Hackers have been detected abusing Google Ads’ features to deliver adult sites and stealing information (opens in a new tab) websites to unsuspecting victims.
Google Ads, the search engine giant’s advertising platform, has a feature that allows users to invite others to the account management interface.
Invitations are sent via email from Google’s official email address – email@example.com. Since these emails are technically sent by Google, email security services see them as legitimate and let them pass, so most of them end up in the victims’ inboxes and not in the spam or similar folder.
Collection of personal data
The URLs provided in these emails redirect recipients to “dubious websites” that contain adult content. Some websites “appear to be designed to collect personal information from visitors.” More details have not been made available.
In any case, people have taken to Reddit and other forums to share their stories and frustrations with Google, the publication continues. “It would be nice if Google looked into their products so that their users don’t have to constantly protect themselves from phishing scams,” one user was quoted as saying.
Google, on the other hand, seems to be aware of the creative way its tools are being abused and is doing something about it. How long it will take before we see the results of this work remains to be seen:
“Our security teams are aware of this spam and are working hard as always to stay ahead and keep our users safe,” a Google spokesperson said in a statement to Beeping Computer.
“We have a strict Google Ads anti-misleading policy and we’ve taken action. We encourage users to report emails that contain spam links to help us take appropriate action on spam affected accounts.”
By: Beeping Computer (opens in a new tab)