Over the weekend, there was a new onslaught of Google AdWords phishing attempts. Basically, fake emails have gone out that appear to be from Google. The emails ask you to login to AdWords and update your billing information. Although the link may appear to look like its a Google.com address, it is not. If you click on it and enter your billing information, it will go to a non-authorized individual, who may use your credit card information for their own shopping sprees.
The email looks like this:
Dear Google AdWords Customer!In order to update your billing information, please sign in to your AdWords account at https://adwords.google.com, and update your billing information. Your account will be reactivated as soon as you have entered your payment details. Your ads will show immediately if you decide to pay for clicks via credit or debit card. If you decide to pay by direct debit, we may need to receive your signed debit authorization before your ads start running, depending on your location. If you choose bank transfer, your ads will show as soon as we receive your first payment. (Payment options vary by location.) Thank you for choosing AdWords. We look forward to providing you with the most effective advertising available.
Sincerely, The Google AdWords Team ------------------------ This message was sent from a notification-only email address that does not accept incoming email. Please do not reply to this message. If you have any questions after following the steps above, please visit the Google AdWords Help Center at https://adwords.google.com/support/bin/topic.py?topic=8336&hl=en_US to find answers to frequently asked questions and a 'contact us' link near the bottom of the page.
It looks very official, but the link that reads https://adwords.google.com actually takes you to http://adwords.google.com.fr4ck.cn/select/Login/.
Google's AdWordAdvisor recommends that when you see such an email, you report it to Google at Google AdWords Support:
In this case - or any other similar case - if you see what you suspect to be phishing email intended to look as if it came from Google AdWords, I hope you will take a few minutes to send all the pertinent details to the AdWords support team.
This is not the first time we have reported on Google AdWords Phishing attempts. There was a case in July 2007 and January 2008.
Forum discussion at WebmasterWorld, DigitalPoint Forums and Google Groups.
