This isn’t new, but new to me. I got my first phishing email that purported to be from Google AdWords. It came to one of my accounts at a US non-profit I am involved with, so I didn’t even need to think if it was genuine.
Subject: Submit your payment information
Dear Google Adwords Customer,
Your ads have stopped running because we were unable to process your billing information. To activate your account and start running your ads, enter your billing information.
In order to activate your account and start running your ads, enter your billing information. Please sign into your account at http://adwords.google.com/select/login, and update your billing information.
Once your account is reactivated and your billing information has been processed, any your ads and campaigns can begin running immediately on Google.
This message was sent from a notification-only email address that does not accept incoming email. Please do not reply to this message.
Google Adwords Team
The real URL beneath the one in the email points to www.adwords.google.com.3ppi3o.cn/select/Login – even when you hover on the link, your eyes will notice the left part of the URL (shown in green), but the domain name is further to the right (shown in red). It hosts a realistic copy of the AdWords login page, but Firefox knows it is a phishing site and blocks it. So does Internet Explorer 8.
The email was apparently sent via a Yahoo account from 188.8.131.52, which is allocated to Brazil. I didn’t bother to investigate if it was spoofed, sent via an open proxy or whatever. If you get one of these, don’t get caught out.