Lowe’s employees have recently fallen victim to a phishing scam where their credentials are being stolen through malicious websites mimicking the company’s employee portal, MyLowesLife. The scam was brought to light by Jérôme Segura, the senior director of research at Malwarebytes, who discovered these fake websites that closely resembled the real employee portal and were actively promoted through sponsored Google ads.
Upon clicking on these fraudulent links, Lowe’s employees were directed to a landing page that replicated the official Lowe’s employee portal. Unbeknownst to them, they were prompted to enter their sales account numbers, passwords, and answers to security questions, which were then collected by cybercriminals operating a phishing kit. This sensitive information could potentially be used for identity theft, financial fraud, and other malicious activities, putting the impacted employees at risk of monetary losses.
What made this phishing campaign particularly deceptive was the presence of typosquatting domains like myloveslife[.]net and mylifelowes[.]org, which closely resembled the legitimate MyLowesLife domain. Additionally, the homepage of these fake sites displayed generic content unrelated to Lowe’s, a strategic move to evade detection and complicate efforts to shut down the fraudulent domains.
The success of such malvertising campaigns can be attributed to the convenience of searching for websites through search engines and the inherent trust placed in sponsored search results. Despite not earning their ranking based on merit, these ads often elicit a level of trust from unsuspecting users who assume they are safe and legitimate. As a result, malicious actors exploit this trust to steal credentials and distribute malware to targeted demographics, even managing to dupe technically savvy individuals in recent campaigns.
In the case of Lowe’s employees, the blatant advertising of an internal company portal to the public should have raised red flags for both internet users and search providers. Segura suggests that search engines like Google could prevent such phishing attempts by monitoring the types of pages that advertisers are attempting to promote, such as benefit portals and Single Sign-On (SSO) pages. By proactively banning accounts associated with malicious ads, these platforms could potentially thwart phishing campaigns before they ensnare unwitting victims.
Overall, the phishing scam targeting Lowe’s employees underscores the ongoing threat posed by malicious actors utilizing malvertising techniques to steal sensitive information and defraud individuals. It serves as a reminder for both employees and organizations to remain vigilant against such deceptive tactics and to report suspicious links or ads to prevent falling victim to cybercrime.