Google Ads hijacked to push spam, adult websites

Hackers have found a clever way to bypass phishing protection on Google Ads

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Hackers have been detected abusing aGoogleAds feature to deliver adult websites andinfostealingwebsites to unsuspecting victims.

Google Ads, the search engine giant’s advertising platform, has a feature allowing users to invite other people to the account administration interface.

The invitations get sent viaemail, from Google’s official email address - ads-account-noreply@google.com. As these emails are technically sent by Google, email security services see them as legitimate and let them pass, so most of them end up in the victims’ inboxes, rather than the spam folder, or similar.

TechRadar Pro needs you!We want to build a better website for our readers, and we need your help! You can do your bit by filling outour surveyand telling us your opinions and views about the tech industry in 2023. It will only take a few minutes and all your answers will be anonymous and confidential. Thank you again for helping us make TechRadar Pro even better.

D. Athow, Managing Editor

Collecting personal data

The URLs being shared with these emails redirect the recipients to “dodgy websites” that host adult content. Some websites “appear to be designed to collect personal information from visitors”. More details were not shared.

In any case, people have taken to Reddit and other forums to share their stories and their frustration with Google, the publication further states. “It would be nice if Google would get a handle on their products so their users aren’t having to constantly guard against phishing scams,” one user was cited saying.

Google Translate is being hijacked by phishers to steal your data>Google lays out its plans to take on next-gen phishing scams>Here are the best firewalls around

Google, on the other hand, seems to be aware of the creative way its tools are being abused and is doing something about it. How long before we see the results of that work, remains to be seen:

“Our security teams are aware of this spam content and are working hard, as always, to stay ahead and keep our users safe,” a Google spokesperson said in a statement toBleepingComputer.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

“We have strict Google Ads policies against misrepresentation and have taken appropriate action. We encourage users to report messages when they receive emails containing spam links to help us take appropriate action on accounts involved in the spam.”

Via:BleepingComputer

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Cisco issues patch to fix serious flaw allowing possible industrial systems takeover

Washington state court systems taken offline following cyberattack

Owl Labs Meeting Owl 4+ review