Have you received an email from Google saying that your Google AdWords campaign may have stopped running?
Here’s an image of just such an email (click on it for a larger version):
Google AdWords
Your Google campaigns may have stopped running today (Monday, July 25, 2011)
Dear AdWords Advertiser,
For quality services and running your ads without any problems (Innactive account meaning Pausing your Ads) check your AdWords account regularly.
Click here to check your AdWords account now.
2011. Google
The messages have been spammed out across the internet, attempting to trick users into visiting a bogus website that pretends to be the Google AdWords login page.
It’s a realistic replica of the main Google AdWords page, created with some care in an attempt to phish your credentials off you. And don’t forget, your same username and password will be not just used by Google AdWords, but also Gmail, Google Docs, Google+ and so forth..
In short, your Google username and password are a very attractive commodity to phishers.
That’s one of the reasons why I recommend Gmail users set up two step verification, which provides an extra level of security.
To be extra sure of my suspicions, I checked that the google-oa.net website didn’t belong to Google by doing a WHOIS look-up:
That’s certainly not Google, and the fact that the domain has only just been registered makes it even more suspicious.
And what’s with that odd zip code? I’m pretty sure 90211 is likely be next door to the world’s most famous zip code, 90210 in Beverly Hills, California.
Seriously, 90210 is probably the zip code we see most often in the WHOIS information for bogus websites.
Of course, the registrant’s name and the address in New York are quite possibly phony as well.
Sophos’s products intercept the messages as spam, preventing you from unwittingly handing your Google username and password over to cybercriminals.
Very nice topic I wonder if I can add some of your articles to my blog or this violates your copyrights.
Hi
Thanks for asking.
Rather than scraping all our content, we'd prefer if you just took a headline and an excerpt if you wanted to republish on your own blog.
Details of how to do that here: http://nakedsecurity.sophos.com/2011/07/16/add-na…
I believe you guys should post or repost if already done before, a quick shout on how to spot a bogus website as way to many people use the same user name and password and as you pointed out Google Accounts is your username and password for all of the Google Services you are taking part in.