Cybercriminals use fake ads to steal your login details to your benefit portals and redirect your paycheck to their accounts.
You may have logged in to your online employee benefits portal to access your employment or pay information. However, if you’re unsure how to access it, you may have used Google to find the correct link. In this week’s scam, cybercriminals are trying to take advantage of this by using malicious Google ads, also known as malvertising, that impersonate these portals. When you search for your organization’s employee portal, these ads are among the top results.
If you click on one of the fake ads, they direct you to a fake employee portal login page. When you enter your username and password here, cybercriminals are able to steal them. They can then log in to your real employee portal and replace your banking information with their own. You won’t receive your paycheck on the next payday, but the cybercriminals will!
Follow these tips to avoid falling victim to a malvertising scam:
- Anyone can buy ads on Google, including cybercriminals. Always be cautious when clicking on sponsored ads.
- Before you click a link, always hover your mouse over it. Watch out for spelling mistakes and suspicious URLs.
- If you’re not sure how to access your employee portal, ask your organization’s human resources department for the correct link.
Stop, Look, and Think. Don’t be fooled.
KnowBe4 is the world’s most popular integrated platform for awareness training combined with simulated phishing attacks. Let Keller Schroeder show you how KnowBe4 has helped thousands of organizations just like yours manage the continuing problem of social engineering. Contact us today to learn more.
DISCLAIMER : Any non-technical views expressed are not necessarily those of Keller Schroeder or its employee-owners.
