Saturday, 5 April 2008

Google phishing with 'adwrods'

One of the latest phishing attacks is aimed at Google AdWords customers. It takes advantage of the fact that Google recently changed some of the terms and conditions for its AdWords advertising system.


When you log on to AdWords you're asked to review and accept these changes. The company did not, as far as I know, send out any emails asking customers to do this. In fact, although the changes were made some time ago, you could delay looking at them and confirming your acceptance. So signing up to the changes wasn't exactly urgent.


However, this morning one of my email honeypots received an email purporting to come from 'Google AdWords ', requesting that the recipient should click on a link labelled 'Yes, I accept the Terms and Conditions'. See the screenshots below to see how the email appears, and check out the URL used in the link. I can't think of a reason, aside from carelessness, that they would misspell AdWords.