Phishing w/Ads

Since Google Ads give you the possibility to set up google Ads campaigns that would redirect users to a site different from the one your Ad is showing, like the following...

ad campaign creation

detail on the ad as it is going to be displayed to victims

caption on final url

real final url due to tracking template

Attackers could easily abuse this behavior to target your company domain and showing Ads that mislead your customers to a fake site to steal their credentials.

To detect this type of attack, I've created (still in beta) a script that leverages the power of Google Ads Transparency Center called HonestAds.

With this script you could easily search through the content being displayed to potential users from your platform and get straignt away malicious advertisers that are tergeting your trademark.

showcase of HonestAds

Unluckily since Google does not care that much about Google Ads that violates their policy even after reporting malicious Ads thorugh their Ad's reporting form you would probably end up with something like the following:

google rejection on malicious ad report

In this cases the only thing you have left to do is to dispute the decision by filing a claim though platform's like adroit.legal.

I hope you find this article useful and please feel free to contribute to this tool or provide ways of reporting this type of malicious content in a better way.