Open Nav
Sign Up

Phishing Campaign Targeting WordPress Hosting Service Kinsta via Google Ads

Kinsta Phishing Campaign

Bar Refael

December 21, 2023

A sophisticated phishing campaign targeting Kinsta, a prominent WordPress hosting service, has been recently identified. The attackers are leveraging Google Ads to direct users to fraudulent sites, mimicking Kinsta’s official web presence, to steal login credentials for MyKinsta, a critical service for managing WordPress and other cloud-based applications.

Incident Details

  • Threat Vector: Phishing through Google Ads.
  • Target: Kinsta customers and users of MyKinsta service.
  • Methodology: Creating sponsored websites that closely resemble Kinsta’s official sites.
  • Objective: To harvest MyKinsta login credentials.

Attack Description

  • Phishing Sites: Attackers set up sites that mimic the look and feel of Kinsta’s official web pages.
  • Google Ads Exploitation: The threat actors are using Google Ads to target individuals who have previously visited Kinsta’s websites.
  • User Deception: Users are tricked into clicking on these sponsored sites, believing them to be legitimate.

Kinsta’s Response and Recommendations

  • Customer Alert: Kinsta has informed its customers via email about the phishing scam.
  • Two-Factor Authentication: Kinsta urges users to enable two-factor authentication on their accounts as an additional security layer.
  • Direct Access Advised: Users are recommended to access MyKinsta by directly typing the URL in the browser and to avoid links from unverified sources.
  • Vigilance Against Phishing Communications: Kinsta cautions against phishing emails or messages that direct users to log into fraudulent MyKinsta sites.

Wider Context of Google Ads Misuse

  • Not an Isolated Case: This incident is part of a larger trend where hackers increasingly use Google Ads for malicious purposes.
  • Other Deceptive Ads: Similar deceptive ads have been spotted for Amazon, along with fake installers for popular software, leading to malware downloads.

Action Items for OP Innovate Customers

  • Increased Caution with Google Ads: Be wary of sponsored links in Google search results, especially those relating to service logins.
  • Direct URL Access: Always access services by typing the URL directly into the browser.
  • Enable MFA: Activate multi-factor authentication on all accounts where available.
  • Educate and Inform Staff: Raise awareness among employees about this phishing technique.
  • Regularly Update Security Measures: Keep cybersecurity measures updated to defend against evolving phishing tactics.

Conclusion

This latest phishing campaign against Kinsta customers highlights a growing trend of exploiting Google Ads for cyberattacks. OP Innovate customers, particularly those using WordPress hosting services, should be extremely vigilant, follow recommended security practices, and stay informed about such deceptive tactics to protect their credentials and sensitive data.

Stay safe and updated,

Resources highlights

Critical Gitea Docker Authentication Bypass Under Active Probing: CVE-2026-20896

A critical authentication bypass vulnerability, tracked as CVE-2026-20896, has been disclosed in the official Gitea Docker image. Gitea is a self-hosted software development platform used…

Read more >

gitea_docker_cve-2026-20896

Adobe Patches Multiple Critical ColdFusion and Campaign Classic Vulnerabilities: CVE-2026-48282 Exploitation Observed

Adobe has released security updates for multiple critical vulnerabilities affecting Adobe ColdFusion and Adobe Campaign Classic, including several flaws rated CVSS 10.0.CVE-2026-48282, a critical ColdFusion…

Read more >

adobe_coldfusion_campaign classic_cve-2026-48282

CVE-2026-46817: Critical Oracle E-Business Suite Vulnerability

A critical vulnerability in Oracle E-Business Suite is now being actively exploited in the wild. Tracked as CVE-2026-46817, the flaw affects the File Transmission component…

Read more >

cve-2026-46817-oracle-e-business

Cisco Unified CM Vulnerability CVE-2026-20230 Targeted After Public PoC Disclosure 

Cisco has disclosed and patched CVE-2026-20230, a critical SSRF vulnerability affecting Cisco Unified Communications Manager and Unified CM SME when the WebDialer service is enabled.…

Read more >

CVE-2026-20230

Microsoft Confirms Unpatched RoguePlanet Defender Zero-Day (CVE-2026-50656)

Microsoft has confirmed a new Microsoft Defender zero-day vulnerability tracked as CVE-2026-50656 and publicly referred to as RoguePlanet. The flaw affects the Microsoft Malware Protection…

Read more >

RoguePlanet_cve-2026-50656

FortiBleed Campaign Exposes Fortinet Firewall and VPN Credentials at Scale

A large-scale credential abuse campaign dubbed FortiBleed has reportedly affected tens of thousands of Fortinet firewall and VPN devices worldwide. Public reporting indicates that threat…

Read more >

fortibleed
Under Cyber Attack?

Fill out the form and we will contact you immediately.