Phishers Target Google AdWords Clients

AdWords clients recently have been finding unwanted phishing e-mails in their mailboxes. The message appears official and also shows a link pointing to AdWords support setting alarm, according to security researchers at Search Engine Roundtable, provider of report on Search Engine Marketing (SEM) forums, as reported by Securitypronews on March 24, 2008.

In phishing, perpetrators send fraudulent e-mails that look legitimate but attempt to seize recipients' personal information. Often the messages spoof the names of trustworthy and well-known Websites like Google, eBay, PayPal, Yahoo, MSN etc.

Barry Schwartz, report author, Search Engine Roundtable indicated how a dominant presence of Google in Internet advertising draws a great deal of interest from malicious spammers. This is more in the case of login information seeking phishers, who besiege leading players of MMORPG or Massively Multiplayer Online Role-playing Game.

Phishing, which attempts to capture personal information particularly, financial details such as credit card numbers, makes the practice a minimum risk but high reward yielding endeavor for cyber criminals. Phishers push out uncountable e-mails and sell off or use the stolen data.

In much the same way, the current case also involves large number of fraudulent e-mails pumped out that look officially from Google. The messages ask the recipients to sign in in AdWords and update their billing information. Albeit the link appears to point to a Google.com address, when users click it open and provide the billing details, it would reach a non-authorized person, who might use the victim's credit card details for his own shopping purposes.

The message in the e-mail is specially crafted that addresses the Google AdWords customer and says that for the purpose of updating the recipient's billing information, the customer needs to sign-in to his AdWords account at https://adwords.google.com and enters his billing details. It further informs the recipient that his account would be reactivated the moment he enters his payment particulars.

The message, which arrives like a notice only, would not accept any incoming e-mail. Security researchers are advising end-users to resist answering it and also upgrade their system's security to ward off such fake e-mails.

Related article: Phishers Expand Their Sphere of Attacks

» SPAMfighter News - 4/2/2008