SCAMMER have created a malicious ad masquerading as United States Post Office tracking on Google.
The malicious ad is extremely misleading as the URL appears to be genuine but is actually from a different country.
The killer phrase is the fake USPS tracking ad and Google users need to beware of it.
According to a blog post by Jérôme Segura, Director of Threat Intelligence at Malwarebytes Labs, it shows up as “www.usps.com” in the Sponsored section of Google, but redirects people to a website that steals personal information.
The URLs displayed in the ad are real, but the scammer has set it up so that after clicking on the ad you will be redirected to a whole new scam page.
This is a form of malvertising.
“About this advertiser” in My Ad Center shows that the advertiser is from Ukraine.
The scam website people are redirected to also looks like it could be a real USPS package tracking website.
But then it starts asking for tons of personal information in order to access the tracking information it doesn’t actually have access to.
After entering the address and credit card data, users were shown an error message.
The message said: “Your package could not be delivered due to incomplete information in the delivery address,” Segura said.
The bugs would lead people to believe they need to enter more personal information.
The website then asked users to enter their bank account information directly to steal as well.
Disclosing all this information on scam websites can lead to money being stolen in various ways.
Requesting personal and bank account information is an indication that the site is a scam.
The complicated scam targets people who trust official companies.
“This sophisticated phishing attack is a reminder that malvertising via search results remains a problem, affecting both consumers and businesses that trust well-known brands,” Segura warned.
This fake advertiser targeted mobile and desktop users.