How to spot and
react to AdWords phishing emails
AdWords phishing email is one that is made to look as though it
has been sent to you by Google. Typically it will invite you to
log in to your AdWords account in order to update your credit
card details by clicking a link that again looks as though it
is genuine and will take you to Google's
However, these emails are often HTML emails
which means that a link may look like one thing yet be
something else. For example, this link http://www.commercialppc.com looks
as though it will take you to this site but in fact will
take you to acompletely different web
So the appearance of the link can give you a
false sense of security which is compounded by the appearance
of the landing page itself which is designed to look exactly
like Google's own AdWords log in page. This is not at all
difficult to do - you can just copy and paste the HTML source
code in Google's own page and place it on your own server and
then copy across the images as appropriate.
So you click what looks like a genuine Google
link and land on what looks like a genuine Google page where
you can enter your log in details.
Do that and you have given a complete stranger
total access to your account. Continue the process and provide
updated credit card details and you've given them away too.
So how do you spot an
AdWords phishing email?
At the moment one of the easy ways is to look
at the source code of the email. Within Outlook you can do this
by right clicking the email and viewing the source code. You
can then use Ctrl-F to search this code and what you want to do
is search for the characters "http". This will find all links
in the email.
Then you need to look at those links carefully
because in many cases they are disguised to look genuine.
Here's an example:http://adwords.google.com.session-6222514947603779047134.22642255061578455432104134.sys68.ru
Note how the first part looks genuine.
But the full URL actually ends in
sys68.ru. All the intervening data is designed
to confuse and look official.
So the domain name is in fact sys68.ru which
probably has absolutely nothing to do with Google at all and
looks highly suspicious.
What happens if you provide your log in
There are several risks.
It will allow the phishers to access your AdWords
account and use it. They can then quietly implant
parasite campaigns that spend your
money slowly and which may not be spotted easily in
a big account.
Or they can suddenly spend a great deal of your
money overnight. Note that this is much more likely
in an account with a large credit rating and a
history of spending a lot of money. I know of a
case where several thousands of
pounds was spent over night in one account
that was subject to unauthorised access.
Using a tool like the AdWords editor it is possible
to create substantial campaigns and upload them
quickly and then delete them later on so you could
find that a complex campaign has been installed
overnight whilst you sleep and removed again before
you get in to the office. If you display only
active campaigns in your summary page you might
miss this activity for a while and of course if you
log in infrequently you could miss it for ages.
You might be persuaded to enter your credit card
Don't forget too that if you give out your AdWords
account log in, you are in all likelihood giving
out your password and log in details to a Gmail
account, a Google Docs account and an Analytics
Something to think about!
There is a fourth risk too which is pretty
significant and for security reasons I don't want to write
about it here. However, if you have a concern about AdWords
phishing and would like to know more, just get in touch.
How to avoid
AdWords phishing scams.
Always log in to your account via the Google
log in page and not from a link. Always check the source code
of emails with links in them.
Test: would you fall for
Consider this scenario:
You get an email that looks to be from Google
about an upcoming AdWords training webinar. You
click the link for more info and it all looks genuine when you
get to the landing page. There's Google branding everywhere
You then get asked to register your interest by
providing your email address and when you do that, you receive
a confirmation email from Google (or so it appears) asking you
to log in to your account to complete the registration process
by clicking a link that takes you, apparently, to the Google
log in page.
But it could all be bogus.
So you always need to be very alert to the
risks and never provide your account details unless you are
absolutely certain that you are on one of Google's own
Clearly these risks also apply to other
advertising systems but because of Google's strong market
position there seem to be many more phishing attempts using
AdWords than other systems. Google is actively working to
reduce phishing fraud. You can find out more
Intellectual Property in your AdWords account
Click Fraud and IP Exclusion