75% of top brands fall victim to fraud in Google Search Ads

Google is being urged to do more in safeguarding brands' reputations and preventing online shoppers from becoming victims of fraud.

Chat with SearchBot

Three-quarters of leading brands in the US and UK reportedly fall victim to identity theft in Google Search Ads.

Consequences range from financial losses for the targeted business to customers becoming victims of fraud, according to a new report by search marketing security firm, Marcode.

How it works. Scammer trick consumers by impersonating the targeted brand’s domain and ad copy. They intentionally pay for ad placements that show up when users search for those brands.

Here is an example of a fraudulent ad impersonating the flight comparison company, Skyscanner:

Google Fraud

Making matters worse the targeted brand, due to Google’s policy of serving just one ad per domain, the legitimate brand’s ad is excluded from the search results when these scammers manage to secure an ad spot.

Undetected. Brands are often unaware that they have been victims of fraud as the issue tends to go undetected due to limitations in Google’s internal reporting tools.

Why we care. If customers fall victim to fraud under your brand’s name, it could severely damage your business’s reputation. People may hesitate to make future purchases due to fear of being conned. Moreover, if your business heavily relies on Google Ads, these scams could limit your campaign’s reach, leading to fewer leads and a lower return on investment (ROI).

Phishing scams. An example of a phishing scam ad can be seen below:

Google Phishing Scam 1

When users click on what appears to be a genuine ad, they are directed through a series of hidden redirects without the user’s knowledge.

The end result is a fake website that invites users to join a game, promising a voucher that can be used at the targeted store, as shown below:

Google Scam Ad

Predictably, the user consistently “wins” this game, only to be redirected once more to another site where they are prompted to provide personal information.

A spokesperson for Marcode commented:

  • “We’re aware that multiple complaints about these issues were filed with Google, as we’ve collaborated with some of the affected brands.”
  • “Interestingly, during the period of creating this report, we noticed a significant decline in the frequency of such scams in the US and UK.”
  • “However, these bad actor accounts shifted their focus to target Germany, while seemingly pulling out of the US and UK market.”

Affiliate scams. Affiliate hijacking was found to be more prevalent than fraud, affecting 75% of the sites in the study.

In a hijacked ad scenario, the user is directed to the brand’s website with an affiliate code attached. This leads the brand, such as Dyson in the case demonstrated below, to pay a commission to the hijacker for any sales generated from that click.

Google Affiliate Scam

A spokesperson for Marcode commented:

  • “While affiliate marketing has its advantages, a key issue lies in the presence of bad actors within these networks.”
  • “It’s a brand’s decision to engage in affiliate marketing, but networks need to improve their vetting processes.”
  • “Our focus here is on how these bad actors manage to stay hidden and the potential negative impact this has on brands.”

Key findings. The researchers who conducted the report found that retail giants such as Amazon, American Airlines, Lego, Pizza Hut, and Samsung were all victims of identity fraud within Google Search Ads. Additional findings include:

  • Of the 120 brands monitored, 90 experienced some form of hijacking.
  • Over a 90-day period, researchers detected persistent phishing scams on 20 brands from a group of six advertising accounts.
  • Affiliate hijacking affects up to 67% of brand search traffic for the worst-hit brands.
  • Some Google Comparison Shopping Services (CSS) are misused to drive e-commerce traffic which has been hijacked by affiliates.

What Google is saying. A Google spokesperson told Searh Engine Land:

  • “Bad actors are constantly evolving their techniques and looking for new ways to bypass enforcement.”
  • “However, we invest heavily in creating and enforcing policies that protect advertisers from a range of abuse including brand impersonation, phishing attempts, and trademark infringement.”
  • “In 2022, we removed over 5.2 billion ads, restricted over 4.3 billion ads and suspended over 6.7 million advertiser accounts.”
  • “We are currently reviewing the claims made in the report and will take any necessary enforcement action.”

Get the newsletter search marketers rely on.


Deep dive. Read our guide on how to detect and address user data leaks for more information on data safeguarding and privacy protection.


Contributing authors are invited to create content for Search Engine Land and are chosen for their expertise and contribution to the search community. Our contributors work under the oversight of the editorial staff and contributions are checked for quality and relevance to our readers. The opinions they express are their own.


About the author

Nicola Agius
Contributor
Nicola Agius is the Director of SEo and Discover at Reach PLC. Previously, she was Paid Media Editor of Search Engine Land from 2023-2024. She covered paid media, retail media and more. Before this, she was SEO Director at Jungle Creations (2020-2023), overseeing the company's editorial strategy for multiple websites. She has over 15 years of experience in journalism and has previously worked at OK! Magazine (2010-2014), Mail Online (2014-2015), Mirror (2015-2017), Digital Spy (2017-2018) and The Sun (2018-2020). She also previously teamed up with SEO agency Blue Array to co-author Amazon bestselling book Mastering In-House SEO.

Get the newsletter search marketers rely on.