Google ads were reportedly hacked to promote spam and adult websites. Hackers have now found a loophole in bypassing phishing protection on Google ads.
Google Ads Reportedly Hacked To Promote Spam
Hackers have now been detected to be abusing Google ads feature in delivering adult websites and infostealing websites to victims unaware.
Google ads which is the advertising platform of Google has a feature that allows users to invite other people to the account administration interface.
The invitations in question get sent via email, from the official email address of Google, [email protected]. And as the emails in question are technically sent by Google, email security services get to see them as legit and allow them to pass through, so many of them end up in the inboxes of the victim, rather than just the spam folder or something similar.
The URLs that are being shared with these emails redirect the recipients to “dodgy websites” that are hosts to adult content. Many of the websites “appear to be designed to collect personal information from visitors”. More details in that regard were not shared.
Users Have Shared Their Frustration at Google Online
People in any case have taken to Reddit and other forums in a bid to share their stories as well s their frustrations with Google, the publication states further. “It would be nice if Google would get a handle on their products so their users aren’t having to constantly guard against phishing scams,” a user was cited saying.
Google on the other hand seems to know about the creative ways that its tools are being abused and it is doing something about it. However, just how long we get to see the results of that very work, remains to be seen.
What Google Has To Say about the Issue
“Our security teams are aware of this spam content and are working hard, as always, to stay ahead and keep our users safe,” a spokesperson from Google in a statement to BleepingComputer said.
“We have strict Google Ads policies against misrepresentation and have taken appropriate action. We encourage users to report messages when they receive emails containing spam links to help us take appropriate action on accounts involved in the spam.”