Fake Google Ads / Google Merchant Center billing suspension phishing — impersonates Google claiming a Google Ads, Google Merchant Center, or Google Shopping account has been suspended due to payment failure or policy violation, driving to a credential- or payment-card-harvest page; SMBs lose thousands per day when Google Ads access is cut; APWG Q4 2024: business platform impersonation phishing surged 38%; Google is consistently in the top-3 most impersonated brands

Phishing emails impersonating Google claiming a Google Ads, Google Merchant Center, or Google Shopping account has been suspended due to payment failure or a policy violation — driving to a credential- or payment-card-harvest page disguised as a Google sign-in or billing update portal. Key facts: (1) SMBs depend on Google Ads for revenue generation: losing access to Google Ads campaigns can cost thousands of dollars per day in lost sales and leads, making this a high-urgency attack that prompts rapid action without verification; Google is consistently in the APWG top-3 most impersonated brands across all phishing categories; APWG Q4 2024: business platform impersonation phishing surged 38% year-over-year; (2) The "policy violation suspension" variant is particularly effective because legitimate Google Ads policy enforcement does suspend accounts without prior warning for violations — making a fake policy suspension email feel plausible and urgent; attackers study actual Google Ads policy language (circumventing systems, misrepresentation, trademark violations) to craft convincing-sounding violation descriptions; (3) A common variant exploits Google Merchant Center: product listings pulled from Google Shopping can devastate e-commerce revenue overnight, so merchants act immediately on "Merchant Center account suspended" emails without verifying the sender domain; (4) Legitimate Google Ads billing and policy communications arrive only from google.com domains, deep-link to ads.google.com or merchants.google.com, include account-specific information (account ID, campaign names, last payment amount), and never provide standalone external links to update payment. Warning signs: sender not a google.com domain, no Google Ads account ID, link to non-google.com domain, urgency about permanent account closure within hours.