On 27th March 2026, Spider Web Solutions became the target of a highly coordinated Google Ads account hijack. We are publishing this not out of embarrassment, but out of responsibility, to our clients, and to every agency that could be next.
The Attack:
It began as a normal client enquiry on WhatsApp. A contact named “Lumora Beauty” (+84 77 949 9836, a Vietnam number) reached out asking for Google Ads campaign management. The conversation was professional. They shared a website, brand documents, a campaign plan. They claimed monthly spends of $60k–$100k. Every signal looked legitimate.
They then asked us to link their Google Ads account (ID: 980-676-6031) to our MCC for “review access.” We complied. Within minutes, an unauthorised user ([email protected]) was added to our MCC with Administrative access. Shortly after, we were revoked from our own account. The attackers had full control.
The Damage
10–15 client accounts were exposed. Fraudulent campaigns were launched. Billing charges began accumulating on client accounts without authorisation. Three clients raised complaints within hours.
What We Did?
We escalated immediately to Google’s security team, filed a cybercrime complaint, contacted every affected client directly, and began the refund dispute process. We are not waiting. We are not hiding.
How to Protect Your Agency, Now:
- Never link an unknown account to your MCC based on a WhatsApp request alone
- Always verify a prospective client’s identity through a video call and business registration before any account access
- Enable 2FA on every Google account in your agency immediately
- Restrict MCC access to named team members only, audit your user list monthly
- If someone asks you to “link their account for review” as a precondition, that is the scam
To Our Clients?
You are our priority. We are working every hour until every account is recovered and every unauthorised charge is reversed. You will receive a personal update from us directly.
To the Agency Community?
Share this. This scam is active, professional, and specifically targeting digital agencies managing Google Ads. The attackers are organised, patient, and technically fluent. Warn your peers.
Naeem F Saiyed | Founder, Spider Web Solutions