Beware This New Phishing Email

I received 4 copies of this phishing email today:

Hello,

Your Google Adwords Account has stopped running this morning.

Some of the ads have stopped running today (Tuesday, 27 April 2010).

If you want to get your ad back up and running you need to optimize the campaign to improve the CTR. The link below has some helpful tips, but, in a nutshell, you need to look at your keywords and your ad text. Make sure your keywords are jighly relevant and then make sure that each keyword in the ad group makes sense in terms of the ad text associated with this ad group (usually this means you need to create more ad groups with a smaller number of keywords). Having a tight connection between keywords and ad text helps improve CTR, which should fix your problem.

Click here to get your ads back up.

Please note: if you do not verify the status of your account and notify us if your ads do not appear online, we cannot help you.

© 2010 Google Inc. 1600 Amphitheatre Parkway, Mountain View, CA 94043

Email Preferences: We sent you this email because you have indicated that you are willing to receive AdWords account performance suggestions. If you do not wish to receive emails of this nature in the future, please visit your account’s Communications Preferences page (AdWords login required). Click on the word ‘Yes’ beside ‘Customized help and performance suggestions,’ and change to ‘No’.

If you don’t know, a “phishing” (pronounced “fishing”) website, is a fake website that tries to pass itself off as a real website in order to get you to enter your login credentials, which they then steal your login and use on the legitimate website. So this phishing email, is trying to get me to go to the phishing website and enter my Google AdWords account details. Typically scammers try it with bank accounts, but this is the first time I’ve seen it for Google AdWords.

Why AdWords? Because if they get your adwords account (if you have one) they can put their own ads up and spend your advertising budget for their own websites! Now it’s no surprise that having been to the website (note I’ve disabled the phishing links to it in the email copy above, except for the real link at the bottom), it looks completely legitimate, just like the normal Google login page.

How do I know it’s a phishing email / website then? There are several give aways, but the main one is the url; it’s not the regular google.com one. Also, you can tell the url without even clicking the link, just by hovering your mouse over the link in your email program, you get a popup that shows you the url:

You see that “google-sn.com” is not google.com. That extra “-sn” shouldn’t be there. This is subtle I know, but if you want to protect yourself online, you need to do one simple thing: pay attention to the urls, that is the actual domains / website names that you visit when you have an account that has anything to do with money. This alone tells me this if a phishing attack. But there are several other tells, to use a poker term, that you can look for to see if you’ve got a phishing email. They were:

– I received 4 copies of the same email, I would expect a legitimate email from Google to have sent only one.

– There was no email address in the “To:” field of the email, I would have expected to see not only my own personal email address here, but also specifically the email address I use for my Google AdWords account (I have several hundred email addresses!).

– There was a broken image in the email, meaning that it had a blank square with a red X in. It probably was meant to be the Google logo. I wouldn’t have expected a real email to be properly constructed.

– The email started “Hello,” and didn’t address me by name. Google know my name and use it in their emails. Further, there were no personally identifying bits of information in the email, it was completely generic.

– Finally, whilst I have an AdWords account, I’m not currently running any ads, so there are none to disable!

Anyway, I hope that helps someone avoid getting ripped off!

{ 0 comments… add one }

Leave a Comment