Google AdWords phishing scam on the loose
Posted by: Dennis Fisher
Data Breaches and Identity Theft
The creativity and resourcefulness of the criminal underground never ceases to amaze me. Granted, these guys have nothing else to do but sit around and come up with new scams, but still, some of these things are truly inspired. Have a look at this Google AdWords phishing scam that has been showing up in recent days:
From: Google AdWords <setup@google.com> To: xxx at xxx.xxx Subject: Google AdWords Alert Date: Wed, 12 Nov 2008 02:27:xx +1000 Hello, Our attempt to charge your credit card on Wed, 12 Nov 2008 02:27:xx +1000 for your outstanding Google AdWords account balance was declined. Your account is still open. However, your ads have been suspended. Once we are able to charge your card and receive payment for your account balance, we will re-activate your ads. Please update your billing information, even if you plan to use the same credit card. This will trigger our billing system to try charging your card again. You do not need to contact us to reactivate your account. To update your primary payment information, please follow these steps: 1. Log in to your AdWords account at: http://adwords .google .com .session- xxxxxxxxxxxxxxxxxxxx .xxxxxxxxxxxxxxxxxxxx .com68 .ru 3. Click 'Billing Preferences' link. 4. Click Edit next to the appropriate 'Payment Details' section. 5. Enter your new or updated payment information. 6. Click 'Save Changes' when you have finished. In the future, you may wish to use a backup credit card in order to help ensure continuous delivery of your ads. You can add a backup credit card by visiting your Billing Preferences page. ------------------------------------------------------------------ This message was sent from a notification-only email address that does not accept incoming email. Please do not reply to this message. If you have any questions, please visit the Google AdWords Help Centre at https://adwords.google.com/support/?hl=e... to find answers to frequently asked questions and a 'contact us' link near the bottom of the page. ---------------------------------------------------------------- Thank you for advertising with Google AdWords. We look forward to providing you with the most effective advertising available. Sincerely, The Google AdWords Team
I don’t see too many glaring errors in this message that make it stand out as a phish. As the Internet Storm Center diary entry on this scam points out, the only real problems are the URL ending in .ru and the date that is in the future. Aside from that, this is pretty solid work. I’d guess that most average users would have little to no chance of recognizing this as a phishing email. No misspellings, no first-grade grammar and no pleas for money to be transferred to an account in Djibouti. Egads.
Comment
RSS Feed
Email a friend
You must be logged-in to post a comment. Log-in/Register