How Attackers Are Exploiting Google Ads To Serve Up Spam And Illicit Websites
Over the past week, Gmail users have been reporting abuse of the Google Ads platform. However, rather than conducting ad fraud or placing ads that distribute malware, the actors behind this recent activity are leveraging the Google Ads invitation system to direct traffic to various to risky websites. These sites are likely part of a phishing campaign intended to steal users’ information.
The Google Ads platform, which places ads on sites all cross the Web, gives admin users the ability to invite other Google users to manage their Google Ads accounts. These invitations are sent over email by an official Google email address: ads-noreply@google.com. What some bad actors seem to have figured out is that these emails conveniently pass through Gmail’s spam filters, since Google doesn’t filter emails sent from its own domain.
The Google Ads platform, which places ads on sites all cross the Web, gives admin users the ability to invite other Google users to manage their Google Ads accounts. These invitations are sent over email by an official Google email address: ads-noreply@google.com. What some bad actors seem to have figured out is that these emails conveniently pass through Gmail’s spam filters, since Google doesn’t filter emails sent from its own domain.
Traditionally, spam and phishing emails are sent using email addresses that are intended to appear at least somewhat legitimate, so as to trick users into opening the emails and clicking through to linked websites. However, rather than creating email addresses at newly registered domain names in an effort to appear legitimate, bad actors are instead creating Google Ads accounts and tying them to their spam/phishing websites. The bad actors can then send invitation emails from the official Google Ads email address.
These Google Ads account access invitations include links to the website associated with each account, prompting recipients to click through to said website. The websites linked in these spam invitations display lewd images and ask visitors to enter their information to see more. Any information collected by these pages will most likely be exploited for nefarious purposes.
In a statement to BleepingComputer, a Google spokesperson said, “Our security teams are aware of this spam content and are working hard, as always, to stay ahead and keep our users safe. We have strict Google Ads policies against misrepresentation and have taken appropriate action. We encourage users to report messages when they receive emails containing spam links to help us take appropriate action on accounts involved in the spam.”
These Google Ads account access invitations include links to the website associated with each account, prompting recipients to click through to said website. The websites linked in these spam invitations display lewd images and ask visitors to enter their information to see more. Any information collected by these pages will most likely be exploited for nefarious purposes.
In a statement to BleepingComputer, a Google spokesperson said, “Our security teams are aware of this spam content and are working hard, as always, to stay ahead and keep our users safe. We have strict Google Ads policies against misrepresentation and have taken appropriate action. We encourage users to report messages when they receive emails containing spam links to help us take appropriate action on accounts involved in the spam.”
