Google AdWords phishing attack strikes inboxes

by Graham Cluley on July 26, 2011 | 3 Comments

Filed Under: Google, Phishing, Privacy, Spam

Have you received an email from Google saying that your Google AdWords campaign may have stopped running?

Here's an image of just such an email (click on it for a larger version):

Google AdWords phishing email. Click for larger version

Google AdWords

Your Google campaigns may have stopped running today (Monday, July 25, 2011)

Dear AdWords Advertiser,

For quality services and running your ads without any problems (Innactive account meaning Pausing your Ads) check your AdWords account regularly.

Click here to check your AdWords account now.

2011. Google

The messages have been spammed out across the internet, attempting to trick users into visiting a bogus website that pretends to be the Google AdWords login page.

Google AdWords phishing site

It's a realistic replica of the main Google AdWords page, created with some care in an attempt to phish your credentials off you. And don't forget, your same username and password will be not just used by Google AdWords, but also Gmail, Google Docs, Google+ and so forth..

In short, your Google username and password are a very attractive commodity to phishers.

That's one of the reasons why I recommend Gmail users set up two step verification, which provides an extra level of security.

To be extra sure of my suspicions, I checked that the google-oa.net website didn't belong to Google by doing a WHOIS look-up:

Whois information for google-oa.net

That's certainly not Google, and the fact that the domain has only just been registered makes it even more suspicious.

And what's with that odd zip code? I'm pretty sure 90211 is likely be next door to the world's most famous zip code, 90210 in Beverly Hills, California.

Seriously, 90210 is probably the zip code we see most often in the WHOIS information for bogus websites.

Of course, the registrant's name and the address in New York are quite possibly phony as well.

Sophos's products intercept the messages as spam, preventing you from unwittingly handing your Google username and password over to cybercriminals.

Tags: , , ,

3 Responses to Google AdWords phishing attack strikes inboxes

  1. islamfaisal says:
    July 26, 2011 at 10:43 am

    Very nice topic I wonder if I can add some of your articles to my blog or this violates your copyrights.

    Reply Report comment
  2. Antony says:
    July 26, 2011 at 10:44 am

    I believe you guys should post or repost if already done before, a quick shout on how to spot a bogus website as way to many people use the same user name and password and as you pointed out Google Accounts is your username and password for all of the Google Services you are taking part in.

    Reply Report comment

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title="" rel=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <pre> <q cite=""> <strike> <strong>

About the author

Graham Cluley has worked in the computer security industry for more than 20 years, developing anti-virus software and doing quite a lot of talking about internet threats. He's won awards for his blogging, but is proudest of the text adventure games he wrote when he was still wearing short trousers. You can learn more about those (the games, not the trousers) at grahamcluley.com. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.