Beware: Scammers Target Google Ad Buyers with Phishing Attacks!

The Rising Threat to Google Ad Campaigns

Multiple criminal rings are orchestrating surgical phishing scams that specifically target media buyers in the ad industry. These fraudsters are deceiving ad buyers who log into Google Ads after performing a search. The scammers serve fraudulent sponsored search links, leading to account hacks and the misuse of funds to run more phishing ads and fraudulent campaigns.

How the Scam Works

The Google Ads accounts are hacked in a cunning manner, with scammers creating ads for searches related to logging into Google Ads. When users search for "Google Ads" and click on the sponsored link, they are redirected to a phishing page disguised as the Google Ads login. After entering their credentials, the hackers gain access to their accounts.

A notable case involved an advertiser who received a two-factor authentication request that appeared legitimate but was actually a login attempt from Brazil. Believing it was a mistake due to their VPN, they approved the sign-in.

The Aftermath of Account Takeovers

Post-takeover, criminals quickly add themselves as admins and create new campaigns that mimic the original campaigns. These new campaigns often promote more Google Search ads that spread malware. The hackers are adept at navigating the Google Ads system, targeting accounts with significant budgets.

Ongoing Issues

Reports of the same malicious ads continue to surface, indicating that the phishing operations are still active. Google has stated that it prohibits deceptive ads, yet many affected advertisers reported repeated phishing scams before action was taken.

Financial Implications

When agencies and consultants face account hacks, questions arise about financial responsibility for the lost funds. While the agencies are often at fault due to human error, the expertise of the fraudsters complicates the situation. Affected parties are sometimes offered reimbursements from Google, contingent upon documenting the hacks and improving security measures.

The main goal of these scams appears to be the spread of malware, as the fraudsters use hacked accounts to pay for more fraudulent links rather than directly stealing money. Selling stolen Google Ads credentials is also a lucrative market.

Prevention Measures

To avoid falling victim, advertisers are advised to stop using Google Search as a login entry point. The affected executive admitted to frequently clicking on the sponsored link out of frustration with Google, inadvertently aiding the scam.