Multiple different criminal rings around the world are orchestrating surgical phishing scams that target ad industry media buyers.
Specifically, fraudsters are duping ad buyers who log in to Google Ads after running a Google search. The scammers serve fraudulent sponsored search links to these ad executives, and then hack into their accounts and use their funds to serve even more phishing ads and to run fraudulent click-based ad campaigns, thus funneling some of the funds back to themselves.
Three major Google Search and Merchant Center account operators – two agency buyers and a consultant – separately told AdExchanger that their systems had been infiltrated in December.
Jerome Segura, senior director of research at Malwarebytes, published a report documenting the…