Google Adwords Phishing Scam

Phishing scams are an ever-present danger because for the most part they are not filtered by your computer. Luckily the email address where I received this scam is protected by Gmail’s legendary spam filters and this one never hit my inbox. There are 2 links in the email, one is valid and the other would send you to a look-alike site setup on a .ru (Russia) domain.

ADWORDS -TARGETED PHISHING SCAM EMAIL

From: Google AdWords Team <setup@google.com>
Date: Sat, Nov 8, 2008 at 4:28 AM
Subject: Google AdWords Alert

Our system was unable to process a payment for your outstanding Google AdWords account balance using your primary credit card. For the time being, your account is still open, and your ads are still running. However, we require you to update the payment information in your AdWords account very soon in order to ensure continued ad serving.

Please update your credit card information in order to trigger our billing system to try processing your payment again. If you plan to use the same credit card(s), please use the ‘Retry Card’ button on the Billing Preferences page of your account. Otherwise, please follow the steps below to update the information in your AdWords account.

1. Log in to your AdWords account at: http://adwords.google.com
2. Click the ‘My Account’ tab.
3. Click ‘Billing Preferences’ link.
4. Click Edit next to the appropriate ‘Payment Details’ section.
5. Enter your new or updated payment information.
6. Click ‘Save Changes’ when you have finished.

In the future, you may wish to use a back up credit card in order to help ensure continuous delivery of your ads. You can add a back up credit card by visiting your Billing Preferences page or visit the AdWords Help Centre for more.

Tip: You can review the status of your billing on the Billing Summary page, under the ‘My Account’ tab. If a payment has been declined, click ‘Payment Declined’ beside the line item to review information for that particular payment. Once your payment has been processed successfully, you can view and print an invoice from your Billing Summary page.

—————————— ———————————— This message was sent from a notification-only email address that does not accept incoming email. Please do not reply to this message. If you have any questions, please visit the Google AdWords Help Centre at https://adwords.google.com/support/?hl=en_GB to find answers to frequently asked questions and a ‘contact us’ link near the bottom of the page. —————————————————————-

Thank you for advertising with Google AdWords. We look forward to providing you with the most effective advertising available.

Sincerely,

The Google AdWords Team

The link above to http://adwords.google.com actually goes to a Russian website that is no doubt a look-alike to the Google Adwords login page. You can fight this particular type of phishing email rather easily:

1. Don’t click links in your email to visit online login pages
2. Roll your mouse over the link before clicking it and read the address its going to take you to VERY carefully. This particular one began with adwords.google.com and might have passed a cursory glance. After that there was a fake session ID number (a number used by websites to track your movement around the site to do things like allowing you to access password protected content) and it ended with ssl85.ru which should set off some alarms.

Don’t forget when looking at web addresses that they can easily be hidden or faked. For example some characters are very similar and can be overlooked. For example I’ll bet looking at the web address ADW0RDS.G00GLE.COM you didn’t notice the capital O’s have been replaced with zeros. In this case it appears that G00GLE.COM is protected by Google or Markmonitor (the Global Leader in Enterprise Brand Protection, Domain Management, Online Trademark Protection, Online Channel Protection, AntiPhishing Solutions).

Don’t be fooled, be safe!