"Agency buyers who manage portfolios of Google Ads and Merchant Center accounts are being targeted by sophisticated scam artists who hijack those accounts, drain client funds and sometimes lock out admins for weeks or even months. That's according to three ad buyers who spoke with AdExchanger anonymously for fear of potential reprisals by Google. This problem isn't exactly new, though."
"Last year, the attack vector came via fraudulent Google Search links. It's a common practice - albeit a bad one - that people will type snippets like "Google Merchant Center" or "google account login" into a search bar and then click the first result on the page. Usually, that's a sponsored or organic link that leads to the real login page. But scammers would create convincing fake Google sign-in pages and make the sponsored link text appear as "ads.google.com" to capture traffic."
"Once the scammers get access, they lock everyone else out of the account and funnel the money back to themselves as well as spend it on phishing ads, while covering their tracks by erasing all campaign and reporting data. Phase two But the newer takeover scams reported to AdExchanger didn't come via Google Search. Two of the agency buyers said they're confident that Gmail is the root of the problem in this case. One buyer said they believe their account was"
Agency buyers who manage portfolios of Google Ads and Merchant Center accounts are targets of sophisticated scammers that hijack accounts, drain client funds and lock out administrators for weeks or months. Attacks occurred between August and October and mirror similar incidents since late last year. Earlier attacks used fraudulent Google Search sponsored links that directed victims to convincing fake Google sign-in pages and tricked victims into approving two-factor prompts originating from abroad, often Brazil. After access, attackers erase campaign and reporting data, funnel money to themselves and run phishing ads. Two agencies suspect Gmail-based takeover techniques in newer incidents.
Read at AdExchanger
Unable to calculate read time
Collection
[
|
...
]