Hackers Use Malicious Google Ads to Steal Users' Microsoft Accounts

With Google's popularity, scammers are taking advantage of the company's services to commit malicious acts. Bad actors are pushing malicious ads onto Google's results pages, and while this tactic isn't new, this new method is aimed at stealing users' Microsoft login credentials.

Fake Microsoft Ads Stealing People's Accounts

In a report by Malwarebytes, the attack starts when someone searches for a Microsoft Ad program. Google serves up relevant sponsored links for the search term, and one of them is a fake copy of the Microsoft Ads site. It has a different URL than the real site, which is usually a giveaway.

However, people often trust Google's search results so much that they blindly click on the first result they see. And if the scammer is skilled enough, they can make their sponsored links look almost identical to the real ones, even if the URL looks strange.

The fake Microsoft Ads site has a number of measures in place to keep unwanted visitors out. For example, if a bot tries to parse the site or someone visits via VPN, the site will serve a fake landing page to distract them. And if you try to go directly to the URL without going through the fake ad, the site will instead show you a video of Rick Astley singing 'Never Gonna Give You Up.'

However, if you access it through Google Ads, you'll see a fake Microsoft login page asking you to enter your username, password, and two-factor authentication code. If you provide this information, the scammer can use it to steal your Microsoft account.

Given the way the attack targets people who want to use Microsoft Ads to advertise their products, it's unlikely you'll see it. However, it's a good example of how these scams work, as they can impersonate almost any website.

Lesley Montoya

Update 06 February 2025