Google Adwords Phishing Scams


Advertisements

By PatB
Contributing Writer, [GAS]

I got a very interesting piece of spam in my inbox this morning, and it took me a few moments to realize it was a phishing attack designed to make me disclose my Google Adwords password.

Here is a screenshot of it.

Hovering over the link, you can see that they use a machine name of “adwords.google.com,” however, it continues as a session name, followed by random numbers, and finally, a domain name located on a Russian host.  This attack is designed to trick website operators and blog owners into disclosing their Google account password.  So far I have only seen Adwords used as a phishing attack.  I suspect that it would work just as well with Adsense and other Google subscription and pay services as well.

Many users of Google services use the same password for all of their services- for Gmail, Google Analytics, Webmaster Tools, Adsense and even Google Write.  Allowing this password to be disclosed would likely allow the attacker to take over not only the the Gmail account itself, but also to access all the services and websites where the Gmail address was used to register.

Securiteam has a blog post here about a man who had many businesses and forwarded all of his emails to his Gmail account for ease of access, easy searching, and convenience.  When his Google account was locked, undoubtedly because he was Phished, he literally lost the keys to his business and was unable to interact with his customers.  It took days to regain his access.

Bottom line is, don’t fall for these phishing attacks.  Make sure you have a backup email notification built into your Google account(s), and for God’s sake, don’t use the same password for everything.  The same goes double for Yahoo accounts.





8 Responses to Google Adwords Phishing Scams

  1. Tricky, tricky. That dot after the “.com” instead of a question mark makes all the difference. So the real domain is “sys80.u” — those sly Russian phishers.

    IMO your email client should have detected a possible phishing attempt.

  2. Tricky, tricky. That dot after the ".com" instead of a question mark makes all the difference. So the real domain is "sys80.u" — those sly Russian phishers.

    IMO your email client should have detected a possible phishing attempt.

  3. Generally these phisher scammers are artists and they will try to trick everyone. Poor man I bet he will never foward his emails again to any free email provider. I use Gmail as my main email provider but personal stuffs I keeping in my local email client.

  4. Generally these phisher scammers are artists and they will try to trick everyone. Poor man I bet he will never foward his emails again to any free email provider. I use Gmail as my main email provider but personal stuffs I keeping in my local email client.