This Amazon phishing scheme is stealing passwords
Amazon Web Services (AWS) forms the backbone of many online businesses as it’s an on-demand cloud platform that offers storage, website hosting, IT infrastructure, developer tools and more. Essentially, it’s a one-stop shop for anything you need to run your online company or service.
Read on to see how cybercriminals target you through malicious AWS ads in Google search results.
Malicious Google ads appearing in AWS search results
There are plenty of online services you can use for developing and hosting your website, but few are as powerful as AWS. The tech giant’s offering is so popular that Sony, Walt Disney Company and General Electric use it.
However, there are many smaller entities that rely on the accessibility and easy usage of AWS to drive their background operations. The sheer popularity of AWS attracts cybercriminals in hopes of finding new victims.
Sentinel Labs recently detected a phishing campaign, where scammers placed malicious Google ads in search results to steal your login details. When searching for AWS, malicious results appear as advertising links.
Thieves are more crafty than ever. Their tech prowess allows them to spoof legitimate sites and services that make it difficult to distinguish between the real deal and a fake. Slightly altering a URL can get unsuspecting victims to click malicious links and they will think they are on a legit site.
According to Sentinel Labs, some of the ads that appear in AWS search results on Google take you to a fake AWS login page. If you attempt to log in to your account, the malicious page captures your details and redirects you to the authentic AWS website. But it’s game over. Criminals now have your credentials.
How to outsmart phishing attacks like this
It can be challenging to spot fake websites or malicious links, especially when they mask the URL and eventually redirect to the original site. Luckily, there are ways to stay protected.
Here are some ways to avoid falling victim to malicious ads:
- Avoid clicking on sponsored links or advertising whenever you search for something through Google. Instead, type all web addresses directly into your browser, so you know you’re going to the official site.
- If you are unsure about a link, hover your cursor over the link to get a preview of the destination.
- Always have a trusted antivirus program updated and running on all your devices. We recommend our sponsor, TotalAV. Get an annual plan with TotalAV for only $19 at ProtectWithKim.com. That’s over 85% off the regular price!
Credit card info of millions of guests leaked in travel site data breach
If you’ve traveled any time since 2013, it might be time to check your bank accounts. Three of the web’s biggest travel sites have leaked personal and financial data for millions of users, including payment card details.
Amazon Prime Video finally gets one of Netflix’s most basic features
Amazon is ahead of the curve on so many things that its rivals are usually playing catch-up. Between Prime, Amazon Web Services and drone deliveries, competitors certainly have their work cut out for them if they want to go toe-to-toe with Jeff Bezos.