Phishing Attack Targets Google AdSense Users
According to security researchers, a widely used Google AdSense advertising utility has been targeted by a socially engineered phishing campaign that tries to capture confidential and other personal data for committing identity theft.
The phishing scam against Google AdSense (a famous advertising service) actually based on an e-mail that contains believe phrases and signs generally found in genuine e-mails sent by Google itself.
The reports state that a victim got an e-mail whose caption read "Google AdSense Account Disabled." This e-mail 'From' section gave an impression that it had come from Google. Moreover, it didn't specify the reasons. The e-mail victim thought that it had been sent by Google because there were a large number of clicks on its website few days back. Google had discovered that abuse and sent this e-mail to inform him.
Besides, the security researchers said that it seemed scammers had copied a genuine e-mail that Google normally sent for notifying users when it disable their accounts or do anything similar. The sender's address showed firstname.lastname@example.org, a genuine e-mail address of Google for contacting its clients.
Moreover, the e-mail's target field was blank and the text didn't mention full name just as conventional communications from Google normally did. Furthermore, the e-mail had an attachment named 'Invalid Clicks Appeal.html,' which instead of displaying a Google website presented a website on the 110MB.com domain. Eventually, it was at this point where the scammers carried out their phishing.
Describing phishing, security researchers said that it involved the offensive practice of making efforts to obtain sensitive details like credit card numbers, usernames and passwords in the guise of any reliable institution or individual through an electronic mail.
Finally, security researchers advised that e-mail recipients should pay attention to the web-links embedded in e-mails. The best practice demands that the site or service should be accessed through the manual typing of their URLs into the browser's address bar or via using any of the popular search engines. While it was important to always verify the authenticity of any e-mail, it was especially crucial to make additional scrutiny of e-mails related to AdSense accounts, the researchers added.
Related article: Phishing With A Redirector Code
» SPAMfighter News - 30-10-2009