Monday, 7 April 2008

Google AdWords Phishing: Update

Following on from my previous post about a Google AdWords phishing attack, I've just received a similar message that is subtly different in two ways.

First, the email message is supposedly about billing information, rather than an update to the AdWords terms and conditions. The email starts with, "Your ads have stopped running because we were unable to process your billing information.To activate your account and start running your ads, enter your billing information."

Second, the phisherman has edited the URL and corrected his earlier 'adwrods' typo. Now anyone who clicks on the link (which appears to link to http://adwords.google.com/select/login) will instead go to: http://adwords.google.aspenvault.cn/select/Login (don't click this link, by the way!)

It just so happens that I have a Google AdWords account and the credit card I use to fund it has expired. In this case, the phishing attempt was very convincing.