Google Adwords Email Phishing Scam

Enter the Portal of Deals, Discounts, Sales, & Coupons

Google Adwords Email Phishing Scam

May.06, 2008 in Internet & Web Safety

Google Adwords Email Scam!

I’ve recently received four variations of a Google Adwords Email Scam. I was a participant in the Google Adwords program over a year ago and I still received this email. If you are an active Adwords advertiser, Do Not Fall For This!

I have received four variations of the Adwords Scam:

I. Dear Google AdWords Customer,

Your ads have stopped running because we were unable to process your billing information. We will reactivate you account after you update your billing information. In order to reactivate your account, please sign it to your account at http://adwordsgoogle.com/select/login, and update your billing information. Once your account is reactivated and your billing information has been processed, any your ads and campaigns can begin running immediately on Google.

You will not be asked to submit your billing information every time you create a new ad or campaign. If your payment has been declined and you’d like to resubmit the same credit card information, you may also do so by clicking the Retry card button on your Billing Preferences page. After updating your credit card information (regardless of whether or not you use a different card), it can take up to 24 hours before your ads start running again. You also have the option of providing a backup credit card to help ensure that your ads run continuously in the case that your primary payment method fails.

Sincerely,

The Google AdWords Team

II. Dear AdWords Customer,

As part of our ongoing efforts to improve the Google AdWords programme for advertisers and users, we have updated our Terms and Conditions.

Please review the new Terms and Conditions below, then indicate your acceptance.

Yes, I accept the Terms and Conditions.

III. Dear Google AdWords Customer,

Please sign in to your account at http://adwords.google.com/select/login, and update your billing information.

Your account will be reactivated as soon as you update your payment information.

Your ads will show immediately if you decide to pay for clicks via credit or debit card. If you decide to pay by direct debit, we may need to receive your signed debit authorization before your ads start running, depending on your location.

If you choose bank transfer, your ads will show as soon as we receive your first payment.

We look forward to providing you with the most effective advertising available.

Sincerely,

The Google AdWords Team

IV. Dear Google AdWords Customer!

In order to update your billing information, please sign in to your AdWords account at https://adwords.google.com, and update your billing information. Your account will be reactivated as soon as you have entered your payment details. Your ads will show immediately if you decide to pay for clicks via credit or debit card. If you decide to pay by direct debit, we may need to receive your signed debit authorization before your ads start running, depending on your location. If you choose bank transfer, your ads will show as soon as we receive your first payment. (Payment options vary by location.)

Thank you for choosing AdWords. We look forward to providing you with the most effective advertising available.

Sincerely,

The Google AdWords Team

Google will never ask you for information this way. The sender is trying to coerce you into believing Google requires something of you. These phishing attacks can be quite convincing to the unsuspecting person.

The reality is that a bogus website hosted by “Mr. Evil” is designed to look and act like the legitimate company’s. When you enter sensitive information, such as credit cards, personal info, and passwords, the site will harvest the information for identity theft.

Five things you can do to protect yourself from email phishing scams

Don’t take an email’s word for it. Call the company directly to verify if any account information is needed.
Companies, such as Google, will not send out emails with spelling and grammatical errors.
View the source of any link in an email. If you see an HTML link that looks valid, such as “https://adwords.google.com,” right click > view source > and search for the real URL. For example, <a href=”http://www.im-going-to-steal-your-identity.com>https://adwords.google.com</a>
On any website that you are entering sensitive information, ensure that the site has an SSL Certificate. Double click the icon in the bottom right of your browser window to see the Certification Authority.
Use common sense.

An average user may find him or herself faced with a complex phishing scam that uses encoding schemes and SSL trickery. In that instance, and all suspicious cases, ensure validity through a human contact.

All Phishing emails should be reported to the Anti Phishing Working Group , US-CERT , and any company they attempt to represent.

Tags: email scam, phishing

Welcome!

An Information Security Professionals Blog to assist general users on Computer Security, and to explore with other InfoSec Professionals topics of Systems Security, Forensics, ethical hacking, and Incident Response.

Most Popular Posts
Do Not Fall Victim to Internet Auction Fraud

Setup a Secure Wireless Network at Home

Selling Used Computers Identity Theft Concerns

Barack Obama Denied National Security Clearance

Exciting Computer Security Career Jobs

CONTESTS:

Funniest Computer Security Story Contest

SERIES:

Do Not Fall Victim to Internet Scams

CISSP Study Sheets

SURVEY:
Which film is the Most Realistic Hacker Movie?