Hackers Abused Google and PayPal’s Infrastructure to Steal Users Personal Data

Cybersecurity researchers have uncovered a sophisticated phishing campaign leveraging Google Ads and PayPal’s infrastructure to deceive users and steal sensitive personal data.

The attackers exploited vulnerabilities in Google’s ad policies and PayPal’s “no-code checkout” feature to create fraudulent payment links that appeared legitimate, tricking victims into engaging with fake customer support agents.

Exploitation of Google Ads and PayPal Pay Links

The scam involved malicious actors creating deceptive advertisements impersonating PayPal.

These ads appeared as top search results on Google, displaying the official PayPal domain to gain users’ trust.

A loophole in Google’s landing page policies allowed these ads to redirect users to fraudulent pages hosted on PayPal’s legitimate domain.

The URLs followed the format paypal.com/ncp/payment/[unique ID], a structure intended for merchants to securely accept payments without requiring technical expertise.

However, scammers exploited this feature by customizing the payment pages with misleading information, such as fake customer support phone numbers labeled as “PayPal Assistance.”

Victims, particularly those using mobile devices with limited screen space, were more likely to fall for the scheme due to the difficulty of detecting the fraudulent nature of the links.

Mobile Devices: A Key Target

Mobile users were a primary target of this campaign due to the inherent constraints of smaller screens.

On smartphones, users often rely on the top search results without scrolling further, making them more susceptible to clicking on malicious ads.

Additionally, once directed to the fake payment pages, users would see PayPal’s official domain in their browser address bar, further reinforcing the legitimacy of the scam.

Victims who called the fake support numbers were likely coerced into sharing sensitive information or making unauthorized payments.

According to MalwareBytes Report, this attack highlights how cybercriminals can exploit trusted platforms like Google and PayPal to carry out sophisticated scams.

By combining technical loopholes with social engineering tactics, scammers effectively bypassed traditional security measures and preyed on users’ trust in well-known brands.

The campaign has been reported to both Google and PayPal, but new malicious ads using similar techniques continue to surface.

Experts recommend that users exercise caution when interacting with online ads and prioritize organic search results over sponsored links when seeking official customer support information.

Security tools like ad blockers and anti-phishing software can also help mitigate risks by preventing access to malicious links.

This incident underscores the need for stronger safeguards in digital advertising platforms and payment systems to prevent misuse by malicious actors.

Both companies are expected to address these vulnerabilities to restore user confidence in their services.

Collect Threat Intelligence on the Latest Malware and Phishing Attacks with ANY.RUN TI Lookup -> Try for free