Introduction
A new cybersecurity threat has emerged, targeting Google Ads users through a sophisticated malvertising campaign designed to steal login credentials and two-factor authentication (2FA) codes. Cybercriminals are leveraging fake advertisements that closely mimic genuine Google Ads, luring unsuspecting advertisers into phishing traps. These attacks pose a significant risk to businesses and individuals who rely on digital advertising, as compromised accounts can be used to fund further fraudulent campaigns.
Understanding the mechanics of this attack, its implications, and the necessary countermeasures is crucial for maintaining online security. This article breaks down how the scam operates, who is at risk, and what steps can be taken to safeguard advertising accounts.
How the Malvertising Scam Works
Cybercriminals orchestrate these phishing attacks by purchasing fraudulent ads on Google’s search platform. When users search for “Google Ads” or related terms, they encounter these deceptive advertisements at the top of search results. Clicking on these ads redirects them to fake Google login pages hosted on Google Sites—a service that allows users to create web pages with a Google domain.
Exploitation of Google’s Ad System
One of the core techniques used in this scam exploits a loophole in Google Ads’ policy. While the final destination of an ad click does not need to match the display URL, the domains must align. Attackers take advantage of this by using sites.google[.]com for the intermediate phishing page while keeping ads.google.com in the display URL. This makes the fraudulent ads appear legitimate to unsuspecting users.
Once a victim reaches the phishing site and enters their credentials, attackers capture and transmit the data to a remote server. Many of these campaigns also employ WebSocket technology, which enables real-time data transfer, ensuring that both the login credentials and 2FA codes are intercepted instantly.
Hijacking Google Ads Accounts
With access to an advertiser’s Google Ads account, attackers add new administrators, take control of the account’s spending budget, and run their own malicious advertisements. These stolen accounts are used to promote malware or further perpetuate fraudulent campaigns targeting more victims.
Advanced Evasion Techniques
To remain undetected, these cybercriminals use a combination of tactics, including:
- Fingerprinting – Identifying genuine users while blocking researchers or automated security tools.
- Cloaking – Showing a benign page to Google reviewers while redirecting real victims to a phishing site.
- Bot Detection – Preventing automated security scans from accessing fraudulent landing pages.
- Fake CAPTCHA Prompts – Creating an additional layer of deception to make phishing pages appear more authentic.
Who Is at Risk?
This attack primarily targets businesses and individuals actively using Google Ads. However, any user who searches for Google Ads-related services on Google could inadvertently fall victim. The victims of these scams range from small business owners managing their own ads to large enterprises with significant advertising budgets.
According to cybersecurity researchers, a substantial number of compromised accounts belong to businesses in various industries, including regional airports, e-commerce brands, and marketing agencies.
The Impact of Stolen Google Ads Accounts
Once an advertiser’s credentials are stolen, the consequences can be severe. Some of the key risks include:
1. Financial Loss
Victims may see their advertising budgets depleted within hours as attackers run fraudulent ads using their accounts. This can result in thousands of pounds lost in advertising spend.
2. Reputation Damage
Companies whose accounts are used to promote malicious ads risk severe reputational harm. Users who engage with fraudulent ads may associate them with the legitimate business, leading to trust erosion and potential legal consequences.
3. Further Credential Theft
Stolen Google Ads credentials are often sold on the dark web, where they can be used for other cybercrimes, including data breaches, corporate espionage, and further phishing attacks.
4. Legal and Compliance Issues
Businesses handling sensitive user data may face legal repercussions if their advertising accounts are compromised and used for fraudulent activities. Compliance violations with GDPR and other data protection laws can lead to penalties.
Cybersecurity Experts Weigh In
Security professionals have been closely monitoring this malvertising campaign and have raised concerns about Google’s ad verification policies.
Jérôme Segura, Senior Director of Threat Intelligence at Malwarebytes, explains:
“The scheme consists of stealing as many advertiser accounts as possible by impersonating Google Ads and redirecting victims to fake login pages.”
Another cybersecurity expert, speaking on condition of anonymity, notes:
“These attacks are not just financially motivated but also serve as a method for threat actors to establish a pool of compromised accounts that can be exploited in various ways.”
Google’s Response
Google has acknowledged the issue, stating that such fraudulent ads violate their advertising policies. In 2023, the company reported:
- 3.4 billion ads removed
- 5.7 billion ads restricted
- 5.6 million advertiser accounts suspended
- 206.5 million ads blocked for misrepresentation
Despite these efforts, cybercriminals continue to find ways to bypass Google’s ad review system, making proactive security measures essential.
How to Protect Your Google Ads Account
To safeguard advertising accounts from these phishing scams, users should implement the following security measures:
1. Enable Advanced 2FA Security
While standard two-factor authentication (2FA) can be intercepted in these attacks, hardware security keys provide an additional layer of protection. Devices like Google’s Titan Security Key or YubiKey require physical authentication, making them significantly harder to bypass.
2. Verify URLs Before Logging In
Before entering credentials, users should ensure they are on the legitimate Google Ads website by checking for the official ads.google.com domain.
3. Use a Password Manager
Password managers help detect fake login pages by auto-filling credentials only on genuine sites.
4. Review Account Permissions
Regularly checking Google Ads user permissions ensures no unauthorised administrators have been added.
5. Report Suspicious Ads
Google provides a reporting tool for users to flag fraudulent advertisements. Reporting suspicious activity helps security teams identify and take down malicious ads faster.
6. Educate Employees and Teams
Businesses should conduct cybersecurity training to educate employees about phishing tactics, helping them recognise and avoid fraudulent sites.
Future Threats and Emerging Trends
Cybercriminals are continuously evolving their tactics, and malvertising remains a highly effective method for executing phishing attacks. Experts predict an increase in:
- AI-generated phishing pages that mimic Google’s interface more convincingly.
- Advanced evasion techniques making detection even harder.
- Broader targeting, expanding beyond Google Ads to other online advertising platforms.
Security researchers emphasise the need for continuous monitoring and adaptive defence strategies to stay ahead of emerging threats.
Conclusion
This malvertising campaign highlights the increasing sophistication of phishing attacks targeting online advertisers. By exploiting Google Ads infrastructure, cybercriminals are able to deceive businesses, steal credentials, and hijack accounts to fund further fraudulent campaigns.
While Google has taken enforcement actions, proactive security measures remain essential for advertisers. Businesses should prioritise hardware-based authentication, phishing awareness, and account monitoring to protect their advertising investments.
About Search Engine Ascend:
Search Engine Ascend is a leading authority in the SEO and digital marketing industry. Our mission is to offer comprehensive insights and practical solutions to help businesses improve their online presence. With a team of dedicated experts, we provide valuable resources and support to navigate the ever-evolving landscape of digital marketing effectively.
