Phishing scams are on the rise and specifically target Google Ads accounts. Fraudsters use sponsored search links that closely resemble legitimate Google Ads login pages. Once clicked, advertisers are redirected to phishing pages where their login credentials are compromised. These stolen credentials are then used to run fraudulent ads, resulting in financial losses and reputational damage.
How phishing works
Hackers exploit advertisers to navigate to login pages via Google Search. They place genuine links at the top of the search results. Once a victim logs in through these links, hackers gain access to the account and set themselves up as administrators. After this:
Is the hacker launching new campaigns to spread malware?
Are click-based advertisements used to siphon off budgets?
Hackers remove data from fraudulent campaigns to cover their tracks.
Global impact and limited response
Hackers operate from countries such as Brazil, China, and Eastern Europe, targeting accounts with large budgets. Research shows that thousands of Google Ads accounts have been affected. Although Google strictly prohibits phishing, their systems often respond slowly. Advertisers must detect hacks themselves and report them repeatedly before any action is taken.
Financial implications and who pays
The financial damage often lies with the affected advertiser or agent, although Google sometimes offers refunds after evidence is provided. Nevertheless, the discussion remains sensitive, as human errors play a role. Additionally, hackers often sell the stolen accounts on the black market, further exacerbating the problem.
What can you do to prevent phishing?
Secure your Google Ads account with the following measures:
Avoid using Google Search as a gateway to your account.
Use two-factor authentication and be mindful of suspicious location requests.
Always log in via the direct URL of Google Ads (ads.google.com).
By being vigilant and implementing proactive security measures, you can prevent yourself from becoming a victim of these clever and costly phishing scams.