In this teiss article, Kevin Cryan, Director of Operational Intelligence at Fortra's PhishLabs, discusses Google Ad service redirects and how they are being targeted in phishing attacks.
Originally published in teiss
"Attackers abuse the fact that the URL shown in Google Ads is not the linked site but rather the final destination, including the redirects. They create fake ads with their own redirects, which they set up to lead to the legitimate site.
When Google traces these redirects, they see the appropriate site and the ads go on to display the legitimate URL. However, threat actors then configure the redirect to use certain criteria, such as geo-location, to direct users to malicious phishing sites.”
Read the full article here: