PPC-Advice.com

Dirty Tricks: Phishing for Google Adwords Logins

Is nothing sacred?  As an online marketer, I have little choice to disable spam filtering on my e-mail account, because more often than not, important e-mails that are filtered automatically go unanswered for weeks.  Because of this exposure, I’m extremely aware of the phishing scams that get introduced, and this latest phishing scam made me do a double take.

A phishing site in China had taken the time to craft a fully-fledged lookalike to Google Adwords communications.  I won’t say what gave them away because by pointing that kind of thing out you only tip them off to make more sophisticated versions of the same e-mail.  Let’s just say for anyone that has received authentic Google Adwords e-mails, there are several inconsistencies that are more or less obvious.  If you have a strong working relationship with your Adwords team, you’ll know who really sends important e-mails to you.

The fact that I got this e-mail several times over the course of the last week, indicates that it must be working.  The same root domain name is being used, and only the subject line has changed on those e-mails I received.

So what if the phishing scam works?

Well, that creates an interesting problem.  We already know botnets and click farming are major issues facing our pay-per-click traffic quality and potentially account for anywhere between 10-20% of paid clicks (according to Google and Yahoo), so the emergence of zombie adwords accounts could potentially exacerbate the problem.

Clearly, information is power.  I’d like to think online marketers know the ropes, and are unlikely to fall for phishing scams targeting their Adwords credentials, but if the story goes untold… well, that’s a recipe for trouble.

Buzzworthy? Bookmark to: