Alert: More Google AdWords Phishing Attempts

Mar 24, 2008 • 7:15 am | comments (17) by twitter Google+ | Filed Under Google AdWords
 

Over the weekend, there was a new onslaught of Google AdWords phishing attempts. Basically, fake emails have gone out that appear to be from Google. The emails ask you to login to AdWords and update your billing information. Although the link may appear to look like its a Google.com address, it is not. If you click on it and enter your billing information, it will go to a non-authorized individual, who may use your credit card information for their own shopping sprees.

The email looks like this:

Dear Google AdWords Customer!

In order to update your billing information, please sign in to your AdWords account at https://adwords.google.com, and update your billing information. Your account will be reactivated as soon as you have entered your payment details. Your ads will show immediately if you decide to pay for clicks via credit or debit card. If you decide to pay by direct debit, we may need to receive your signed debit authorization before your ads start running, depending on your location. If you choose bank transfer, your ads will show as soon as we receive your first payment. (Payment options vary by location.) Thank you for choosing AdWords. We look forward to providing you with the most effective advertising available.

Sincerely, The Google AdWords Team ------------------------ This message was sent from a notification-only email address that does not accept incoming email. Please do not reply to this message. If you have any questions after following the steps above, please visit the Google AdWords Help Center at https://adwords.google.com/support/bin/topic.py?topic=8336&hl=en_US to find answers to frequently asked questions and a 'contact us' link near the bottom of the page.

It looks very official, but the link that reads https://adwords.google.com actually takes you to http://adwords.google.com.fr4ck.cn/select/Login/.

Google's AdWordAdvisor recommends that when you see such an email, you report it to Google at Google AdWords Support:

In this case - or any other similar case - if you see what you suspect to be phishing email intended to look as if it came from Google AdWords, I hope you will take a few minutes to send all the pertinent details to the AdWords support team.

This is not the first time we have reported on Google AdWords Phishing attempts. There was a case in July 2007 and January 2008.

Forum discussion at WebmasterWorld, DigitalPoint Forums and Google Groups.

Previous story: Video Recap of Weekly Search Buzz :: March 23, 2008
 

Comments:

Jaan Kanellis

03/25/2008 01:26 am

Yup got a bunch of these over the weekend.

Josh

03/26/2008 11:50 am

Yes, I actually fell for this one. Is there any way of knowing whether they government has caught the individuals responsible.

Billy

03/26/2008 11:51 am

Yes, I actually fell for this one. Is there any way of knowing whether they government has caught the individuals responsible.

Robin Majumdar

03/28/2008 03:39 am

I wrote about this as well after having received a couple of them with URLs that lead to various alphanumeric .cn domains. Billy, when you say that you "fell" for it, did you actually click through and enter sensitive information?? Sure hope not, and if so, that you notified your card issuers (and Google!) Robin

Frank

03/28/2008 09:56 pm

The report does not say what email address to forward the Phishing email to.

kim

04/17/2008 09:57 pm

Send AdWords phishing e-mails w/full headers to: phishing@google.com

Tom

05/20/2008 08:24 am

Anytime I see a domain with .cn at the end I assume "Key logger" or such. I don't click on them at all, but I also know Firefox is a lot safer to use and picks up on security issues that many of these individuals use. Granted if they are phishing and you fill out an online form, you're hosed. I'd change your account info ASAP and keep a watch on your credit card transactions. There's not really much that you can do since it is in China (.cn) and the law enforcement is very limited at best considering the amount of piracy and internet fraud there. I read that something like over 75% of all pirated software comes out of China. Good luck to you if you accidentally fell for this one.

DWiner

06/09/2008 12:45 pm

When I recd. a similar email, the first thing I did was hover my mouse over the link in the email. The link text read as 'http://adwords.google.com/select/login' but the actual embedded hyperlink was 'http://www.adwords.google.com.vvkflls.cn/select/Login' which I could see in the status bar. Phew...saved!!! I immediately reported this phishing scam to Google (http://adwords.google.com/support/bin/request.py?ctx=cuffhelp&contact_type=phishing).

Dave

07/01/2008 10:11 pm

I've been getting alot of those phoney emails also. And I don't even use Google adwords!!

Sharon

08/01/2008 04:01 am

A Google search of: "little ned" jackson genealogy presented the 5th result as www.tngenes.net/bible/billingsley-w.html I clicked on it and my browser was hi-jacked to: httpscanner.power-antivirus-2009.comaff=1050

kenton Mann

08/06/2008 01:49 pm

adword advertisers beware they are using the adwords disapprovals login as well to log in with your password, check your campaigns first to see.

Cris

11/06/2008 04:56 pm

I get these on my gmail account. I figure since Google can give me alerts and whatnot using its filter technology, then why should I take my precious time to report an Adsense scam to Google's adsense team? Google put it in the Gmail spam folder automatically, so if they just filter for Adsense in the text, they'll spot all the phishing attempts immediately, faster than any user like me can report it? Seems like Google's support people don't use their own technology enough.

chad

11/11/2008 12:03 am

Here's a new address in the same old e-mail saying they couldn't charge my card and to log in to update my info. I couldn't find any information on: http://adwords.google.com.session-51631276453800848490.65461111157643744594.com69.ru

peter

10/01/2009 08:24 am

very 'real' one they link to http://www.google-bx.com/accounts/signin.html so you really have to notive the -bx !!! < ---- the mail body looks like this ---- > We detected irregular activity on your Google AdWords Account. Please use the link below to verify your account immediately: https://www.google.com/accounts/ServiceLogin?service=adwords Sincerley, Google AdWords < --- mail body -- >

Tony.M.J

11/24/2009 06:57 pm

Hi Received the below email script today (i.e)Tuesday, November 24, 2009 8:29 PM Subject as: Important notice - please cooperate. Tuesday, November 24, 2009 8:29 PM From: "Google AdWords" <AdWords@google.com>Add sender to Contacts To: undisclosed-recipients "We detected irregular activity on your Google AdWords Account. Please use the link below to verify your account immediately: https://www.google.com/accounts/ServiceLogin?service=adwords Sincerley, Google AdWords"

Caroline

02/11/2010 09:46 am

Hi, I would like to know how to acivate an account and how to start placing ads please, may I contact an Adwords Team Representative to an online chat please? Hope to hear from you soon

No Name

09/03/2010 07:36 am

Hi, Just received a great one - From: Google AdWords <accounts@google-adwords.com> Date: 2 septembre 2010 16:26:57 GMT+02:00 To: xyz@kbsd.com Subject: New security update released! Reply-To: accounts@google-adwords.com Dear client, Please review the latest changes affecting your account by logging in at https://www.google.com/accounts/ServiceLogin?goto=newTOS&uniq_id=83274329 Best regards, Google AdWords Team The target page is a fantastic copy of the Adwords login page. Take care

blog comments powered by Disqus