Google Ads invites are being abused to deliver email messages promoting spam and sex websites to users who are otherwise not necessarily using Google Ads or related products.
The recently seen widespread campaign involves threat actors using Google Ads admin interface to send bulk email invitations that, coming from Google, bypass recipient spam filters.
Careful with that invite!
Users around the world are reporting receiving emails from authentic Google Ads accounts that are catching their attention.
These bogus invite emails, sent from Google’s servers entice users to visit spam links contained in the email message.
“The mail is sent from official Google address ‘Google Ads firstname.lastname@example.org'” writes Redditor erohtar.
“Few weeks back my boss gave me access to the company’s Google Ads account, so I’m familiar with this email. It’s legit, actually sent by Google, and it WILL give me access to the scammer’s Google Ads account.”
Many others have reported receiving identical emails leaving them frustrated:
“I’ve been trashing the emails but it would be nice if Google would get a handle on their products so their users aren’t having to constantly guard against phishing scams,” commented Brandon on a Google community forum thread started by another affected person.
Websites promote adult content
Google Ads account administrators can use the “invitations” feature to add new users to the account admin interface via email invites.
But, it looks like clever threat actors have yet again found a way to misuse the feature for their nefarious activities.
The URLs contained in these invite emails ultimately redirected users to dodgy websites pushing adult dating sites, with many appear to be designed to collect personal information from visitors.
It might be tempting to report these emails as spam or phishing but that isn’t the solution. Doing so may also block legitimate emails being sent from Google.
To better understand the issue and how Google plans on remedying it, BleepingComputer emailed Google well in advance of publishing. A spokesperson acknowledged our request and we are awaiting further response.
In the meantime, users should be on the lookout and refrain from clicking links or attachments within emails even if these emails appear to or in fact originate from authentic Google servers.