Today in my in box there is a phishing email which is TRULY a work of art. It’s good and thank goodness the email box this landed in is not the one associated with my Adwords account or I might have been fooled. It’s THAT good! It appears to be a plain text email which reads:
We were unable to process your payment.
Your ads will be suspended soon unless we can process your payment.
To prevent your ads from being suspended, please update your payment information.
Please sign into your account at http://adwords.google.com/select/login,
and update your payment information.
Thank you for advertising with Google AdWords. We look forward to
providing you with the most effective advertising available.
The Google AdWords Team
This message was sent from a notification-only email address that does
not accept incoming email. Please do not reply to this message.
I’ve removed the link from the text above because while the link SAYS it’s going one place, it’s really going another. This is a common phishing trick. Just because the text DISPLAYED says a link is going one place, doesn’t necessarily mean that the link is ACTUALLY going there.
Often, in lower quality phishing attempts, the actual URL is an IP address. However, in this case the actual destination is VERY similar to the stated one. Even if you LOOK at the coding, it’s not obvious that this is a phishing email. Everything looks legit even in the url except for this tiny little addition of a jumble of 9 characters embedded within the legitimate code.
At first glance, the displayed URL is ALMOST exactly the same as the URL where this link will take you. In this case, close is the difference between giving your credit card information to a legitimate site and turning over your credit card information to a thief.
I didn’t follow the link, but I’m sure that it looks EXACTLY like the login page for your google account… because these crooks are smooth criminals!
As a general rule, don’t EVER click on a link inside an email… EVER! If paypal, google or anyone else who has access to your money and/or passwords wants to get in touch with you… go to their website DIRECTLY!
Don’t EVER follow a link embedded in an email.
Go to http://www. [insert domain name here] . com and sign in there.
If the URL is long, then copy the words from your email and paste the DISPLAYED URL into your browser’s address bar. In this case, doing that it takes you to the REAL Google site instead of the phishing site.