Video Recap of Weekly Search Buzz :: March 23, 2008 | Main | Easter Logos from Search Engine Industry

March 24, 2008

Alert: More Google AdWords Phishing Attempts

Over the weekend, there was a new onslaught of Google AdWords phishing attempts. Basically, fake emails have gone out that appear to be from Google. The emails ask you to login to AdWords and update your billing information. Although the link may appear to look like its a Google.com address, it is not. If you click on it and enter your billing information, it will go to a non-authorized individual, who may use your credit card information for their own shopping sprees.

The email looks like this:

Dear Google AdWords Customer!

In order to update your billing information, please sign in to your AdWords account at https://adwords.google.com, and update your billing information. Your account will be reactivated as soon as you have entered your payment details. Your ads will show immediately if you decide to pay for clicks via credit or debit card. If you decide to pay by direct debit, we may need to receive your signed debit authorization before your ads start running, depending on your location. If you choose bank transfer, your ads will show as soon as we receive your first payment. (Payment options vary by location.) Thank you for choosing AdWords. We look forward to providing you with the most effective advertising available.

Sincerely,
The Google AdWords Team
------------------------
This message was sent from a notification-only email address that does not accept incoming email. Please do not reply to this message. If you have any questions after following the steps above, please visit the Google AdWords Help Center at https://adwords.google.com/support/bin/topic.py?topic=8336&hl=en_US to find answers to frequently asked questions and a 'contact us' link near the bottom of the page.

It looks very official, but the link that reads https://adwords.google.com actually takes you to http://adwords.google.com.fr4ck.cn/select/Login/.

Google's AdWordAdvisor recommends that when you see such an email, you report it to Google at Google AdWords Support:

In this case - or any other similar case - if you see what you suspect to be phishing email intended to look as if it came from Google AdWords, I hope you will take a few minutes to send all the pertinent details to the AdWords support team.

This is not the first time we have reported on Google AdWords Phishing attempts. There was a case in January 2008.

Forum discussion at WebmasterWorld, DigitalPoint Forums and Google Groups.

posted rustybrick in Google AdWords at March 24, 2008 7:15 AM Comments (6)

Google Co-op Cartoon Barry

Comments

Yup got a bunch of these over the weekend.

 

Posted by Jaan Kanellis at March 24, 2008 21:26

Yes, I actually fell for this one. Is there any way of knowing whether they government has caught the individuals responsible.

 

Posted by Josh at March 26, 2008 07:50

Yes, I actually fell for this one. Is there any way of knowing whether they government has caught the individuals responsible.

 

Posted by Billy at March 26, 2008 07:51

I wrote about this as well after having received a couple of them with URLs that lead to various alphanumeric .cn domains.

Billy, when you say that you "fell" for it, did you actually click through and enter sensitive information?? Sure hope not, and if so, that you notified your card issuers (and Google!)

Robin

 

Posted by Robin Majumdar at March 27, 2008 23:39

The report does not say what email address to forward the Phishing email to.

 

Posted by Frank at March 28, 2008 17:56

Send AdWords phishing e-mails w/full headers to:
phishing@google.com

 

Posted by kim at April 17, 2008 17:57

Post a comment

Do you want us to save your personal Information?

Premium Sponsors + advertise

To subscribe to the Search Engine Roundtable, click here