A dangerous phishing campaign is tricking SEO professionals with fake Google Ads that mimic Semrush. These ads lead users to spoofed login pages, designed to steal Google account credentials.
Hackers crafted domains like “semrush[.]tech” and “semrush[.]click” to look authentic. When users arrive on these sites, they find the normal login disabled. Instead, the page forces them to use a “Sign in with Google” button.
Once users log in, attackers instantly receive the credentials. They can then access Google Ads, Google Analytics, and Search Console accounts. This gives them a direct path to sensitive business data.
Brazilian Threat Group Possibly Behind the Attacks
Cybersecurity expert Elie Berreby has linked this activity to a Brazilian hacking group. Previously, this group targeted SaaS companies with similar phishing efforts. Now, they appear to have shifted focus to SEO professionals.
Their goal is to gain control of Google-linked tools. In addition, they often try to steal SaaS credentials and other confidential information.
Why Semrush Users Are Attractive Targets
Semrush connects to tools that store critical business insights. For instance, marketers use it to track performance, analyze traffic, and view customer behavior. Fortune 500 companies and large eCommerce brands also rely on it.
Thus, one stolen login could expose sensitive revenue data and client information. For attackers, that makes these accounts incredibly valuable.
Cascading Fraud Is on the Rise
This phishing strategy reflects a growing trend called cascading fraud. In these scams, one attack leads to another, often through reused tools like Google Ads. Therefore, each successful breach increases the scale of the next.
Cybercriminals behind this campaign may have regrouped after earlier takedowns. Now, they are launching stealthier and more convincing phishing attempts.
How to Stay Protected Online
To avoid falling victim, users should stay alert. First, double-check the URL before entering login details. Second, avoid clicking suspicious Google Ads, especially for tools like Semrush.
Also, consider using a password manager. These tools help detect fake pages and prevent stolen credentials. Moreover, enabling two-factor authentication offers another layer of defense.
Lastly, use a VPN to mask your online activity. A reliable VPN reduces the risk of tracking and helps prevent phishing attempts.
