14 DAY TRIAL // Security researchers warn that fake Google AdWords and Yahoo! Marketing Solutions customer support e-mails messages are in circulation. The e-mails contain URLs that direct users to fake authentication pages in an attempt to steal login information.
Alex Eckelberry, CEO of Sunbelt Software, warns that Google AdWords phishers have launched a new attack after being rather inactive lately. The fake e-mails spoof the “From:” field to appear as [email protected], and have “Google Adwords Account Verification Email” as subject. The message informs AdWords customers that they need to confirm their contact details and provide an adwords.google.com URL.
The links actually point to fake pages hosted on various .be and .eu domains. Mr. Eckelberry notes that this is a new element, Google AdWords phishers mainly using .cn domain names in the past. The rogue pages display a form, which asks for e-mail and password, as well as other information such as full name, company name, country, or phone number. The security researcher points out that all the domains are using a fast-flux domain name service.
The Sunbelt CEO also reports a similar attack targeting Yahoo! Marketing Solutions. “Account 'Yahoo! Inc' [2233234322] has stopped displaying ads at this time because the account balance has reached zero,” the phishing e-mails falsely claim. In order to find out more details about this warning, the users are instructed to log in into their accounts and access the Alerts panel. The provided URL to the Yahoo! login page actually points to a rogue Web page hosted on another domain.
The message also warns that failure to take action will result in the user's account being deactivated, and, in order to look more believable, it provides instructions on how to contact the Yahoo! Customer Support, again providing a fake URL. Judging by the text, it is very likely that the attackers have used a modified legit Yahoo! message, or at least parts of one, to create their own.
Recent account phishing campaigns have targeted the users of other Google services, such as Google Calendar, or the users of social networking networks such as Twitter or hi5. A particularly interesting recent phishing campaign targeted domain account credentials on Network Solutions and eNom and led to the hijacking of CheckFree's domain names, which affected over 150,000 users.