The Alarming Case of Cyber Fraud: OSR’s Rs 12.7 Crore Google Ads Debacle
In a shocking turn of events, Hyderabad’s renowned skincare brand, Old School Rituals (OSR), has fallen victim to a staggering Rs 12.7 crore cyber fraud via its Google Ads account. This incident not only raises serious concerns about digital advertising security but also serves as a wake-up call for businesses relying heavily on online marketing.
What Happened?
In a distressing revelation, an unidentified hacker breached OSR’s Google Ads account, unleashing a whirlwind of unauthorized ads targeting US-based companies over a swift 48-hour period. The gravity of the situation became apparent when ENSO Business Consulting, OSR’s digital marketing agency, detected an unusual surge in ad activity on May 17 and 18.
The Numbers Don’t Lie
The rogue campaign resulted in a staggering 2.1 million clicks, yet alarmingly, it generated zero conversions. Such a glaring discrepancy raised immediate suspicions, prompting ENSO to alert OSR’s management.
Investigation Commences
Following this shocking discovery, OSR’s management initiated a detailed investigation. Shashanka Kancharla, director of Old School Inspirations Private Limited, which operates OSR, quickly filed a formal complaint with the Telangana Cyber Security Bureau (TGCSB). According to his statement, OSR typically maintains a modest daily advertising budget of Rs 10,000 to Rs 15,000, making this unauthorized expenditure nearly 850 times the usual amount.
A Disturbing Trend
"This was neither authorized by us nor aligned with our marketing strategy," stated Shashanka in his complaint. The company, known for its natural skincare products, primarily markets through its official website and select partner platforms. Notably, Shashanka and his wife, singer and actress Smita Valluripalli, are actively involved in the firm’s operations.
Early Findings
ENSO Business Consulting, which had overseen OSR’s digital marketing initiatives for the past ten months, submitted a detailed report on May 21. This report highlighted that the breach may have originated from a compromised Google Ads account or unauthorized employee credentials. Additionally, the agency noted a concerning lack of usual ad placement notifications during the fraudulent activity.
Court Action and Reporting
Shashanka stated in his complaint, “Verify if any hacking or compromise of credentials occurred. Facilitate the recovery or reversal of the fraudulent ad spend. Treat this as a case of cybercrime involving account hacking and significant financial loss.”
In response to the alarming circumstances, Google issued a bill of Rs 12.7 crore to OSR for the unauthorized ads. The company has since notified Google about the hacking incident, emphasizing its urgency.
Legal Steps Taken
The TGCSB registered a case under various sections of the Bharatiya Nyaya Sanhita (BNS) and the Information Technology Act, including charges of cheating and dishonestly inducing delivery of property. Investigators are currently examining the evidence and have reached out to Google for further assistance in identifying the perpetrator.
Final Thoughts
The OSR case serves as a bold reminder that while online advertising is a powerful tool for businesses, it also exposes them to significant risks. As digital marketing becomes increasingly vital, ensuring robust security measures is paramount. For brands like OSR, the path forward involves not only seeking justice but also investing in more secure systems to protect against future cyber threats.
For more insight into cybersecurity in digital marketing, explore this resource.
Stay vigilant, stay informed, and protect your brand!
