Sophisticated phishing scams are targeting ad industry media buyers through malicious Google Ads links, allowing hackers to infiltrate accounts and exploit funds for fraudulent ad campaigns.
- Criminal rings worldwide, including groups suspected to be based in Brazil, Asia, and Eastern Europe, are placing fake Google Ads links that appear legitimate in search results.
- Victims unknowingly enter their login credentials on phishing pages, granting hackers access to Google Ads accounts.
How it works:
- Bait and switch: Fraudsters create deceptive sponsored links that mimic legitimate Google Ads login pages.
- Credential theft: When ad buyers click these links and input their login details, the scammers gain account access.
- Account exploitation: Hackers use stolen credentials to create phishing campaigns or run fraudulent click-based ads, funneling ad budgets back into their own operations.
Why we care. These phishing scams can compromise your Google Ads accounts, draining ad budgets and disrupting campaigns. Hackers are using stolen credentials to run fraudulent ads, which damages brand reputation and wastes resources.
Additionally, advertisers are often left to detect and report the breaches themselves, delaying resolution and compounding losses. Proactive security measures are crucial to protect assets and maintain trust with clients.
Details. Ad accounts with large budgets are prime targets, with hackers demonstrating expertise in disguising fraudulent campaigns as legitimate ones.
Malwarebytes estimates that thousands of Google Ads accounts have been compromised in recent months. Affected advertisers have reported significant financial losses and disrupted campaigns.
The fraud is ongoing, with new malicious ads appearing even as Google investigates.
What Google says. “We expressly prohibit ads that aim to deceive people in order to steal their information or scam them. Our teams are actively investigating this issue and working quickly to address it,” a Google spokesperson said.
However, victims report that Google’s response often lags, leaving them to detect and report the fraud themselves.
Bottom line. Advertisers should avoid using Google Search as an entry point to log in to Google Ads and implement stricter security measures, such as two-factor authentication and direct URL access, to prevent future breaches. The scams underline a broader need for increased vigilance and security in the digital advertising ecosystem.
source https://searchengineland.com/google-ads-phishing-scams-target-ad-buyers-450896
0 Comments