Hoax E-mails Steal Information of Google & Yahoo! Advertisers
Researchers at Sunbelt Software, a security company, warn that hoax e-mails masquerading as Google AdWords customer support are circulating on the Internet. The e-mails include URLs that take users to phony authentication pages where their log-in details are seized.
The reports revealed that the fraudulent e-mails use the address firstname.lastname@example.org to spoof the "From:" field, and display "Google AdWords Account Verification E-mail" in the subject line. The message asks customers to verify their contact information via the given adwords.google.com URL.
Once a user lands on the fake pages, he finds a form that asks for his password and e-mail details along with other information like full name, company's name, phone number and country name.
Moreover, the URL link connects to rogue pages that are hosted on various .eu and .be domains. According to Alex Eckelberry, CEO of Sunbelt Software, this tactic is new. He added that earlier phishers targeting Google AdWords used to use .cn domain in their fraudulent links, as reported by Softpedia on January 19, 2009.
Additionally, CEO Alex Eckelberry reports of another attack targeting Yahoo! Marketing Solutions. In Yahoo's case, the phishing messages pretend to say that Account 'Yahoo! Inc'  is no longer displaying ads as there is zero account balance. The message further says that to know more about the warning, users must access the Alerts panel by logging-in to their accounts. However, the given URL for the Yahoo! Login page leads to a malicious web page on a different domain.
Furthermore, the message warns that if the recipient fails to do as directed, his account will be deactivated. And to appear more legitimate, it provides directions on the way a user could reach the Yahoo! Customer Support, again through a fake URL. Analyzing the text of the message, it becomes clear that the attackers used a Yahoo! Message and modified it to appear legitimate.
Meanwhile, it is worth mention that the official publisher win.rar GmbH of the WinRAR zip program too released a warning that fraudulent Google AdWords redirected users to bogus Download.com.
Related article: Hack.Huigezi Virus Attacks China PCs Rapidly
» SPAMfighter News - 29-01-2009