The recent onslaught of suspicious emails claiming to be from the AdWords team at Google, at the very least, wins a mention on this blog. This post is going to discuss this annoying yet highly damaging phishing technique.
Having received a rather professional looking email from AdWords asking for some updated account information would not have normally rung warning bells, as the email was well structured, the “from” information also showed the AdWords / Google credentials, the links also complemented this by displaying a genuinely secure address, https://adwords.google.com and to top it all off it was even signed by the very helpful AdWords team (how can you not trust something signed by them?).
However other than the fact that the email client had already flagged this up as a phishing attempt and my social conditioning to doubt anything that asks for personal information; when hovering over the so called genuine AdWords link, https://adwords.google.com, it showed the true underlying link, which appeared as this: