Cybercriminals Exploit Google Search Ads to Hijack Google Ads Accounts

Cybercriminals are using Google Search ads to trick advertisers into entering their credentials on fake Google Ads login pages. These phishing attacks are stealing account details to misuse them, affecting advertisers worldwide.

Hackers are running fake Google Ads on Google Search that redirect users to phishing pages hosted on Google Sites.

These fake pages mimic the official Google Ads login page, tricking users into entering their credentials.

Google Sites is used to make the URL appear legitimate (e.g., sites.google.com).

After stealing credentials, attackers:

  • Add themselves as administrators to the victim’s Google Ads account.
  • Lock out the original account owner.
  • Use the stolen accounts to run scams or sell them on hacking forums.

Victims may notice suspicious logins from unusual locations like Brazil and emails about unauthorized access.

Three cybercrime groups from Brazil, Asia, and Eastern Europe are believed to be behind these attacks.

Google removed over 206.5 million ads in 2023 for misrepresentation and continues to investigate such fraudulent activities.

These phishing attacks are a wake-up call for businesses to be extra cautious with online ads and login credentials. Advertisers should verify URLs, enable two-factor authentication (2FA) on their accounts, and use ad-blockers to avoid falling for such scams. Net Protector Cyber Security advises users to stay vigilant and prioritize cybersecurity to safeguard online accounts.