• All Articles

URL Phishing attack: Google WebRisk user security threat

By Anna

June 14, 2022


A phishing attack is a user security violation which targets a user to trick them into revealing personal, sensitive information (for example, passwords, phone numbers, or credit cards). There are several kinds of phishing. Users can be contacted by email, telephone, text message, or malicious URLs. The content of a Phishing site pretends to act, or looks and feels, like a trusted entity — a browser, operating system, bank, or government. This AdSecure detection is based on Phishing URL violations from Google WebRisk.

What is a common indicator of a phishing attempt to an end user?

We could define a phishing attack as one of the most effective ways for cybercriminals to steal our information. In 2021 Q3, AdSecure saw big spikes on Phishing attack detections, which increased by 413.97%. After analyzing the violation data from Q1 2022, AdSecure also noticed a 178.46% increase in Phishing detection compared to Q4 2021.

Phishing scams are created to make the user believe they are on a genuine site, and a lot of time is spent in making these sites indistinguishable from the real ones. So, what should we look for when trying to identify a phishing site?

  • It’s simply too good to be true: Whatever the site poses, lucrative offers, prizes… For instance, many claim that you have won a lottery ticket, an iPhone, etc. completely out of the blue. Some of them appear as fake games such as lucky draws claiming big financial gains.
  • Sense of Urgency or Danger: Another tactic is to push the user to act fast, whether it’s because the ‘amazing’ deal that’s been offered will only be there during a short period of time. Or, instead claiming that their device or data could be in danger (similar to scareware.)
  • Hyperlinks: Hovering over a link, whether in a visible link, button or image format, shows you the actual URL where you will be directed upon clicking on it. If it looks suspicious, it’s probably phishing.
  • Small (or big) incongruences: A lot of work goes into creating content for an official website. Graphics will be sharp, spelling will be correct, offering a seamless and polished experience. Phishing sites, although similar looking to an official site (sometimes branding included), show small incongruences: misspellings, sentences that make no sense, low-resolution images, and even a lack of ‘contact us’ section.
  • Non-trustworthy payment methods: If the only payment option provided on a site is through a bank transfer, that’s a huge red flag: Reputable sites will never ask users to pay using this method.

Phishing Ad example detected by AdSecure:

URL Phishing attack: Google WebRisk user security threat

The landing page of this ad is a lucky draw with a fake Instagram logo on it. It uses prizes such as computers, mobile devices and cash to lure users to play and tries to convince them that it is a legitimate activity sponsored by Instagram.

The URL of the page is blacklisted by Google safe browsing. Also, If the user tries to reach it, the Google Chrome browser will show a warning message such as the one below.

URL Phishing attack: Google WebRisk user security threat

How to protect the end user against a phishing attack?

It seems that phishing attacks have never failed to be the most popular tactics cybercriminals use for their personal gain. Publishers and ad networks have a duty to serve clean ads, keeping their end users safe. Having a dedicated compliance team, and an ad safety solution such as AdSecure as the first line of defense against cybercriminals is key to reinforce Google Ads Policy and make the internet a safer place.

AdSecure is a 360 degree ad security and quality solution that offers tools such as Active Monitoring, Real-Time Blocking and Threat Intelligence in order to keep online sites clean and secure for the users, improving their browsing experience and avoiding negative online experiences. AdSecure’s system can detect and stop malvertising campaigns and Security Violations such as Phishing attacks. They allow the rejection or suspension of malicious ads real-time.

Read more about how Malvertisers use Phishing to exploit end users by reading Goal 2: To extort personal or financial data from end users, in our blog post What is Malvertising and how to stop it

Learn more about how AdSecure’s industry leading ad monitoring tools help ad networks and publishers protect end users and reputations from malicious advertising violations - Contact us now!

Popular Tags :

Share this article on