exercise caution when clicking on sponsored ads, even those that appear legitimate. Additional safety measures include:

  • Using ad blockers to limit exposure to malicious ads.
  • Regularly monitoring account activity for any unauthorized changes.
  • Being vigilant about the authenticity of login pages, especially for critical services like Google Ads.

Despite Google’s ongoing efforts to combat these attacks, the scale and sophistication of phishing campaigns continue to grow. This underscores the need for increased vigilance and robust cybersecurity practices to protect sensitive information and prevent accounts from being exploited by cybercriminals.

Read more »
online misinformation
Bots Business Security Cyber Fraud cybersecurity challenges Digital threats fake users internet integrity online misinformation

The Threat of Bots and Fake Users to Internet Integrity and Business Security

 

 
The bots account for 47% of all internet traffic, with "bad bots" making up 30% of that total, as per a recent report by Imperva .These significant numbers threaten the very foundation of the open web.Even when a user is genuinely human, it's likely that their account is a fake identity, making "fake users" almost as common online as real ones.

In Israel, folks are well-acquainted with the existential risks posed by bot campaigns. Following October 7, widespread misinformation campaigns orchestrated by bots and fake accounts swayed public opinion and policymakers.

The New York Times, monitoring online activity during the war, discovered that “in a single day after the conflict began, roughly 1 in 4 accounts on Facebook, Instagram, TikTok, and X, formerly Twitter, discussing the conflict appeared to be fake... In the 24 hours following the Al-Ahli Arab hospital blast, more than 1 in 3 accounts posting about it on X were fake.” With 82 countries holding elections in 2024, the threat posed by bots and fake users is reaching critical levels. Just last week, OpenAI had to disable an account belonging to an Iranian group using its ChatGPT bot to create content aimed at influencing the US elections.

The influence of bots on elections and their broader impact is alarming. As Rwanda geared up for its July elections, Clemson University researchers identified 460 accounts spreading AI-generated messages on X in support of President Paul Kagame. Additionally, in the last six months, the Atlantic Council’s Digital Forensic Research Lab (DFRLab) detected influence campaigns targeting Georgian protesters and spreading falsehoods about the death of an Egyptian economist, all driven by inauthentic accounts on X.

Bots and fake users pose severe risks to national security, but online businesses are also significantly affected.Consider a scenario where 30-40% of all digital traffic for a business is generated by bots or fake users. This situation results in skewed data that leads to flawed decision-making, misinterpretation of customer behaviors, misdirected efforts by sales teams, and developers focusing on products that are falsely perceived as in demand. The consequences are staggering. A study by CHEQ.ai, a Key1 portfolio company and go-to-market security platform, found that in 2022 alone, over $35 billion was wasted on advertising, and more than $140 billion in potential revenue was lost.

Ultimately, fake users and bots undermine the very foundations of modern business, creating distrust in data, results, and even among teams.

The introduction of Generative AI has further complicated the issue by making it easier to create bots and fake identities, lowering the barriers for attacks, increasing their sophistication, and expanding their reach. The scope of this problem is immense. 

Education is a crucial element in fighting the online epidemic of fake accounts. By raising awareness of the tactics used by bots and fake users, society can be empowered to recognize and reduce their impact. Identifying inauthentic users—such as those with incomplete profiles, generic information, repetitive phrases, unusually high activity levels, shallow content, and limited engagement—is a critical first step. However, as bots become more sophisticated, this challenge will only grow, highlighting the need for continuous education and vigilance.

Moreover, public policies and regulations must be implemented to restore trust in digital spaces. For instance, governments could mandate that large social networks adopt advanced bot-mitigation tools to better police fake accounts.

Finding the right balance between preserving the freedom of these platforms, ensuring the integrity of posted information, and mitigating potential harm is challenging but necessary for the longevity of these networks.

On the business side, various tools have been developed to tackle and block invalid traffic. These range from basic bot mitigation solutions that prevent Distributed Denial of Service (DDoS) attacks to specialized software that protects APIs from bot-driven data theft attempts.

Advanced bot-mitigation solutions use sophisticated algorithms that conduct real-time tests to verify traffic integrity. These tests assess account behavior, interaction levels, hardware characteristics, and the use of automation tools. They also detect non-human behavior, such as abnormally fast typing, and review email and domain histories.

While AI has contributed to the bot problem, it also offers powerful solutions to combat it. AI’s advanced pattern recognition capabilities allow for more precise and rapid differentiation between legitimate and fake bots. Companies like CHEQ.ai are leveraging AI to help marketers ensure their ads reach real human users and are placed in secure, bot-free environments, countering the growing threat of bots in digital advertising.

From national security to business integrity, the consequences of the “fake internet” are vast and serious. However, there are several effective methods to address the problem that deserve renewed focus from both the public and private sectors. By raising awareness, enhancing regulation, and instituting active protection, we can collectively contribute to a more accurate and safer internet environment.
Read more »
Subscribe to: Posts (Atom)