Two of our clients recently received very authentic-looking email alerts from “Google” informing them that their AdWords campaign had stopped running. The message included instructions on what to do to fix the problem. And of course, the last step of the “fix” involved harvesting their login and password.
Here’s the message one client received:
Example AdWords phishing email
Despite the spelling errors, like “jighly (sic.) relevant”, the message is written in SEM-ese and sounds official and the link the recipient is asked to click looks OK at first glance: “http://adwords.google-lc.com/accounts/signin.html”.
A review of the online buzz on the subject reveals that phishing attempts targeting AdWords users are quite common and have been a problem for at least two years.
Phishing attempts come with different content, but they appear to take two basic approaches. The most common is the “your campaigns/ads have stopped running” type of message, like the one above, suggesting something is wrong with the AdWords account. Other users were sent messages suggesting that their payment to Google was not processed, requesting the user to resubmit. Clicking the link then took the user to an authentic looking page where they were asked to re-enter and re-submit their payment information.
Here are some subject lines that recipients have reported:
• your adwords google account is stoped (sic)
• account reactivation.
• please re-activate your account.
• please re-submit your payment information.
• please submit your payment information.
• please update your billing information.
• reactivate your adwords google account.
• submit your payment information.
• update your billing information.
• update your payment information.
• you have one or more alerts.
• your account with google adwords.
• your ads are not running.
• your ads have been suspended.
• your ads in this account are not running.
• your payment didn’t succeed\
So how does one identify a phishing attempt?
If you receive any unsolicited message asking for your password or other sensitive information claiming to be from Google AdWords, assume that it is a phishing attempt.
Some other telltale signs of a phishing message include:
1. Urgent tone, demanding an immediate response to a failed payment, stopped campaign, ad copy not running, or something else “broken”.
2. A request for a login into the account to “verify” some data or “fix” the problem, or a similar request for personal information such as a login, a password or payment information.
3. Funny formatting, awkward grammar, spelling errors, unusual indentation an over-long “from” address.
4. If the message landed in your Junk Mail or Spam folder, it’s suspect.
5. If you can’t put your finger on it but something just seems fishy, it most likely is a “phish”.
What to do if you’ve received a fraudulent message?
Google treats phishing attempts very seriously; so if you receive a suspicious email claiming to be from AdWords, report it to Google:
What do I do if I receive a suspicious email claiming to be from AdWords?
If you’ve received a phishing email that attempts to fraudulently collect passwords, credit card numbers, and other sensitive information, please report the suspicious email immediately. […]
(The complete article can be found by clicking here)
You can also email the message directly to Google at phishing@google.com.
What to do if you clicked a link and are concerned that your AdWords account may have been compromised?
If you believe your account has been compromised, contact Google immediately.
Given how long this has been going on, AdWords phishing is most likely here to stay. So stay safe and pass the message on to your colleagues and clients.