Heads up: Adwords spam "please update your billing info"

Forum Moderators: buckworks & skibum

Message Too Old, No Replies

Heads up: Adwords spam "please update your billing info"

wheelie34

3:31 pm on Mar 21, 2008 (gmt 0)

Similar to the paypal type of spam "update your details" first one I've seen and found no mention on WW, link points to China

Habtom

9:05 am on Mar 30, 2008 (gmt 0)

Maybe they are reading this? Phew, the rage I have for spammers...if I caught one in person I hope someone would hold me back because road rage has nothing on spammer/scammer rage

LOL

potentialgeek

2:59 pm on Mar 30, 2008 (gmt 0)

One reason it can look legit is it asks to update your account billing info, and if you go into your Google panel to change or update, it has blank fields... They look as if they need to be updated.

> it looks EXACTLY like a Google mail. But, rollover the link and sure enough it goes to some .cn domain. Be careful, people!

I got three. But none of them show .cn on the rollover. When I click on them, it doesn't go to a .cn URL; it goes to google.com.

One of the emails shows a yahoo.com return address. One of the servers is listed as in Romania.

It looks kind of weird with three emails all from "Google" for the same purpose, but each one with a different subject line.

Update Your Billing Information

Please Re-activate your account

Please Update Your Billing Information

They had these URLs:

[adwords.google.com...]

Did they forget to change them to .cn? Or are they mixing legit links in with forgeries, hoping they'll get lucky with one of them?

p/g

instand1

7:53 am on Mar 31, 2008 (gmt 0)

in the phishing-email I got,
they showed the links to google,
but the link actually went to a .cn site.
(it looked like a text-only email, but it was an html-email were you can hide the real site linked to.

garystarling

2:12 pm on Apr 4, 2008 (gmt 0)

Just got this as a heads up

"Dear AdWords Customer,

As part of our ongoing efforts to improve the Google AdWords programme for advertisers and users,
we have updated our Terms and Conditions.

Please review the new Terms and Conditions below, then indicate your acceptance.

Yes, I accept the Terms and Conditions.
[link removed - .cn address]
-----------------------------------------------------------------------------

This message was sent from a notification-only email address that does
not accept incoming email. Please do not reply to this message. "

cmendla

4:34 pm on Apr 4, 2008 (gmt 0)

Potentialgeek

They had these URLs:
[adwords.google.com...]
[adwords.google.com...]
[adwords.google.com...]
Did they forget to change them to .cn? Or are they mixing legit links in with forgeries, hoping they'll get lucky with one of them?

If I understand your question correctly, do a view source on the email and look at the anchor text for the links. The displayed text is not the same as the actual address for the link.

It seems that google sends messages as plain text where the link you see is the link you get but the phishing emails are in html.

If you are using outlook, just right-click in the body of the message to get the 'view source' option.

doctor gerlis

4:53 pm on Apr 4, 2008 (gmt 0)

I also received today the new phishing "change in terms and conditions" email outlined above, but did anyone get an email purporting to come from google saying that new UK trademark disputes will be handled in future the same way as in the US? Is this spam or phishing or real?

This 36 message thread spans 2 pages: 36