How Scammers Break Into Your AdWords Accounts With The Help of AdWords Ads

Irina Tsumareva — Digital Consulting
Startup Grind
Published in
3 min readOct 1, 2017

--

Google AdWords advertisers, ALARM!

Some unknown scammers are collecting your Google credentials to get access to your AdWords account!

You can easily be fooled by how well they are mimicking an official AdWords website.

This is how they do it.

  1. You enter some search query in Google. We typed “Google AdWords” when we first noticed this fraudulent behavior Saturday, September 30 at 3 pm ET.
Google results for the “google adwords” query

Notice that official AdWords website shows up AFTER a weird AdWords ad copy! The way it’s written gives an impression that scammers aren’t English speakers at all.

Fraudulent ad copy

2. If you click on the ad, you’ll land on a page that looks like Googe sign in page. But look at the page URL, it’s a fake one!

3. Here scammers want you to leave them your login details — email and password.

More to that, they even ask you to enter your security phone number (so they will steal it too!).

4. Sadly, if you followed these steps and gave away your Google credentials for nothing, you’ll see this confirmation page in the end.

Now scammers will be able to access your AdWords account, create campaigns and waste your money. Or they can steal your sensitive data. When they get in, they are on their own and they can do absolutely what they want.

Prevent scammers from accessing your AdWords account (steps to follow):

  • Always access Google AdWords (and other Google services, such as Google Analytics and others) from their official websites.

Pay attention to the page URLs you are landing on! Remember, that scammers are highly flexible. Sooner or later Googe will fix this issue, but cheaters may change URLs they use to trick you.

  • Use password protection tools, such as LastPass.

LastPass will autofill signup pages with your corresponding email and password only when it recognizes a page URL. Scammers may create new sign up pages resembling an official Google signup page, but their URLs will be different. Lastpass won’t work in this case.

It doesn’t mean you won’t be able to go to LastPass, retrieve your login details and enter them manually, but nonworking LastPass will at least make you suspicious.

My LastPass doesn’t work on a fake Google sign in page
  • Stay vigilant all the time.

No matter what scammers will come up with next time, remember that there will always be someone who will want your private data — logins and passwords primarily. So be extra cautious when you enter your access details online.

Be safe!

Originally published at kraftblick.com on October 1, 2017.

--

--

Irina Tsumareva — Digital Consulting
Startup Grind

Co-founder @ Kraftblick | Marketing Strategy & Implementation for Midsize and Enterprise Software https://kraftblick.com/