Phishing Campaign Targeting WordPress Hosting Service Kinsta via Google Ads

Kinsta Phishing Campaign

Bar Refael

December 21, 2023

A sophisticated phishing campaign targeting Kinsta, a prominent WordPress hosting service, has been recently identified. The attackers are leveraging Google Ads to direct users to fraudulent sites, mimicking Kinsta’s official web presence, to steal login credentials for MyKinsta, a critical service for managing WordPress and other cloud-based applications.

Incident Details

  • Threat Vector: Phishing through Google Ads.
  • Target: Kinsta customers and users of MyKinsta service.
  • Methodology: Creating sponsored websites that closely resemble Kinsta’s official sites.
  • Objective: To harvest MyKinsta login credentials.

Attack Description

  • Phishing Sites: Attackers set up sites that mimic the look and feel of Kinsta’s official web pages.
  • Google Ads Exploitation: The threat actors are using Google Ads to target individuals who have previously visited Kinsta’s websites.
  • User Deception: Users are tricked into clicking on these sponsored sites, believing them to be legitimate.

Kinsta’s Response and Recommendations

  • Customer Alert: Kinsta has informed its customers via email about the phishing scam.
  • Two-Factor Authentication: Kinsta urges users to enable two-factor authentication on their accounts as an additional security layer.
  • Direct Access Advised: Users are recommended to access MyKinsta by directly typing the URL in the browser and to avoid links from unverified sources.
  • Vigilance Against Phishing Communications: Kinsta cautions against phishing emails or messages that direct users to log into fraudulent MyKinsta sites.

Wider Context of Google Ads Misuse

  • Not an Isolated Case: This incident is part of a larger trend where hackers increasingly use Google Ads for malicious purposes.
  • Other Deceptive Ads: Similar deceptive ads have been spotted for Amazon, along with fake installers for popular software, leading to malware downloads.

Action Items for OP Innovate Customers

  • Increased Caution with Google Ads: Be wary of sponsored links in Google search results, especially those relating to service logins.
  • Direct URL Access: Always access services by typing the URL directly into the browser.
  • Enable MFA: Activate multi-factor authentication on all accounts where available.
  • Educate and Inform Staff: Raise awareness among employees about this phishing technique.
  • Regularly Update Security Measures: Keep cybersecurity measures updated to defend against evolving phishing tactics.

Conclusion

This latest phishing campaign against Kinsta customers highlights a growing trend of exploiting Google Ads for cyberattacks. OP Innovate customers, particularly those using WordPress hosting services, should be extremely vigilant, follow recommended security practices, and stay informed about such deceptive tactics to protect their credentials and sensitive data.

Stay safe and updated,

Under Cyber Attack?

Fill out the form and we will contact you immediately.

Get OP Innovate CTI Alerts

Leave your email and get critical updates and alerts straight to your inbox