Welcome to WebmasterWorld Guest from 54.221.49.52

Forum Moderators: buckworks & eWhisper & skibum

Message Too Old, No Replies

Heads up: Adwords spam "please update your billing info"

     

wheelie34

3:31 pm on Mar 21, 2008 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



Similar to the paypal type of spam "update your details" first one I've seen and found no mention on WW, link points to China

smallcompany

5:01 pm on Mar 21, 2008 (gmt 0)

WebmasterWorld Senior Member 5+ Year Member



Got two emails today - first time. Pointing to .cn site.

AdWordsAdvisor

5:42 pm on Mar 21, 2008 (gmt 0)

WebmasterWorld Senior Member adwordsadvisor is a WebmasterWorld Top Contributor of All Time 10+ Year Member



In this case - or any other similar case - if you see what you suspect to be phishing email intended to look as if it came from Google AdWords, I hope you will take a few minutes to send all the pertinent details to the AdWords support team.

Thanks in advance!

AWA

wheelie34

6:06 pm on Mar 21, 2008 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



AdWordsAdvisor I am not an active adwords user, can you sticky me the email address and I will forward it on

AdWordsAdvisor

11:35 pm on Mar 21, 2008 (gmt 0)

WebmasterWorld Senior Member adwordsadvisor is a WebmasterWorld Top Contributor of All Time 10+ Year Member



AdWordsAdvisor I am not an active adwords user, can you sticky me the email address and I will forward it on

Excellent - thank you, wheelie34.

If you do not have an AdWords account, please use the link below (which may also found at the bottom of each page in the AdWords Help Center in case you ever need it again) and select the 'other' radio button.

[adwords.google.com...]

AWA

doctor gerlis

12:55 pm on Mar 23, 2008 (gmt 0)

5+ Year Member



I received one of these and forwarded it to spam@google.com

WiseWebDude

3:32 pm on Mar 24, 2008 (gmt 0)

5+ Year Member



I got the same e-mail last night. Of course, I didn't click on the link, but did go directly to Adwords to see if it was right out of curiosity and it was still right. So, I just deleted it and said to myself...yet another paypal type of phishing attempt. Sigh.

WiseWebDude

1:27 pm on Mar 26, 2008 (gmt 0)

5+ Year Member



I just got ANOTHER one last night. Sheesh, and they can't even spell right in the subject line, LOL. Other than that is looks EXACTLY like a Google mail. But, rollover the link and sure enough it goes to some .cn domain. Be careful, people!

Crush

6:28 pm on Mar 26, 2008 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



Yes nasty. I got one on a yahoo mail

jtara

6:54 pm on Mar 26, 2008 (gmt 0)

WebmasterWorld Senior Member jtara is a WebmasterWorld Top Contributor of All Time 5+ Year Member



I got one of these the other day. It was obviously a phishing attempt, so I ignored it and forgot about it until just now.

I did wonder, though: where did they get the email addresses?

Rehan

7:29 pm on Mar 26, 2008 (gmt 0)

5+ Year Member



I did wonder, though: where did they get the email addresses?

I've received a couple of emails at addresses that are not associated with my AdWords account, and no email to the actual address I use for AdWords. So it's not as if they somehow got a list of AdWords users' email addresses. They probably bought a general list of email addresses from the same source as other spammers and fraudsters.

jtara

8:54 pm on Mar 26, 2008 (gmt 0)

WebmasterWorld Senior Member jtara is a WebmasterWorld Top Contributor of All Time 5+ Year Member



So it's not as if they somehow got a list of AdWords users' email addresses.

The one I got was to my Adwords email address. It's an address that I use only for that purpose.

It wasn't about updating account information though.

I know we're not supposed to post emails here. But maybe the moderators will indulge me with posting an excerpt of an email from an anonymous phisher.

Anybody else get this one?

Special Notification.

Dear Internet User, We are happy to inform you that your email address have emerged winner of
(EUR 750,000) in Europe Lottery Award.

The online cyber draws was conducted from an exclusive list of 500,000 email addresses of
individuals and corporate bodies picked by an advanced

automated random online selection from
the web. No tickets were sold.

It goes on to give contact information - a name, phone number, and email address. And, then, the punch line:

Your prize award has been insured with your email address and will be transferred to you upon meeting the requirement
of the gaming board authority which includes your statutory obligations

Your "statutory obligations" would, presumably, be pre-payment of the "taxes" on your "winnings".

Don't think anybody here would actually fall for this one...

MamaDawg

9:04 pm on Mar 26, 2008 (gmt 0)

10+ Year Member



I got 2 of them - both different .cn domains. Forwarded them both to what I thought was Google's security team, but not sure if I forwarded to the correct address(es) - I think I forwarded to abuse, spam and/or security ...

Both were sent to an address I use for very few things - and my Adwords account is not one of them.

[edited by: MamaDawg at 9:08 pm (utc) on Mar. 26, 2008]

walkman

10:35 pm on Mar 26, 2008 (gmt 0)



actually that email was pretty useful. I moved so my address was wrong in their system.

ambellina

11:02 pm on Mar 26, 2008 (gmt 0)

5+ Year Member



JTara, I got that same message from someone. I announced my good luck to my coworkers and then deleted it. :)

g1smd

11:59 pm on Mar 26, 2008 (gmt 0)

WebmasterWorld Senior Member g1smd is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



I get those every day.

