If you had received an email from the Google Adwords, watch out for the link that it redirects you to because the phishing scam had just started to spread. But before that, a quick introduction here to Google Adwords where it is a program for advertisers to create their advertisement to be published by Google and its Google Adsense publisher. In the coming few days, the Adwords phishing scam will be spread widely after the first few hits were detected. Read further on if you are part of the Google Adwords advertiser and does not want to fall into this phishing scam.
Google Adwords Phishing Scam – How it works?
You will first receive a piece of email telling you that your campaigns had stopped running and needed to login into your Adwords account in order to resume back. It provides a link for you to click and once you click on that link, you will be redirected to a phishing site which looks exactly like the actual Google Adwords.
Image from nakedsecurity.sophos.com
Cool isn’t it? Notice that the URL is slightly different from the actual Google URL and the only it confused most of the user is that it included the word ‘google’ into the URL. If you read about my post on how to detect and combat phishing attack, you will know that the basic trick of the attacker is usually to make the phishing URL as similar as possible to the actual one. If you are quite a careless person, then you should think about purchasing an antivirus which has phishing detector.
WHOIS the Phishing Scammer
Back to the URL, you can check on the person who register for this domain. This can be done by going to the WHOIS look-up site and you will find the information as below:
The information is nothing close to the actual Google Adwords. This phishing scam is still fresh on the internet and you should stay alert when there is any email from Google Adwords. It is advisable for everyone to use the two-step verification for your login. You can refer to this post on how to setup a two-step verification for you Google account. By having the two-step verification, even the scammer has your username and password, he will still not be able to login until the verification code is provided to him. Stay close to IT Security Column to get the latest updates on not only phishing scam’s news, but also other IT security related news.