Heads up!

Several of our clients have reported receiving this phishing email today:

From: Google Adwords-noreply [mailto:adwords-noreply@google.com]
Sent: Saturday, March 22, 2008 9:40 AM
To: XXXXXXXXXXXX
Subject: [Released by Allow List] Please Update Your Billing Information
————————
Dear Google AdWords Customer!

In order to update your billing information, please sign in to your AdWords account at https://adwords.google.com , and update your billing information. Your account will be reactivated as soon as you have entered your payment details. Your ads will show immediately if you decide to pay for clicks via credit or debit card. If you decide to pay by direct debit, we may need to receive your signed debit authorization before your ads start running, depending on our location. If you choose bank transfer, your ads will show as soon as we receive your first payment. (Payment options vary by location.)

Thank you for choosing AdWords. We look forward to providing you with the most effective advertising available.

Sincerely,

The Google AdWords Team
————————
This message was sent from a notification-only email address that does not accept incoming email. Please do not reply to this message. If you have any questions after following the steps above, please visit the Google AdWords Help Center at https://adwords.google.com/support/bin/topic.py?topic=8336>
————————

The actual destination login URL hidden under the display URL: http://adwords.google.com.fr4ck.cn/select/Login

Clearly, this isn’t from Google.

It is phishing attack designed to steal your billing information. Beware!

Here’s Google’s response to our team asking about this:

From: XXXXX [mailto:XXXXXXXXX@google.com]
Sent: Monday, March 24, 2008 3:16 PM
To: XXXXXXXXXXXXX
Subject: Re: [#255928689] [Released by Allow List] Please Update Your Billing Information

Hi XXXXXXXX,

This appears to be a ’spoofing’ email sent to some AdWords advertisers recently. ‘Spoofing’ refers to the act of fraudulently altering certain properties of an email to make it appear as though it originated from a legitimate source. The email can then lead to a deceptive website which collects sensitive personal information. In this case, the email may have appeared to be from Google AdWords, asking for your account login information. Please do not respond to these emails.

Google is not responsible for nor are we able to monitor the actions of other parties. However, we are very committed to ensuring the safety and security of our users and our advertisers, and we take issues of fraud seriously. Moreover, we’ve dedicated a number of resources towards preventative measures, such as the Google Safe Browsing extension for Firefox. You can find more information about this feature at http://www.google.com/tools/firefox/safebrowsing/.

Here are some steps you can take to ensure the security of your account:

* Be wary of unsolicited messages. Google will never send unsolicited messages asking for your password or other sensitive information. If you need to change your account information, such as your billing details or your password, always sign into your AdWords account from https://adwords.google.com and make the changes directly within your account.

* Check the message headers. The ‘From:’ address and the ‘Return-path’ should reference the same source.

* Make sure the URL is legitimate. The AdWords homepage URL will always be https://adwords.google.com.

* Change your Google Account password frequently. To learn how, visit https://adwords.google.com/support/bin/answer.py?answer=24828.

* Report suspicious messages to adwords-charge@google.com.

* Keep your computer’s antivirus and spyware protections up to date and regularly run system scans.

If you believe your Google AdWords account may have been compromised, please let us know so that we can initiate an investigation.

Best,

XXXXXXXXXX

——————
XXXXXX
Account Associate
National Agency Team