Urgent warning for all Google users – searching for ‘killer phrase’ empties your bank account using ‘elaborate’ trick

SCAMMER have created a malicious ad masquerading as United States Post Office tracking on Google.

The malicious ad is extremely misleading as the URL appears to be genuine but is actually from a different country.

Google users are warned to avoid a scam posing as a genuine USPS tracking website

3

Google users are warned to avoid a scam posing as a genuine USPS tracking websitePhoto credit: Getty
The URLs displayed in the ad are real, however, the scammer has set them up so that after clicking the ad, you will be redirected to a completely new page

3

The URLs displayed in the ad are real, however, the scammer has set them up so that after clicking the ad, you will be redirected to a completely new pagePhoto credit: Malware Bytes

The killer phrase is the fake USPS tracking ad and Google users need to beware of it.

According to a blog post by Jérôme Segura, Director of Threat Intelligence at Malwarebytes Labs, it shows up as “www.usps.com” in the Sponsored section of Google, but redirects people to a website that steals personal information.

The URLs displayed in the ad are real, but the scammer has set it up so that after clicking on the ad you will be redirected to a whole new scam page.

This is a form of malvertising.

Android users are being asked to delete
WiFi speed is hampered by four common router placement mistakes. Use the Same Room location.

“About this advertiser” in My Ad Center shows that the advertiser is from Ukraine.

The scam website people are redirected to also looks like it could be a real USPS package tracking website.

But then it starts asking for tons of personal information in order to access the tracking information it doesn’t actually have access to.

After entering the address and credit card data, users were shown an error message.

The message said: “Your package could not be delivered due to incomplete information in the delivery address,” Segura said.

The bugs would lead people to believe they need to enter more personal information.

The website then asked users to enter their bank account information directly to steal as well.

Disclosing all this information on scam websites can lead to money being stolen in various ways.

Requesting personal and bank account information is an indication that the site is a scam.

The complicated scam targets people who trust official companies.

“This sophisticated phishing attack is a reminder that malvertising via search results remains a problem, affecting both consumers and businesses that trust well-known brands,” Segura warned.

This fake advertiser targeted mobile and desktop users.

Here is the mobile version of the scam versus the desktop version

3

Here is the mobile version of the scam versus the desktop versionPhoto credit: Malware Bytes

TaraSubramaniam

TaraSubramaniam is a Dailynationtoday U.S. News Reporter based in London. His focus is on U.S. politics and the environment. He has covered climate change extensively, as well as healthcare and crime. TaraSubramaniam joined Dailynationtoday in 2023 from the Daily Express and previously worked for Chemist and Druggist and the Jewish Chronicle. He is a graduate of Cambridge University. Languages: English. You can get in touch with me by emailing: tarasubramaniam@dailynationtoday.com.

Related Articles

Back to top button