Cybercriminals are targeting Google Ads advertisers through phishing campaigns, impersonating Google Ads via fraudulent ads. The scheme involves stealing advertiser accounts by redirecting victims to fake login pages, with the goal of reselling these accounts on blackhat forums. The operation uses compromised accounts to perpetuate the campaign, affecting thousands of Google customers worldwide. Victims include individuals and businesses looking to advertise on Google Search. The attacks involve sophisticated techniques, including the use of Google Sites for impersonation and phishing kits to collect user data. Two main groups have been identified: one based in Brazil and another in Asia, possibly China. The stolen accounts are valuable for further malvertising campaigns, scams, and malware distribution.