We reported about this Google AdWords phishing scam a long time ago, but it seems like the attackers are still struggling to find new victims since the message still reaches users' inboxes. However, new information was revealed yesterday as Loucif Kharouni of Trend Micro got one of these emails asking for the AdWords login credentials. What's interesting is that according to the threat analyst, the ones behind the attack may be based in Romania, Germany or Canada.

Just like many other phishing scams, the fake emails inform readers that in order to process the latest payment, they have to update the AdWords details. Users are then asked to click on a link which, at the first look, seems to be legitimate and pointing to the Google AdWords webpage. However, clicking on it redirects them to a fake Google AdWords page hosted in China that has multiple associated IPs, Loucif Kharouni wrote.

IP addresses based in Bucharest (Romania), Hamburg (Germany), Botosani (Romania), Ploiesti (Romania) and Canada are among the ones included in the associated IPs list.

The phishing scam aims to steal users' private details such as credit card numbers and addresses, similar to many other phishing scams spotted in the past. Visitors can pass through the main fake Google AdWords website using any username and password they want because it doesn't really conduct any sort of checking, the Trend Micro official informs.

"This information is then sent to a remote server via an SSL connection. If you are going to access [the phishing website], it will try to load some malicious encrypted javascript but it seems to have some bugs in the code," Loucif Kharouni explains.

As usual, keeping the security solutions up-to-date with the latest definitions and ignoring the suspicious emails arriving in your inbox is the easiest way to stay on the safe side and avoid dangerous scams as the one reported today.