Cyber criminals have been caught taking advantage of users’ interest in Semrush, a popular SEO, advertising, and market research SaaS platform, in an attempt to steal their Google account credentials. Malwarebytes researchers recently uncovered a fraudulent campaign that involves a series of malicious ads displayed on Google Search when users search for Semrush.
Each of these deceptive ads leads to a unique domain that redirects users to fake Semrush and Google account login pages. The fake pages only offer the option to log in using a Google account, disabling the fields for Semrush account credentials. This scheme aims to trick unsuspecting victims into entering their Google account information, ultimately handing it over to the cyber criminals behind the campaign.
With Semrush being a widely used platform by Fortune 500 companies and over 117,000 paying customers, it has become an enticing target for online criminals. By gaining access to these customers’ Google accounts, attackers can not only place more malicious Google ads but also gain valuable insights into companies’ financial performance.
Elie Berreby highlighted that Google Analytics and Google Search Console contain sensitive business information, including details on website performance, user behavior, and strategic focuses. Access to both Google and Semrush accounts opens the door for attackers to impersonate individuals or businesses, potentially deceiving vendors or partners into sending payments to fraudulent accounts under the guise of a legitimate company.
Furthermore, the personal and financial information stored in Semrush accounts can be used by cyber criminals to further deceive users into sharing full credit card details. While the specific malicious domains used in this campaign have been abandoned, there is the possibility of similar schemes resurfacing with new domains in the future.
It’s crucial for users to remain vigilant and cautious when encountering ads or login pages related to popular platforms like Semrush. Verifying the authenticity of websites and ensuring secure login procedures can help prevent falling victim to such phishing attempts.
Overall, this incident serves as a stark reminder of the constant threat posed by cyber criminals and the importance of safeguarding sensitive information online. Users must stay informed and implement proper security measures to protect themselves from falling prey to phishing scams and other malicious activities on the internet.