Google Ads hijacked to push spam, adult websites
>
Hackers have been detected exploiting a Google Ads feature to display adult and infostealing websites (opens in new tab) websites for unsuspecting victims.
Google Ads, the search engine giant’s advertising platform, has a feature that allows users to invite other people to the account management interface.
The invitations will be sent via email from Google’s official email address – ads-account-noreply@google.com. Since these emails are technically sent by Google, email security services consider them legitimate and allow them to pass, so most of them end up in victims’ inboxes instead of spam folder or similar.
Collection of personal data
The URLs shared with these emails redirect recipients to “untrustworthy websites” that host adult content. Some websites “appear to be designed to collect personal information from visitors”. More details were not shared.
In any case, people have taken to Reddit and other forums to share their stories and their frustration with Google, the publication continues. “It would be nice if Google could get a handle on their products so their users don’t have to constantly be on the lookout for phishing scams,” said one user.
Google, on the other hand, seems to be aware of the creative ways its tools are being misused and is doing something about it. How long it will be before we see the results of that work remains to be seen:
“Our security teams are aware of this spammy content and, as always, are working hard to stay ahead of the game and keep our users safe,” a Google spokesperson said in a statement to Beeping computer.
“We have a strict Google Ads policy against misrepresentation and have taken appropriate action. We encourage users to report messages when they receive emails containing spam links so that we can take appropriate action against accounts involved in the spam .”
Through: Beeping computer (opens in new tab)