With Information from Silent Push
Cybersecurity researchers at Silent Push have uncovered a sophisticated phishing campaign leveraging malicious Google Ads to execute payroll redirect scams. The attackers purchase search ads using branded keywords to push their phishing pages to the top of search engine results, effectively tricking users into visiting fake websites.
Targeting High-Profile Organizations
Silent Push researchers report that the campaign primarily targets Workday users and employees of major organizations, including the California Employment Development Department (EDD), Kaiser Permanente, Macy’s, New York Life, and Roche. “The threat actors have been utilizing malicious search advertising campaigns with sponsored phishing websites and spoofed HR pages via Google to lure unsuspecting victims into providing access to their employee portals,” the researchers explain.
Once an employee’s account is compromised, the attackers manipulate payroll settings, replacing the victim’s banking information with their own. This allows them to hijack the employee’s paycheck and redirect funds to fraudulent accounts.
How the Attack Works
According to Silent Push, the attackers often possess additional credential information—such as Social Security numbers—which they likely obtain from underground forums. Once inside an employee’s HR portal, the scammers update the banking details to divert funds to accounts under their control. “Armed with additional credential information, once the scammers get into an employee’s portal account, they change the individual’s banking information to redirect funds to a fraudulent bank account,” the researchers note.
Strengthening Defenses Against Phishing
This campaign highlights the importance of a multi-layered security strategy to protect organizations against phishing attacks. Security awareness training plays a critical role in building resilience against these threats by educating employees to recognize social engineering tactics.
KnowBe4 offers new-school security awareness training that empowers employees to identify and respond to phishing attacks effectively. Trusted by over 70,000 organizations worldwide, the KnowBe4 platform helps organizations build a strong security culture and reduce human risk.
Stay Vigilant: Phishing attacks are growing more sophisticated. Organizations must remain proactive by combining employee training, robust security tools, and vigilant monitoring to defend against evolving cyber threats.