Phishing Campaign Exploits Google Ads to Target GoDaddy ManageWP Credentials
Cybercriminals are conducting a phishing campaign that leverages Google sponsored search ads to trick users into entering their ManageWP credentials on fraudulent login pages. ManageWP is GoDaddy’s service for managing multiple WordPress sites. This approach uses legitimate ad placements to increase the likelihood of unsuspecting users providing sensitive login information.
What happened
Attackers set up a phishing campaign by abusing Google Ads, which appear as sponsored search results when users look for GoDaddy ManageWP login pages. These ads redirect victims to malicious websites designed to impersonate the official ManageWP login page. Users who enter their credentials on these fake portals risk compromising the management access to their WordPress site fleets. The exploitation of Google’s ad platform allows the phishing effort to reach targeted users more effectively by mimicking trusted search results.
Why it matters
ManageWP credentials provide control over multiple WordPress websites, making them valuable targets for attackers seeking to gain unauthorized access. Compromised credentials could lead to website defacement, data theft, or deployment of further malicious content across managed sites. The use of legitimate advertising mechanisms like Google Ads increases the credibility of phishing attempts, presenting a significant challenge for users relying on search engines to find official services safely.
What security teams should do
Security teams and administrators using ManageWP should be aware of this phishing campaign and advise users to verify URLs carefully before entering credentials. It is important to access ManageWP only through known, official domains. Monitoring for suspicious login attempts and implementing multi-factor authentication can reduce the risk of compromised accounts. Additionally, reviewing Google Ads results for malicious posts could help block deceptive advertising campaigns.
Key technical details
The phishing effort exploits Google’s sponsored search ad placements by creating ads that appear alongside legitimate search results for GoDaddy ManageWP login queries. Clicking these ads directs users to counterfeit login pages that closely imitate the ManageWP interface. These pages capture user credentials, which attackers can then misuse. The campaign relies on social engineering techniques enhanced by the trusted context of Google’s ad system.
Affected organizations/products
This campaign specifically targets ManageWP users—primarily those managing multiple WordPress websites through GoDaddy’s platform. Any user searching for ManageWP login via Google sponsored results may encounter these ads and risk credential theft if not vigilant.
Source attribution
