You might remember that about a couple of days ago, I had run a post about the Yahoo! Search Marketing Phishing Email Scam. Running on the same topic of phishing email scams, over at the Google Blogoscoped, a fresh new case of phishing email scam has surfaced and this time the target was a Google AdWords Account and its advertiser Russell. Here is what happened and how Russell almost became a prey to the phishing e-mail scam.
Russell is an active user of the Google AdWords and he advertises for one of his websites that is in the business of laser and inkjet labels. Now according to the report, Russell has currently six ongoing advertising campaigns in Google AdWords. However, that doesn't make him a large-scale advertiser and should have been less susceptible to such an attack.
Suddenly, one day, Russell witnessed a flurry of, what looked like spammy campaigns, had been set up in his account. Remember, Russell had only 6 legitimate campaigns in Google AdWords. The keywords targeted for this campaign are all variations on Ă˘â‚¬Ĺ“loansĂ˘â‚¬Âť, Ă˘â‚¬Ĺ“fast cashĂ˘â‚¬Âť and so on. The maximum cost per click was set to $6.25. Here is a screenshot of the numerous campaigns in his account:
However, these odd campaigns were automatically stopped by Google and Russell speculates that Google might have had some kind of Ă˘â‚¬Ĺ“spam flagĂ˘â‚¬Âť raised. But when he approached Google on this issue, this is what Google had to say, Ă˘â‚¬Ĺ“We have several systems in place which Flags any Ă˘â‚¬â„˘unusual account activityĂ˘â‚¬â„˘ which immediately stops all ads running until they have the time to check into itĂ˘â‚¬Âť
The website that was being advertised by the false campaigns was LastMinuteSite.com. The site claims to offer you a loan for $1,500 instantly with Ă˘â‚¬Ĺ“all applications accepted.Ă˘â‚¬Âť Note, the site may or may not be the true origin site of the attack, as it may make sense for a malicious attacker to hide their tracks, camouflage style, by pointing to innocent sites as well: .
After a bit of investigation and research, the true source of the attack was finally located. It seems that Russell had received an odd mail in his Hotmail account, apparently from the Google AdWords team. However, it turned out to be a phishing email, a seemingly legitimate official email asking you to e.g. log-in to your account to adjust some settings. Below is the image of the mail:
Russell followed the e-mail instructions and logged in to Ă˘â‚¬Ĺ“his accountĂ˘â‚¬Âť on that page. That was the exact moment, someone else likely fished for his password. After logging into his account, Russell could not find any notifications, that would suggest a request for the renewal of AdWords account. After the credentials are kidnapped, the phishing site can forward one to any other site, including the official AdWords site.
This attack on Russell, though unfortunate, is a big eye opener as far as phishing emails are concerned. If you ever face such kind of a predicament. Here is what you should do. Either you should ignore it or not click any link in that email but instead open a new browser window and enter the URL manually. Hovering over the link in the email is also often a good first give-away, as the domain may not be the official one, still, there are some automatic forwarding schemes which may even make the domain look official, so itĂ˘â‚¬â„˘s best not to click on such links at all. In the case of Russell, as of now, he has changed his Google AdWords password and the only thing that saved him from more damage, was probably the GoogleĂ˘â‚¬â„˘s AdWords abuse filter.