Have you received an email from Google saying that your Google AdWords campaign may have stopped running?
Here’s an image of just such an email (click on it for a larger version):
Your Google campaigns may have stopped running today (Monday, July 25, 2011)
Dear AdWords Advertiser,
For quality services and running your ads without any problems (Innactive account meaning Pausing your Ads) check your AdWords account regularly.
Click here to check your AdWords account now.
The messages have been spammed out across the internet, attempting to trick users into visiting a bogus website that pretends to be the Google AdWords login page.
It’s a realistic replica of the main Google AdWords page, created with some care in an attempt to phish your credentials off you. And don’t forget, your same username and password will be not just used by Google AdWords, but also Gmail, Google Docs, Google+ and so forth..
In short, your Google username and password are a very attractive commodity to phishers.
That’s one of the reasons why I recommend Gmail users set up two step verification, which provides an extra level of security.
To be extra sure of my suspicions, I checked that the google-oa.net website didn’t belong to Google by doing a WHOIS look-up:
That’s certainly not Google, and the fact that the domain has only just been registered makes it even more suspicious.
And what’s with that odd zip code? I’m pretty sure 90211 is likely be next door to the world’s most famous zip code, 90210 in Beverly Hills, California.
Seriously, 90210 is probably the zip code we see most often in the WHOIS information for bogus websites.
Of course, the registrant’s name and the address in New York are quite possibly phony as well.
Sophos’s products intercept the messages as spam, preventing you from unwittingly handing your Google username and password over to cybercriminals.