Elevator Pitch
Ever searched for your favourite SaaS and clicked the top result only to land in a trap? This talk exposes how attackers weaponise Google Ads to phish users with frightening efficiency, and what defenders can do about it.
Description
Search engines are one of the most trusted tools on the internet and attackers know it. In this talk, we’ll dive deep into a growing threat: phishing campaigns delivered through paid Google Ads targeting popular SaaS platforms. Based on real-world evidence, we’ll analyze the full attack chain, from keyword bidding and domain cloaking to credential harvesting and user redirection.
We’ll walk through actual campaigns, how they bypass Google’s ad vetting systems, and how users and companies alike can be misled even with “official-looking” domains. The session includes a live (or recorded) demonstration of a mock phishing setup using similar techniques for educational purposes.
Whether you’re a defender, red teamer, or just curious about the new frontier of phishing, this talk will give you practical insights into detection, prevention, and raising awareness.
Notes
This talk is based on both public research and personal investigation of real phishing attempts leveraging Google Ads. I’ve collected multiple indicators, analyzed the infrastructure, and even reproduced a similar phishing workflow in a controlled lab for demo purposes.
I work in a security platform team and have been involved in both securing authentication flows and improving user awareness campaigns. I believe this talk balances technical depth with real-world relevance for both blue and red teamers.
Requires no special setup standard projector/slides, and optionally live demo (can also be recorded).