Via RSS
Via Email
Don’t Get Hooked by the Google Adwords Phishing Emails Going Around
Posted May 13, 2008 
Comments(15) I have been getting some Google Adwords phishing emails lately, and aside from some poor formatting, they look fairly legitimate. Google posted some security tips the other day, and they’re not half bad, but I wanted to share an example.
Here is an email I received recently: (warning - don’t click the link in there!)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Dear Google AdWords Customer,Your ads will be suspended soon unless we can process your payment.
Please update your payment information.Please sign in
to your account at http://adwords.google.com/select/login,
and update your billing information.- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Google AdWords Team
Overall the phisher did a pretty good job of making the email look legitimate. However, the formatting was a little off, and the request was a little too vague.
Plus, no matter how well camouflaged the link is, it’s not that hard to spot that the link goes to a subdomain of 4e1w1.cn, which is definitely not Adwords!
But the dead giveaway is that this email came to my “@internetmarketingsucks.com” address I have listed on this blog, which is NOT an actual Adwords account email. So obviously it’s not from Adwords because Adwords does not know about this email address…
There’s a very important lesson - don’t mingle your actual Adwords email with a public one. Then you won’t have to really worry about phishing, since your Adwords account updates will only come to your semi-private email address.
For example, you might use josh@myawesomelookingfunblog.com as a public email on your blog, but then you would use josh.doe.adwords@myawesomelookingfunblog.com for your Adwords account.
Anyway…
Be careful out there.
