{"id":186,"date":"2024-04-15T11:17:50","date_gmt":"2024-04-15T16:17:50","guid":{"rendered":"https:\/\/freshphish.info\/?p=186"},"modified":"2024-04-15T11:17:50","modified_gmt":"2024-04-15T16:17:50","slug":"fake-av-toad-ads","status":"publish","type":"post","link":"https:\/\/freshphish.info\/?p=186","title":{"rendered":"Fake AV TOAD Ads"},"content":{"rendered":"\n

This one isn’t an email I know it is something that has been around awhile. I’ve seen a lot more of these in the past week or so.<\/p>\n\n\n\n

First, a web browser is presented an ad in the middle of a news article that looks like a continue button to read the rest of the story. If the user would scroll down just a bit, they’d see the rest of their article but they see a “continue” button and click it without thinking.<\/p>\n\n\n\n

\"\"
Here is a screenshot of the ad seen.<\/figcaption><\/figure>\n\n\n\n

Once clicked, they are initially brought to a Google ad landing page that just presents another Continue button:<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

Once they click this Continue button, they’re brought to the fake ad page, which tries to put the browser into full screen mode, shows malware alerts and has a computer generated voice warning about a malware infection. This is intended to cause a panic in the user so they’ll call the provided phone number, which would result in a likely fraudulent charge or perhaps a refund scam.<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

Note my virtual environment here shaded the screen and prompted for permission to go full screen. The URL is in the z13.web.core.windows.net subdomain, owned by Microsoft. Doing a search for this subdomain provides a number of discussions about the volume of malicious sites hosted here. I recommend blocking this subdomain for all environments.<\/p>\n\n\n\n

-Matt<\/p>\n","protected":false},"excerpt":{"rendered":"

This one isn’t an email I know it is something that has been around awhile. I’ve seen a lot more<\/p>\n

Continue readingFake AV TOAD Ads<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[53],"tags":[50,52,19,49],"class_list":["post-186","post","type-post","status-publish","format-standard","hentry","category-malvertising","tag-fake-av","tag-malvertising","tag-microsoft","tag-toad"],"aioseo_notices":[],"aioseo_head":"\n\t\t\n\t\n\t\n\t\n\t\n\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t