Lowe’s workers subjected to malicious advertising scheme

Reports have uncovered a malvertising campaign directed at Lowe’s employees. This campaign, utilizing Google ads, aims to gain access to current and former employee credentials. The deceptive Google ads show up when searching for Lowe’s internal HR portal, MyLowesLife. The URLs of these ads closely resemble the legitimate HR portal website, potentially tricking users into clicking on them.

Once clicked, users are led to a phishing page that mirrors the appearance of the real MyLowesLife website. On this page, users are prompted to enter their sales number, password, and security question. The information entered is then sent to the threat actor, and the user is redirected to the actual website to log in again. Although this might seem suspicious to some, many users may assume it’s just a glitch and proceed without questioning.

Max Gannon, Cyber Intelligence Team Manager at Cofense, warned about the dangers of trusting search engine results blindly and emphasized the importance of verifying website authenticity before entering any credentials. This malvertising campaign serves as a reminder to remain cautious when dealing with sponsored search results and always double-check the legitimacy of a website before inputting sensitive information.

The research indicates that this threat extends beyond Lowe’s employees, with threat actors using similar tactics to target other organizations as well.