Trend Micro’s Content Security Web Blocking Team has recently encountered attempts to phish account information of users that subscribe to Google’s advertising platform, Google AdWords. The phishing email message appears to be from Google Adwords and tells the user to log on to Adwords and update their billing information, as shown in the image below:
It instructs the user to click a link which appears to the user as a legitimate Google Adwords link, but actually leads to a malicious Web site. Account information entered by the unknowing user on the malicious Web site is then sent to an unauthorized user.
Such technique may trick to most users, making them think the URL shown in the message will connect them to the legitimate Web site. Furthermore, Google is generally known for its sparse, clean email and Web site interfaces so this simple-looking email message can be quite convincing. Users are advised to report it here if they receive a message similar to the one above.