Barracuda Networks Detects Surge in Google Adwords Phishing Emails
November 2008 by
Barracuda Networks Inc. announced it has seen a marked increase in the number of phishing emails designed to look like Google AdWords Alert emails to subscribers. The URL contained in the email appears to be the legitimate link to the Google AdWords account Web page, adwords.google.com. However, when clicked, the recipient is redirected to a Web site hosted in China that is designed to look like the Google AdWords account home page.
“Once again, the social engineering technique used in this campaign is quite sophisticated,” said Stephen Pao, vice president of product management for Barracuda Networks. “The scammers are leveraging the Google brand in the hopes that recipients will trust the sender.”
Once on the fake Google AdWords account Web site, users are directed to provide their Google username and password, as well as prompted to update their account information including credit card number in order to avoid having their account suspended. Unsuspecting users who provide this information run the risk of fraudulent charges to their credit card as well as possibly to their legitimate Google account.
As of late this afternoon, Barracuda Central was tracking thousands of these messages sent to Barracuda Spam Firewall customers and the campaign appears to be increasing in magnitude. The Barracuda Spam Firewall utilizes a powerful combination of reputation and content scanning techniques to detect and block phishing email.
However, as the holidays approach, Barracuda Networks warns consumers to be extra vigilant in responding to unsolicited email including Web links that request account information or credit card numbers. In November 2007, Barracuda Networks saw the number of phishing Web sites and subsequent emails increase 10-fold on Thanksgiving in the run up to the holiday weekend. Barracuda Central researchers warn that the amount of phishing emails leading up to and through this holiday weekend may be even greater given the continued sophistication of attacks seen in the past 12 months.
“While not necessarily aimed at the average consumer, in a larger sense, this Google AdWords phishing campaign signifies that scammers are gearing up for the holiday shopping days ahead and consumers should be extra cautious when providing sensitive credit card, username or other account information online,” said Pao.