The recent onslaught of suspicious emails claiming to be from the AdWords team at Google, at the very least, wins a mention on this blog. This post is going to discuss this annoying yet highly damaging phishing technique.

Having received a rather professional looking email from AdWords asking for some updated account information would not have normally rung warning bells, as the email was well structured, the “from” information also showed the AdWords /Google credentials, the links also complemented this by displaying a genuinely secure address, https://adwords.google.com and to top it all off it was even signed by the very helpful AdWords team (how can you not trust something signed by them?).

However other than the fact that the email client had already flagged this up as a phishing attempt and my social conditioning to doubt anything that asks for personal information; when hovering over the so called genuine AdWords link, https://adwords.google.com, it showed the true underlying link, which appeared as this:

http://adwords.google.com.fr4ck.cn/select/Login

The bold word above is a clear pointer that the above link does not belong to Google and the “google.com” is actually a part of the URL name. The real domain suffix is .cn.

Ultimately unless the email manager client or security software flag this up, it’s very easy to succumb to phishing like this. Once the hackers get a hold of the information, they may sell the information on and make big money or log into the accounts, direct all traffic to a website of choice and make even bigger money!

Another worrying journey they could embark on is to log in and change all the settings in the account, raise bids, increase budgets, add silly keywords and so on. This not only causes grief financially but also compromises your well built, highly reputable account, which would be a mammoth of a task to rebuild!

BigMouthMedia has reported that this low risk, high value adwords phishing scam is growing exponentially at 240% a month, generating more reason for caution.

Although the real AdWords team is well aware of this dubious email,  to further protect yourself, as a rule never click on links directly from within the email, always hover over it to see where it really leads you to and be extra vigilant of anything that asks for personal information.