Summary:
Criminal rings are executing targeted phishing scams against ad industry media buyers.
Fraudulent sponsored links lead users to phishing pages disguised as Google Ads login.
Hackers gain access to accounts, create new ads, and misuse funds for further scams.
Despite Google's prohibitions, malicious ads remain active and frequently reported.
Agencies face tough questions about financial responsibility for lost funds due to hacks.
The Rising Threat to Google Ad Campaigns
Multiple criminal rings are orchestrating surgical phishing scams that specifically target media buyers in the ad industry. These fraudsters are deceiving ad buyers who log into Google Ads after performing a search. The scammers serve fraudulent sponsored search links, leading to account hacks and the misuse of funds to run more phishing ads and fraudulent campaigns.
How the Scam Works
The Google Ads accounts are hacked in a cunning manner, with scammers creating ads for searches related to logging into Google Ads. When users search for "Google Ads" and click on the sponsored link, they are redirected to a phishing page disguised as the Google Ads login. After entering their credentials, the hackers gain access to their accounts.
A notable case involved an advertiser who received a two-factor authentication request that appeared legitimate but was actually a login attempt from Brazil. Believing it was a mistake due to their VPN, they approved the sign-in.
The Aftermath of Account Takeovers
Post-takeover, criminals quickly add themselves as admins and create new campaigns that mimic the original campaigns. These new campaigns often promote more Google Search ads that spread malware. The hackers are adept at navigating the Google Ads system, targeting accounts with significant budgets.
Ongoing Issues
Reports of the same malicious ads continue to surface, indicating that the phishing operations are still active. Google has stated that it prohibits deceptive ads, yet many affected advertisers reported repeated phishing scams before action was taken.
Financial Implications
When agencies and consultants face account hacks, questions arise about financial responsibility for the lost funds. While the agencies are often at fault due to human error, the expertise of the fraudsters complicates the situation. Affected parties are sometimes offered reimbursements from Google, contingent upon documenting the hacks and improving security measures.
The main goal of these scams appears to be the spread of malware, as the fraudsters use hacked accounts to pay for more fraudulent links rather than directly stealing money. Selling stolen Google Ads credentials is also a lucrative market.
Prevention Measures
To avoid falling victim, advertisers are advised to stop using Google Search as a login entry point. The affected executive admitted to frequently clicking on the sponsored link out of frustration with Google, inadvertently aiding the scam.
Comments
Join Our Community
Create an account to share your thoughts, engage with others, and be part of our growing community.