April 7th, 2008


Phishing in Googleland

I haven't seen this version of a phishing scam until this morning's email arrived. 

Crooks are now sending email claiming to be Google.  They're telling me that my pay-per-click ads are offline and that I need to put more credit card money into my business' Google AdWords account. 

This looks like a real Google AdWords notification, except instead of going to the URL that displays in the email, the hyperlink actually takes you to a site in mainland China (see the ".cn" at the end):  http://adwords.google.vaultpacket.cn/select/Login . 

(The real Google is at https://adwords.google.com/select/Login .)

I haven't clicked, but I suspect the site mimics the real Google site. It will ask for your credit card information to reactivate your account.  Once you type in your numbers, kiss that card good-bye!

It's a good fake and it's new to me.  Most of all I'm impressed that the crooks think that Google AdWords is used enough for their scam to attract enough suckers to warrant their time and energy. After all, it takes work to set up a phony site!
Collapse )