Skip to Content
Amazon phishing attack
© Hakan Kacar | Dreamstime.com
Security & privacy

This Amazon phishing scheme is stealing passwords

Amazon Web Services (AWS) forms the backbone of many online businesses as it’s an on-demand cloud platform that offers storage, website hosting, IT infrastructure, developer tools and more. Essentially, it’s a one-stop shop for anything you need to run your online company or service. 

Read on to see how cybercriminals target you through malicious AWS ads in Google search results. 

Malicious Google ads appearing in AWS search results

There are plenty of online services you can use for developing and hosting your website, but few are as powerful as AWS. The tech giant’s offering is so popular that Sony, Walt Disney Company and General Electric use it.

However, there are many smaller entities that rely on the accessibility and easy usage of AWS to drive their background operations. The sheer popularity of AWS attracts cybercriminals in hopes of finding new victims.

Sentinel Labs recently detected a phishing campaign, where scammers placed malicious Google ads in search results to steal your login details. When searching for AWS, malicious results appear as advertising links.

Thieves are more crafty than ever. Their tech prowess allows them to spoof legitimate sites and services that make it difficult to distinguish between the real deal and a fake. Slightly altering a URL can get unsuspecting victims to click malicious links and they will think they are on a legit site.

According to Sentinel Labs, some of the ads that appear in AWS search results on Google take you to a fake AWS login page. If you attempt to log in to your account, the malicious page captures your details and redirects you to the authentic AWS website. But it’s game over. Criminals now have your credentials.

How to outsmart phishing attacks like this

It can be challenging to spot fake websites or malicious links, especially when they mask the URL and eventually redirect to the original site. Luckily, there are ways to stay protected.

Here are some ways to avoid falling victim to malicious ads:

  • Avoid clicking on sponsored links or advertising whenever you search for something through Google. Instead, type all web addresses directly into your browser, so you know you’re going to the official site.
  • If you are unsure about a link, hover your cursor over the link to get a preview of the destination.
  • Always have a trusted antivirus program updated and running on all your devices. We recommend our sponsor, TotalAV. Get an annual plan with TotalAV for only $19 at ProtectWithKim.com. That’s over 85% off the regular price!

    Keep reading

    Use Amazon to buy groceries? Get ready to pay more

    Is the cheap new way to get your prescription meds from Amazon worth it?

    Refer friends, earn rewards

    Share your source of digital lifestyle news, tips and advice with friends and family, and you'll be on your way to earning awesome rewards!

    Get started