Phishing in Googleland

UPDATE May 30, 2017
I received email from Joel Stephens in response to this post providing a link with lots of information on phishing: what to look for and how to avoid getting caught. For more good phishing information, see “Common phishing scams and how to recognise and avoid them” .

I haven’t seen this version of a phishing scam until this morning’s email arrived. 

Crooks are now sending email claiming to be Google.  They’re telling me that my pay-per-click ads are offline and that I need to put more credit card money into my business’ Google AdWords account.

This looks like a real Google AdWords notification, except instead of going to the URL that displays in the email, the hyperlink actually takes you to a site in mainland China (see the “.cn” at the end):  http://adwords.google.vaultpacket.cn/select/Login .

(The real Google is at https://adwords.google.com/select/Login .)

I haven’t clicked, but I suspect the site mimics the real Google site. It will ask for your credit card information to reactivate your account.  Once you type in your numbers, kiss that card good-bye!

It’s a good fake and it’s new to me.  Most of all I’m impressed that the crooks think that Google AdWords is used enough for their scam to attract enough suckers to warrant their time and energy. After all, it takes work to set up a phony site!

This message was sent from a notification-only email address that does
not accept incoming email. Please do not reply to this message.

———————————————————————————-

Dear AdWords Customer,

Your ads have stopped running because we were unable to process your billing information.
To activate your account and start running your ads, enter your billing information.

In order to activate your account and start running your ads, enter your billing information.
Pease sign into your account at
http://adwords.google.com/select/login, and update
your billing information.

Once your account is reactivated and your billing information has been processed,
any your ads and campaigns can begin running immediately on Google.

———————————————————————————-

The Google-AdWords Team

This entry was posted in business, Uncategorized. Bookmark the permalink.

2 Responses to Phishing in Googleland

  1. fyellin says:

    I have reported this to Google.

    • ozdachs says:

      Thanks. Do you have an email address at Google to send reports to? This morning’s phishing wanted me to click to

      http://adwords.google.outtrust.cn/select/Login 

      (disguised as http://adwords.google.com/select/login ).

      The header info with hotmail address, if it helps:

      Delivered-To: [email protected]
      Received: (qmail 15109 invoked from network); 9 Apr 2008 13:40:33 -0000
      Received: from unknown (HELO [195.206.164.56]) (195.206.164.56)
      by ns4.webmasters.com with SMTP; Wed, 09 Apr 2008 09:40:33 -0400
      Received: from [195.206.164.56] by mx4.hotmail.com; Wed, 9 Apr 2008 13:41:04 +0000
      Message-ID: <32724947.1207748595687.JavaMail.root@m04>
      From: [email protected]
      To:
      Subject: Please submit your payment information
      Date: Wed, 9 Apr 2008 13:41:04 +0000
      MIME-Version: 1.0
      Content-Type: multipart/alternative;
      boundary=”—-=_NextPart_000_0007_01C89A47.5AFDD800″
      X-Priority: 3
      X-MSMail-Priority: Normal
      X-Mailer: Microsoft Outlook Express 5.00.2314.1300
      X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300
      X-SA-Poll-Id: 1207748595645..1207748436.15139.ns4.webmasters.com..1..1207748464000
      X-SA-USERIDNR: 1010303
      Received-SPF: unknown(google.com: domain uses a mechanism not recognized by this client)

      Received: from unknown (HELO [195.206.164.56]) (195.206.164.56)
      by ns4.webmasters.com with SMTP; Wed, 09 Apr 2008 09:40:33 -0400
      Received: from [195.206.164.56] by mx4.hotmail.com; Wed, 9 Apr 2008 13:41:04 +0000
      Message-ID: <32724947.1207748595687.JavaMail.root@m04>
      From: [email protected]

Leave a Reply to ozdachs Cancel reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.