Key Insights
Cyber criminals are running a scam targeting Google Ads users. They create fake Google Ads login pages. When businesses click on these fake login pages and enter their credentials, attackers take over their accounts. These stolen accounts are then sold to criminals or used for more scams.
Who should read this?
- Businesses and advertisers with Google Ads account – If you run ads on Google, you could be a target.
- Anyone using Google Search Engine – If you use Google’s search engine for work or personal use, you need to stay alert.
How does this scam work?
For businesses and advertisers
Attackers create fake Google Ads with URLs that look legitimate. When you click on the link, you are taken to a fake login page and asked to enter your Google Ads account credentials. Once attackers gain access to your account, they can misuse it to spread fake ads, malware, or scams.
For individual users
While browsing on Google, you might come across a fake Google ad that appears to be from a legitimate business. Clicking on the ad redirects you to a phishing page that looks real but is actually designed to steal your information instead of taking you to the actual website.
What’s the risk?
For businesses and advertisers
- Loss of account control – Hackers can take over your Google Ads account, change ad settings, and run scams using your budget.
- Financial loss – Attackers might drain your ad budget by running fake ads or redirecting traffic to their own sites.
- Reputation damage – If scammers use your account for fraud, your business could lose customer trust.
- Data exposure – If your Google Ads account is linked to other business accounts, sensitive data may also be at risk.
For individual users
- Stolen login information – If you enter your details on a fake website, hackers can take over your user account.
- Identity theft – Stolen credentials can be used for fraud, including accessing your emails, bank accounts, or social media.
- More cyber attacks – Once hackers have your data, they might try to break into other accounts or sell your information to other criminals.
How to stay safe?
For businesses and advertisers
- Bookmark the official Google Ads login page so you don’t have to search for it whenever you need to log in.
- Enable Multi-Factor Authentication (MFA) so that even if attackers steal your credentials, they can’t access your account without verification.
- Monitor your Google Ads account activity for unusual logins or unauthorized ad changes.
- Enable login alerts and set up recovery options to receive notifications about suspicious activity.
For individual users
- When viewing sponsored ads on Google, click on the three-dot menu to see more information about the advertiser and verify its authenticity.
- Use Multi-Factor Authentication (MFA) so that even if attackers steal your credentials, they can’t access your account without verification.
- If an ad looks suspicious or offers unrealistic deals, go directly to the official website instead of clicking on the ad.