Top WordPress hosting company Kinsta hit by phishing ads attack

News
By Sead Fadilpašić
Contributions from
James Capell
 published

Be careful when clicking Google ads

WordPress
(Image credit: Pixabay)

A top WordPress hosting company, Kinsta, is warning its users that they’re being targeted by cybercriminals looking for their login credentials. 

Kinsta sent out alerts to its customers warning them of a malicious Google ads campaign redirecting visitors to a fake Kinsta website, asking them to log in for different reasons. 

By “logging into” these fake websites, the victims would be providing their login credentials to the attackers, which could then be used to take over the websites.

Staying safe

Besides the malicious Google ads campaigns, the company also warned of phishing attacks, saying Kinsta users could start getting emails impersonating the company and providing links to fake login pages. Currently it doesn't seem that any of the hosts on our best web hosting provider page have had the same attacks but it's still safe to stay vigilant.  

While Google usually does a good job of keeping its advertising network clean, sometimes criminals manage to squeeze through - mostly by breaking into previously verified accounts with multiple successful campaigns. There are many ways threat actors could use the stolen websites, too, from stealing sensitive information (login credentials, for example), to serving even more malicious ads, to hosting malware, and more. 

Kinsta said it’s "actively identifying" and shutting down the malicious sites the ads link to, but added that users should be mindful of what they’re clicking on. The company recommends users take multiple steps to remain safe online and protect their accounts. That includes opening the website by typing in the address in the address bar, rather than just searching for it and clicking on the first result. 

Additionally, users should be careful with any communication (email, SMS) that claims to be coming from Kinsta. Finally, they should secure their WordPress accounts by generating a strong password, and enabling multi-factor (MFA) authentication.

Via BleepingComputer

More from TechRadar Pro

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

With contributions from