- November 10, 2008
[UPDATE] See the bottom of this post for Google’s Response
Just a friendly reminder to be EXTRA CAREFUL with any emails that claim to be from the Google Adwords team claiming that your credit card has been declined or your account is about to expire. These “phishing” attempts are becoming extremely sophisticated and you can’t rely on poor grammar, misspellings, or shady return addresses as the “red flags”.
According to this Adwords Help section, “Please remember that Google’s AdWords team will never send an unsolicited message asking for your password or other sensitive information by email or through a link.”
The reason I bring this up now is that Google has been alerting Adwords users to be on the lookout for especially clever emails. For example, a client of mine received the following. Could you tell whether or not this is legitimate?
From: Google-AdWords [mailto:email@example.com]
Sent: Mon 11/10/2008 11:41 AM
Subject: Google AdWords Alert
Our attempt to charge your credit card on Mon, 10 Nov 2008 22:41:48 +0600
for your outstanding Google AdWords account balance was declined.
Your account is still open. However, your ads have been suspended. Once
we are able to charge your card and receive payment for your account
balance, we will re-activate your ads.
Please update your billing information, even if you plan to use the
same credit card. This will trigger our billing system to try charging
your card again. You do not need to contact us to reactivate your
To update your primary payment information, please follow these steps:
1. Log in to your AdWords account at: https://adwords.google.com
2. Click the ‘My Account’ tab.
3. Click ‘Billing Preferences’ link.
4. Click Edit next to the appropriate ‘Payment Details’ section.
5. Enter your new or updated payment information.
6. Click ‘Save Changes’ when you have finished.
In the future, you may wish to use a backup credit card in order to
help ensure continuous delivery of your ads. You can add a backup
credit card by visiting your Billing Preferences page.
This message was sent from a notification-only email address that does
not accept incoming email. Please do not reply to this message. If you
have any questions, please visit the Google AdWords Help Centre at
https://adwords.google.com/support/?hl=en_GB to find answers to
frequently asked questions and a ‘contact us’ link near the bottom of
Thank you for advertising with Google AdWords.
We look forward to providing you with the most effective advertising available.
The Google AdWords Team
My client did the right thing and forwarded this to me. Looks pretty real, right? If you knew what to look for, it would be easy to spot the fake. When I hovered over the link that appears to point to http://adwords.google.com, I could see that it actually pointed to this address:
Again, the first part of the URL looks legitimate until you get to the very end. The actual site behind this is com69.ru, presumably a Russian phishing site. I didn’t bother to visit that page to avoid scripts that could damage my computer, but needless to say it would not be easy to untangle that mess.
The lesson is, don’t click on links in emails that ask you for personal information, even if they come from “trusted” sources. You should always navigate directly to those sites by typing the URL into your address bar then logging into your account. Most sites will present you with any legitimate account-related information once you are properly logged in.
What are some of the more clever phishing attempts you’ve seen?
[UPDATE] Google’s Trust and Safety Team responded to a phishing report that I filed with this email. Their response was concise, timely, and most of all, useful. Nice job. Here is the full text:
From: Google Trust & Safety Team <firstname.lastname@example.org>
Date: Wed, Nov 12, 2008 at 6:50 AM
Subject: Re: [#XXXXXXXXXX] AdWords Phishing URL Report Form
Thank you for bringing this issue to our attention. The email and website you have discovered is not owned by Google and is characterized as phishing. Our security specialists are now working on disabling the site and email address.
Please note Google will never send unsolicited mass messages asking you to re-enter your password or re-confirm your personal information. If you need to change your account information, such as your billing details or your password, always sign in to your AdWords account directly.
Keeping our users safe from phishing is something we take very seriously. To help us keep yourself and others safe, we ask that you continue to report any suspicious Google messages or websites to us at email@example.com
We appreciate your assistance in keeping Google users safe from identity theft.
Google Trust & Safety Team