Malicious ad for USPS fishes for banking credentials
www.malwarebytes.com
Next time you need to track a package, be aware that malicious ads could be leading you to sites that steal your banking information.

Summary

  • Malvertising is a type of attack that uses malicious ads to trick users into clicking on them.
  • Malvertising can be used to deliver malware, phishing attacks, or other types of attacks.
  • In this case, the malvertising campaign targeted users who were looking to track their packages via the United States Postal Service website.
  • The malicious ad looked completely legitimate and used the official USPS logo.
  • When users clicked on the ad, they were redirected to a fake website that asked them to enter their address, credit card details, and bank account information.
  • The fake website was designed to look like the real USPS website.
  • The attack was discovered by Jesse Baumgartner, Marketing Director at Overt Operator.
  • Malwarebytes has reported the incident to Google and Cloudflare has already flagged the domains as phishing.

Additional tips to avoid falling victim to malvertising:

  • Be wary of ads that look too good to be true.
  • Don’t click on ads that ask you to enter personal information.
  • Use a security solution that can protect you from malvertising.
  • Keep your software up to date.
  • Be careful what links you click on in emails and social media messages.