A new phishing campaign has recently emerged to steal SEO specialists’ Google account login details.
- Cybercriminals are using fake Semrush ads in Google Ads to gain login details for Google accounts.
- Among the victims are SEO and online marketing professionals.
- A Brazilian criminal group that specialises in attacks on SaaS platforms has been identified as being behind the campaign.
- The fake pages mimic the Semrush interface, forcing users to log in via the ‘Sign in via Google’ option.
- Criminals can gain access to sensitive business data without compromising the Semrush account itself.
The phishing campaign uses fake Google search results that lead to sites impersonating Semrush. When users click on the ad, they are taken to pages that look like the real thing but have different domains, which can be misleading. Among the domains used are ‘semrush[.]click’ and ‘semrush[.]tech’.
Experts stress that Google’s fake ad problem requires urgent action from the company to effectively block such attacks. To protect against Google Ads scams, it is advised to be careful when clicking on promoted results and to use password managers.
They trusted us
