A dangerous new phishing scam has emerged, targeting users through Google Ads and stealing their Google account credentials.Β
The scam uses fake Google Sites pages designed to trick users into providing sensitive information. Hereβs what you need to know and how to stay safe.
Phishing in Plain Sight
When users click on certain Google Ads, theyβre redirected to counterfeit Google Sites pages. These pages look legitimate but are not controlled by Google.
Once users enter their login details, scammers gain access to their accounts, putting personal data, emails, and payment information at risk.
Google Takes Action
The scam was highlighted by Fabrizio Trentacosti on LinkedIn, with a video showing the scam in action.Β
Google Ads Liaison Ginny Marvin responded swiftly, stating, βThanks for flagging. I’ve passed this along. We expressly prohibit ads that aim to deceive people in order to steal their information or scam them. Our teams are actively investigating this issue and working quickly to address it.β
Google has since patched the issue and is helping affected advertisers regain control of their accounts. Additional protections are being put in place to prevent future incidents.
Why This Scam Is Alarming
This scam not only jeopardizes individual users but also raises concerns about Googleβs ad security.Β
Businesses relying on Google Ads could face unauthorized campaigns and financial losses if their accounts are compromised. This incident emphasizes the importance of stronger safeguards in digital advertising.
Steps to Protect Yourself
Hereβs how you can protect yourself:
Inspect Links Before Clicking: Check URLs carefully to confirm their legitimacy. Only trust official domains like βgoogle.com.β
Secure Your Accounts: Enable two-factor authentication to add an extra layer of security.
Report Fraudulent Ads: Flag suspicious ads to Google immediately.
Monitor Your Activity: Regularly review your account for any unauthorized actions.
Stay Alert: Keep up with updates and advisories from Google.
A Wake-Up Call for Digital Security
Phishing scams have evolved over the years, exploiting trusted platforms like Google Ads to deceive users. This incident stresses the need for better monitoring, stricter ad approvals, and user awareness to combat online fraud.
Key Takeaways
- Scammers are using Google Ads to steal Google account credentials.
- Victims are redirected to fake Google Sites pages that mimic real ones.
- Google acted swiftly, patching the issue and supporting affected users.
- Advertisers must strengthen account security to avoid breaches.
- Vigilance and education are key to preventing phishing scams.
Dileep Thekkethil
AuthorDileep Thekkethil is the Director of Marketing at Stan Ventures, where he applies over 15 years of SEO and digital marketing expertise to drive growth and authority. A former journalist with six years of experience, he combines strategic storytelling with technical know-how to help brands navigate the shift toward AI-driven search and generative engines. Dileep is a strong advocate for Googleβs EEAT standards, regularly sharing real-world use cases and scenarios to demystify complex marketing trends. He is an avid gardener of tropical fruits, a motor enthusiast, and a dedicated caretaker of his pair of cockatiels.