Researchers have discovered cybercriminals utilizing Google Sites to create phishing pages that are then promoted through Google Ads. These malicious ads trick victims into providing their login credentials, which are then used or sold by the attackers. Malwarebytes has warned users to be cautious of clicking on any ads from Google, as threat actors are able to circumvent rules meant to prevent abuse and impersonation. By redirecting victims to fake login pages, the attackers collect sensitive information and take control of their accounts for further illicit activities. Multiple threat actors from different regions are believed to be involved in this deceptive scheme. Be vigilant against these sophisticated phishing tactics that exploit the trust of Google’s platform.