The world of online advertising recently has seen a dramatic increase in phishing attempts by fake Facebook and Google ad reps. Anyone involved in online marketing may have received these inquiries. We want to let you know about this situation and provide help handling it.
Would-be hackers posing as Facebook and Google Ad reps usually contact you by email, though they also may reach out by phone. They try to convince you to divulge sensitive advertising account information, allowing them to make account changes.
We have learned about multiple hacked accounts recently. In particular, we have identified two subject lines that would-be hackers are using:
- “Safeguarding Our Advertising Ecosystem: Your Response is Vital”
- “Your ad account has been flagged due to a lack of compliance with community standards”
Here’s how they appear in email communications:
AIMCLEAR recommends taking these steps to fortify your online security:
- Verify identity. Check the “From” line in the email. If you are still unsure whether the sender is legitimate, please contact us. We will confirm for you, either through our internal security tools or by directly emailing your official customer service reps.
- Be careful with links. Avoid clicking on any links or downloading attachments from suspicious emails. Hover over links to view the URL before clicking.
- Use two-factor authentication (2FA). This is the most important tool to keep ad accounts safe. Enabling 2FA on your accounts adds an extra layer of security, making it significantly harder for phishers to gain unauthorized access. If you have questions about how to do this, please contact us.
- Educate your team. Ensure that your colleagues know about this and other emerging phishing scams, as well as how to report suspicious activity. We will keep you in the loop about dangers we see.
- Report suspicious activity. Contact Facebook or Google immediately, as well as your AIMCLEAR account manager.
It’s vital that your digital advertising remains safe. Our industry-leading software, strict media invoice protocols and years of expertise allow us to anticipate and shield you from many phishing attempts. If you ever have any security questions, please contact us.
AIMCLEAR Director of AdOps Tim Halloran makes it his mission to keep ad platforms honest. When we see troubling trends, we tag those platforms and let everyone know.
Here are some other examples of language used in phishing schemes. Be on the lookout for communication outside of email. Many times, would-be hackers start with Messenger chat first and use language to scare you, such as:
- Your account needs optimization
- Your account is hacked
- Your account is suspended
- Your account will be closed down
- You have infringed on copyright issues
See below for examples:
By contrast, here is an example of a real support chat, linked to this profile:
