Posted by: Robert Westervelt
Google, Phishing, spam
Phony message tricks users into logging into a bogus AdWords account to “reactivate” a Google AdWords campaign.
A new phishing attack targeting users of Google AdWords has surfaced in a variety of spam emails, according to security vendor Sophos.
Users of the AdWords service may be easily tricked by a phony email message purportedly from Google warning that their AdWords campaign has been suspended. If the user is tricked into clicking a link, the person is forwarded to a phony Google AdWords page and prompted to log into their account. Attempting to log in on the phony page immediately exposes the victim’s account credentials, according to Sophos’ Graham Cluley.
“It’s a realistic replica of the main Google AdWords page, created with some care in an attempt to phish your credentials off you. And don’t forget, your same username and password will be not just used by Google AdWords, but also Gmail, Google Docs, Google+ and so forth.”
We’ve heard that account credentials have been growing in value to cybercriminals, while at the same time credit card information, which has flooded the black market, has declined in value. Microsoft’s Security Intelligence Report, issued in May documents the trend. In 2010, according to Microsoft, phishing impressions from social networks – a single instance of a user attempting to visit a known phishing site – increased from a low of 8.3% of all impressions in January 2010 to a high of 84.5% of impressions in December.
As people put more of their daily lives on social networks and in other public forums, phishers may be gaining the upper hand. Cisco Systems Inc. recently documented an increase in Spear Phishing attacks. Those attacks target a subset of users at an organization or individuals. The messages are very specific and tailored towards individual interests in order to trick the user into believing its a legitimate email. Cisco said spear phishing netted cybercriminals $150 million in June by its estimate.
Symantec’s most recent Intelligence Report (PDF), issued this week, found that in July phishing activity was detected in one in every 319 emails. The number of phishing websites decreased by 6.76% in July. The numbers are typically cyclical depending on the time of year with spam and phishing increasing during peak shopping seasons.