Top WordPress hosting company Kinsta hit by phishing ads attack

Be careful when clicking Google ads

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

A top WordPress hosting company,Kinsta, is warning its users that they’re being targeted by cybercriminals looking for their login credentials.

Kinsta sent out alerts to its customers warning them of a maliciousGoogleads campaign redirecting visitors to a fake Kinsta website, asking them to log in for different reasons.

By “logging into” these fake websites, the victims would be providing their login credentials to the attackers, which could then be used to take over the websites.

Staying safe

Staying safe

Besides the malicious Google ads campaigns, the company also warned of phishing attacks, saying Kinsta users could start getting emails impersonating the company and providing links to fake login pages. Currently it doesn’t seem that any of the hosts on ourbest web hostingprovider page have had the same attacks but it’s still safe to stay vigilant.

While Google usually does a good job of keeping its advertising network clean, sometimes criminals manage to squeeze through - mostly by breaking into previously verified accounts with multiple successful campaigns. There are many ways threat actors could use the stolen websites, too, from stealing sensitive information (login credentials, for example), to serving even more malicious ads, to hosting malware, and more.

Kinsta said it’s “actively identifying” and shutting down the malicious sites the ads link to, but added that users should be mindful of what they’re clicking on. The company recommends users take multiple steps to remain safe online and protect their accounts. That includes opening the website by typing in the address in the address bar, rather than just searching for it and clicking on the first result.

Additionally, users should be careful with any communication (email, SMS) that claims to be coming from Kinsta. Finally, they should secure their WordPress accounts by generating a strong password, and enabling multi-factor (MFA) authentication.

Are you a pro? Subscribe to our newsletter

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

ViaBleepingComputer

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

A new form of macOS malware is being used by devious North Korean hackers

Scammers are using fake copyright infringement claims to hack businesses

Belkin’s Travel Bag for Vision Pro has pockets and is way cheaper than Apple’s own case