Members
  • Total Members: 14197
  • Latest: Levine
Stats
  • Total Posts: 43431
  • Total Topics: 16526
  • Online today: 2926
  • Online ever: 51419
  • (01. January 2010., 10:27:49)
Users Online
Users: 1
Guests: 2918
Total: 2919









Author Topic: Phishers Mimic Google Adwords  (Read 3030 times)

0 Members and 1 Guest are viewing this topic.

Samker

  • SCF Administrator
  • *****
  • Posts: 7529
  • KARMA: 322
  • Gender: Male
  • Whatever doesn't kill us makes us stronger.
    • SCforum.info - Samker's Computer Forum
Phishers Mimic Google Adwords
« on: 04. May 2008., 08:02:45 »


Google Adwords account holders are being targeted by criminals out to trick them into handing over credit card information using a clever URL spoof that has gained popularity in recent weeks.

On the face of it, the scam follows a traditional attack route involving the sending of spam e-mail to random Internet addresses in the hope of finding users who have purchased Adwords. The e-mail claims that the user's account payment has failed and asks them to "update payment information", again a transparent ploy by today's standards.

As obvious as this might sound, the unwary might easily be tricked by the convincing http:// adwords.google.com/select/login link embedded in the e-mail, a perfect copy of the correct Google login address. This one, however, actually leads to http://www. adwords.google.com.XXXX.cn/select/Login [address altered], an obfuscated address that directs to a site associated with IPs in Germany, Romania, and the Czech Republic.

The site is a good copy of the real Google Adword site, and appears to let users login using their real account details -- any account details will work, in fact. Entering payment details results in that information being posted using an SSL link to a remote server after which the account will ripped off.

The attack has been publicized by security software company Trend Micro, but the disarmingly simple scam is widespread enough to have been received by ordinary users in recent days.

Google Adwords exploits are not uncommon, some involving serving exploits directly, others involving the much more basic social engineering techniques used in the latest attack. Indeed, the latest phishing attack bears a strong resemblance to a near-identical campaign launched a few weeks back by Chinese criminals.

As common as 'account update' attacks have become, the spoofed -- in other words, convincing -- URL is still the key to reeling in victims. Criminals seem to have realized that users are paying more attention to such details, and that phishing success bar has been raised by this.

(Copyright by PC World)

Samker's Computer Forum - SCforum.info

Phishers Mimic Google Adwords
« on: 04. May 2008., 08:02:45 »

 

With Quick-Reply you can write a post when viewing a topic without loading a new page. You can still use bulletin board code and smileys as you would in a normal post.

Name: Email:
Verification:
Type the letters shown in the picture
Listen to the letters / Request another image
Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters):www.codekids.ba:

Enter your email address to receive daily email with 'SCforum.info - Samker's Computer Forum' newest content:

Kursevi programiranja za ucenike u Sarajevu

Terms of Use | Privacy Policy | Advertising
TinyPortal 2.3.1 © 2005-2023