Daily cyber threats and internet security news: network security, online safety and latest security alerts
May 3rd, 2008

Another Google Adwords Phishing Attack In Progress

Google Adwords account holders are being targeted by criminals who trick them into handing over credit card information using a URL spoof has gained popularity in recent weeks.

The scam follows a traditional attack route involving the sending of spam emails to random Internet addresses in the hope of finding users who have purchased Adwords. The email claims that the user’s account payment has failed and asks them to “update payment information”, again a transparent tactic by today’s standards.

Proper looking link embedded into email, a correct Google login address. However, it actually leads to********.cn/select/Login, an obfuscated address that directs to a site associated with IPs in Germany, Romania, and the Czech Republic.

The site is a good copy of the real Google Adword site, and appears to let users login using their real account details. Obviously, any account details will work. Entering payment details results in that information being posted using an SSL link to a remote server after which the account will be hijacked.

The attack has been publicized by security software company Trend Micro, but the disarmingly simple scam is widespread enough to have been received by ordinary users in recent days. The latest phishing attack bears a strong resemblance to a near-identical campaign launched a few weeks back by Chinese criminals.

As common as “account update” attacks have become, the spoofed URL is still the key to reeling in victims. Criminals seem to have realized that users are paying more attention to such details.

Share this item with others:

More on CyberInsecure:
  • Another Google Adwords Phishing
  • World Of Warcraft Gamers Hit By Man-In-The-Middle Attacks
  • Google Helps Most Phishing Sites
  • Fraudulent avast! Anti-Virus Products Advertised Via Google AdWords
  • Winamp Forum Attacked, Hackers Stole Email Addresses

  • If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: Another Google Adwords Phishing Attack In Progress

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.