Hackers have been discovered abusing Google Ads to serve up adult websites and sensationalize information (Opens in a new tab) Websites for unsuspecting victims.
Google Ads, the search engine giant’s advertising platform, has a feature that allows users to invite other people to the account management interface.
Invitations are sent via email from Google’s official email address – [email protected]. Because these emails are technically sent by Google, email security services consider them legitimate and let them through, so most of them end up in the victims’ inboxes, rather than the spam folder, or the like.
Personal data collection
The URLs shared with these emails redirect recipients to “dodgy websites” that host adult content. Some websites “appear to be designed to collect personal information from visitors”. No further details have been shared.
Anyway, people have taken to Reddit and other forums to share their stories and frustrations with Google, the post says. One user was quoted as saying, “It would be nice if Google could handle their products so that users didn’t have to be constantly protected from phishing scams.”
On the other hand, Google seems to be aware of the creative way its tools are being misused and is doing something about it. How long before we see the results of this work remains to be seen:
A Google spokesperson said in a statement to PC.
“We have strict Google Ads policies against misrepresentation and have taken appropriate action. We encourage users to report messages when they receive emails containing spam links to help us take appropriate action on accounts that are spam.”
Via: BleepingComputer (Opens in a new tab)