Jump to content
  • Google Ads invites being abused to push spam, adult sites

    alf9872000

    • 249 views
    • 3 minutes
     Share


    • 249 views
    • 3 minutes

    Google Ads invites are being abused to deliver email messages promoting spam and sex websites to users who are otherwise not necessarily using Google advertising platforms.

     

    The Google Ads platform allows advertisers to create advertising campaigns on publisher partner's web sites and in Google search results.

     

    The recently seen widespread campaign involves threat actors using the Google Ads admin interface to send bulk email invitations that, coming from Google, bypass recipient spam filters.

    Careful with that invite!

    Users around the world are reporting receiving emails from authentic Google Ads accounts that are catching their attention.

     

    These bogus invite emails, sent from Google's servers entice users to visit spam links contained in the email message.

    Google Ads admin invite abused for spamming (erohtar via Reddit)

    "The mail is sent from official Google address 'Google Ads [email protected]'" writes Redditor erohtar.

     

    "Few weeks back my boss gave me access to the company's Google Ads account, so I'm familiar with this email. It's legit, actually sent by Google, and it WILL give me access to the scammer's Google Ads account."

     

    Many others have reported receiving identical emails leaving them frustrated:

     

    "I've been trashing the emails but it would be nice if Google would get a handle on their products so their users aren't having to constantly guard against phishing scams," commented Brandon on a Google community forum thread started by another affected person.

    Google Ads spam email (meFalloutnerd93 via Reddit)

    Websites promote adult content

    Google Ads account administrators can use the "invitations" feature to add new users to the account admin interface via email invites.

     

    But, it looks like clever threat actors have yet again found a way to misuse the feature for their nefarious activities.

     

    The URLs contained in these invite emails ultimately redirected users to dodgy websites pushing adult dating sites, with many appear to be designed to collect personal information from visitors.

     

    It might be tempting to report these emails as spam or phishing but that isn't the solution. Doing so may also block legitimate emails being sent from Google.

     

    To better understand the issue and how Google plans on remedying it, BleepingComputer emailed Google well in advance of publishing. A spokesperson acknowledged our request and we are awaiting further response.

     

    In the meantime, users should be on the lookout and refrain from clicking links or attachments within emails even if these emails appear to or in fact originate from authentic Google servers.

     

    Source


    User Feedback

    Recommended Comments

    There are no comments to display.



    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...