This thread is about the specific adwords-account-information-targetted mail.

mktgpro

3:40 am on Mar 27, 2008 (gmt 0)

5+ Year Member



Yes, this sort of mail comes to me almost every two days. Now I delete it without opening it
mktgpro

Green_Grass

6:31 am on Mar 27, 2008 (gmt 0)

WebmasterWorld Senior Member 5+ Year Member



The AdWords spoof site was very well done. Very Realistic..must have caught a few unwary guys.

It is blocked now. Google seems to have been able to get it blocked. It now comes with a notification that it is a 'suspected web forgery'. (on firefox)

piatkow

9:16 am on Mar 27, 2008 (gmt 0)

WebmasterWorld Senior Member piatkow is a WebmasterWorld Top Contributor of All Time 5+ Year Member



I investigated adwords and decided not to proceed. From the message titles I assumed it was a genuine contact from G because the account was dormant but just let Mailwasher zap it unopened as I wasn't interested. Maybe i'll have a look at the headers if I get another.

chrisk999

10:40 am on Mar 27, 2008 (gmt 0)

10+ Year Member



I have received a number of these emails, interestingly sent to an email address *completely unique* to my SnapNames.com account. So someone has picked up my email address from their database (don't suppose everyone else has used snapnames in the past?)

(ps no - Snapnames has never been successful for me, so it's not from the WHOIS etc...)

chrisk999

2:35 pm on Mar 27, 2008 (gmt 0)

10+ Year Member



Oops - apologies to Snapnames if you read the previous message... I meant Snapfish.com in my post before (the photo service from HP).

(can't edit post above, but hopefully this clears things up)

doctor gerlis

6:22 pm on Mar 27, 2008 (gmt 0)

5+ Year Member



I am reassured that I am not the only one to receive this phish.(I have now had 5 of these). I had a much cleverer attempt a few months ago and when I posted on this forum, no-one else seemed to have received it. It did not ask for billing deatils, which is fairly obvious, but told me that an ad had been disapproved - which if you think about it is much more likely to get a response. I guess they were after login details and planned to attack the site another time. Anyone else had one of those? Anyone know what was planned by obtaining login info?

anallawalla

9:57 am on Mar 28, 2008 (gmt 0)

WebmasterWorld Administrator anallawalla is a WebmasterWorld Top Contributor of All Time 10+ Year Member



While not a phishing email, I got sucked in yesterday by a very convincing googleclassifiedsonline.com - the domain is registered to someone in Malaysia. It only asks for an email address, so I should expect more spam.

doctor gerlis

10:32 am on Mar 28, 2008 (gmt 0)

5+ Year Member



And my unused hotmail address has just had one in Spanish entitled "Verificacao de e-mail do google"

instand1

12:11 pm on Mar 28, 2008 (gmt 0)

10+ Year Member



Today I got a phishing-email from .cn Domain.
Subject-Line: Your AdWords Google Account is stoped

I passed it on to the Support-Form of Google AdWords with full details.

WiseWebDude

2:17 pm on Mar 28, 2008 (gmt 0)

5+ Year Member



Got ANOTHER one last night. It's getting ridiculous. Same thing except they fixed the spelling in the subject line, LOL. Maybe they are reading this? Phew, the rage I have for spammers...if I caught one in person I hope someone would hold me back because road rage has nothing on spammer/scammer rage, LOL.

doctor gerlis

10:48 am on Mar 29, 2008 (gmt 0)

5+ Year Member



AWA- URGENT please

My UK credit card statement usually says "Google Ltd adwordscc@google.com when money is taken off. Now it is saying "PTI Europe Region GBP cc@google.com" Has the UK/European ofice changed its billing info this way or is someone else taking money off my card? With all this phishing right now, it is a strange time to be changing billing details on credit card statements. The adwords account looks fine.

g1smd

11:22 pm on Mar 29, 2008 (gmt 0)

WebmasterWorld Senior Member g1smd is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



Search this: [google.com...]

Various people are saying these payments are variously: AOL Amazon Napster Google(Adwords) Yahoo WeightWatchers Vistaprint Ancestry and it started on 19th March.

PTI Europe are based in Twickenham, England and are nothing to do with this.

It's happening all over the UK. Initially thought to be just Abbey (bank) customers but actually hitting lots of other banks.

Have also seen suggestions you do a search for Infostealer.Bancos which is high risk too.

g1smd

11:43 pm on Mar 29, 2008 (gmt 0)

WebmasterWorld Senior Member g1smd is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



Several sites report that this is to do with companies that use J P Morgan as payment processor. Others are saying the problem seems to be with a company called 2Checkout.com in Columbus, Ohio.

Also:

During the period of March 19 – March 25, European customers’ credit card statements may have indicated a transaction from an unknown merchant, “PTI Europe” or “PTI Europe Region”. This notation is a technical coding error from the credit card payment processor for our company. This error will be reversed and corrected with the proper Merchant information on their statements on or before April 1.

doctor gerlis

8:30 am on Mar 30, 2008 (gmt 0)

5+ Year Member



Thanks all this make sense- bad timing though. I have had a credit now from PTI Europe, but no new debit.
This 36 message thread spans 2 pages: 36
 

Featured Threads

Hot Threads This Week

Hot Threads This Month