Google AdWords phishing attack strikes inboxes

by Graham Cluley on July 26, 2011 | 3 Comments

Filed Under: Google, Phishing, Privacy, Spam

Have you received an email from Google saying that your Google AdWords campaign may have stopped running?

Here's an image of just such an email (click on it for a larger version):

Google AdWords phishing email. Click for larger version

Google AdWords

Your Google campaigns may have stopped running today (Monday, July 25, 2011)

Dear AdWords Advertiser,

For quality services and running your ads without any problems (Innactive account meaning Pausing your Ads) check your AdWords account regularly.

Click here to check your AdWords account now.

2011. Google

The messages have been spammed out across the internet, attempting to trick users into visiting a bogus website that pretends to be the Google AdWords login page.

Google AdWords phishing site

It's a realistic replica of the main Google AdWords page, created with some care in an attempt to phish your credentials off you. And don't forget, your same username and password will be not just used by Google AdWords, but also Gmail, Google Docs, Google+ and so forth..

In short, your Google username and password are a very attractive commodity to phishers.

That's one of the reasons why I recommend Gmail users set up two step verification, which provides an extra level of security.

To be extra sure of my suspicions, I checked that the google-oa.net website didn't belong to Google by doing a WHOIS look-up:

Whois information for google-oa.net

That's certainly not Google, and the fact that the domain has only just been registered makes it even more suspicious.

And what's with that odd zip code? I'm pretty sure 90211 is likely be next door to the world's most famous zip code, 90210 in Beverly Hills, California.

Seriously, 90210 is probably the zip code we see most often in the WHOIS information for bogus websites.

Of course, the registrant's name and the address in New York are quite possibly phony as well.

Sophos's products intercept the messages as spam, preventing you from unwittingly handing your Google username and password over to cybercriminals.

Tags: , , ,

You might like

Oxford University blocks Google Docs because of phishing attacks.. for 2.5 hours Oxford University blocks Google Docs because of phishing attacks.. for 2.5 hours
Google Docs phishing Phishing with help from Google Docs
Gmail's automatic image viewing, and how to turn it off Phishing for passwords of unwary Google users
Image (1) gmail-phishing.jpg for post 16410 May Day Gmail phishing

3 Responses to Google AdWords phishing attack strikes inboxes

  1. islamfaisal · 1319 days ago

    Very nice topic I wonder if I can add some of your articles to my blog or this violates your copyrights.

    Reply
  2. Antony · 1319 days ago

    I believe you guys should post or repost if already done before, a quick shout on how to spot a bogus website as way to many people use the same user name and password and as you pointed out Google Accounts is your username and password for all of the Google Services you are taking part in.

    Reply

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Cancel

Connecting to %s

About the author

Graham Cluley runs his own award-winning computer security blog, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.