Beware the Google Class Action Scam!

A new scam email is doing the rounds—and it’s worryingly convincing. Disguised as a legal notice about a class action settlement involving Google AdWords, this phishing attack is tricking business owners into handing over sensitive payment data. The subject line is dry, the formatting is formal, and the content mimics legitimate court language. It even mentions a real lawsuit name and hearing date.

What Makes This Scam So Effective?

This isn’t your standard phishing attempt riddled with typos. It targets businesses—especially those with advertising history—by exploiting the credibility of a well-known brand.

The sender claims to represent a “Settlement Administrator” in a case titled Rene Cabrera, et al. v. Google LLC. A $100 million payout is promised to eligible participants. The email contains a unique confirmation code, a case number, and links to a convincing domain (adwordsclicksclassaction.com)—designed to make recipients drop their guard.

But here’s the catch: to receive the payment, you must complete a “Payment Form,” choosing how you want to be paid—Venmo, direct deposit, virtual card. The scam's goal is to collect bank details, email addresses, and possibly gain login access.

Red Flags to Watch For

• Generic Salutation – “Dear Potential Location Targeting Class Member” is a vague opener with no personal reference.

• Urgency + Money – The email stresses a deadline and dangles a payout—classic social engineering tactics.

• Domain Masking – The website looks legitimate but is not affiliated with Google or any official court.

• Too Much Legalese – While meant to sound formal, the excess jargon distracts from the lack of real identifiers.

• Email Source – The address donotreply@adwordsclicksclassaction.com isn’t tied to any verified legal body or government service.

Why UK Businesses Are at Risk

UK-based SMEs and agencies running Google Ads are particularly exposed. Many receive automated account notices from Google, so a legal update might not seem unusual. Smaller firms often don’t have in-house cybersecurity support, making them easier targets.

What You Should Do

1. Don’t Click Any Links – If you’ve received this email, mark it as phishing and delete it.

2. Verify with Google Directly – Always cross-check legal notices with official Google support or your Google Ads dashboard.

3. Enable MFA – Protect email accounts and admin dashboards with multi-factor authentication.

4. Check Your Bank Accounts – If someone in your organisation submitted a form, contact your bank immediately.

5. Alert Staff – Forward this article or notify your teams, especially finance and marketing staff.

Preventing Future Incidents

IT awareness training is no longer optional. Businesses must train staff to recognise increasingly sophisticated threats.

• Phishing Simulations – Run internal tests to see who clicks.

• Secure Email Gateways – Use email security tools that scan for spoofed domains and flagged keywords.

• Cyber Insurance Reviews – Confirm whether phishing-related losses are covered.

• Audit External Access – Remove outdated accounts and review third-party software permissions.

🔗 Read how SystemsCloud helps secure business operations

Need More Information?

You can check legitimate class action settlements on official legal sites like:

• U.S. Courts – Public Access to Court Electronic Records (PACER)

• UK Action Fraud

And remember, no real legal settlement asks for your Venmo or bank details via a mass email.

🔗 Stay protected with our managed security services