For those of you who have a Google AdWords account, be wary of a new Google AdWords spam campaign we have seen in-the-wild earlier this week. The spam email may use the following subject lines:
Google AdWords: You have a new alert.
Google Team: You have a new alert
Here is an example of the spam email posing as a notification email from Google AdWords.
If you notice in the sample email, the URL link that appears to be linking to your Adwords account looks dodgy. But if that obvious sign didn’t prevent you from clicking the link, you would have been redirected to a Google AdWords phishing webpage.
After entering a username and password, the webpage sends these credentials to the cyber-criminal’s webserver.
The HTTP POST request when the user enters their Google account credentials. It sends the username and password to the phisher's webpage.
Of course, once you enter your Google account credentials in the phishing page this will NOT just compromise your Google AdWords account but all your Google services like GMail or Google+ will be affected as well. When you receive these sorts of notification emails, always double check the URL before you click on them – if it looks suspicious, it probably is.
Leave a reply
