Beware the Google Adsense “Account Disabled” Phishing Scam

Phishing attempt hits Google Adsense account holders.

With all of the talk about Adsense users finding their accounts disabled lately, users should be aware of a phishing scam playing on Adsense clients’ greatest fear: losing their account.

Today I received an email purporting to be from Google telling me my account was disabled. And frankly, it’s the closest I’ve ever come to falling for a phishing attempt. That’s partly do to circumstance and partly because the scam is fairly well done.

On the circumstance side, I had an unusually high number of clicks on one of my sites yesterday. It seemed to good to be true, so I was afraid something was amiss.

On the scam side, the phishers appear to have copied an actual email Google uses to inform users their accounts have been disabled. Or at least something very close. There’s no broken English. Here’s what it says:


While going through our records recently, we found that your AdSense
account has posed a significant risk to our AdWords advertisers. Since
keeping your account in our publisher network may financially damage our
advertisers in the future, we’ve decided to disable your account.

Please understand that we consider this a necessary step to protect the
interests of both our advertisers and our other AdSense publishers. We
realize the inconvenience this may cause you, and we thank you in advance
for your understanding and cooperation.

If you have any questions about your account or the actions we’ve taken,
please do not reply to this email. You can find more information by


The Google AdSense Team

The email came from, which apparently is a real Google email address that it uses to contact customers, at least according to a couple blog posts. (Surprisingly, Gmail didn’t warn me that the email was actually sent from someone other than the return address like it usually does. But it did put the message in my spam folder.)

But there are a few problems with the email. First, there’s no email address in the ‘to’ line. Second, it just addresses me as “hello”, rather than a name.

And finally — here’s where the phishing takes place — there’s an attachment to the email called Invalid Clicks Appeal.html. Well, that file actually opens up a URL at instead of Google’s web site.

It makes me think that some people who have been reporting that their Adsense accounts were shut down are actually falling victim to a phishing attempt.

Be alert!


  1. says

    I received the exact message. I don’t have an AdSense account so that was a big clue this was phishing.

    Full header on the email message looks like this:

    From Google Adsense Thu Oct 15 13:17:12 2009
    X-Apparently-To: MY.EMAIL.ADDRESS.DELETED via; Thu, 15 Oct 2009 13:17:12 -0700
    X-YMailISG: dMPa1yIWLDtzH9oPi5b50O4mg5gCOvT_V4aZgV1C7ESokBsINyVCod19.SSOZSrW2GOBIUFqPZ3Xa2lHUOx5eyLztsx9HpH49k9Ytz43FKAEtAPHZS5UQZKPhh_eSYXcirXVc7AVt8khOum34kiTqOh7.kYmp2SZYgAfcw92NesLuViY_YRAOD8ZrudYSiDVdjXMyFQ6yv2A03D9bpz5.Vdb9rIhXcnVjHnphUZNXFDY00WN07ls9OlTpjLwZCQIBHD3f1qZ_x79_mztGX5rQc39ANnpiHVLuIUo.GmIYV.C.oQBrzkmeAh1o.sAIph53ncz_p8N2s2.KI6wcQRfi56Brvzbpy4hKG1bGSFIqprPt0SaSRigAvYaj14-
    X-Originating-IP: []
    Authentication-Results:; domainkeys=neutral (no sig);; dkim=neutral (no sig)
    Received: from (EHLO (
    by with SMTP; Thu, 15 Oct 2009 13:17:12 -0700
    X-Header-Overseas: Mail.from.Overseas.source.
    X-Originating-IP: []
    Received: from ( [])
    by (8.13.8 inb ipv6 jeff0203/8.13.8) with ESMTP id n9FKHB6f019560
    for ; Thu, 15 Oct 2009 15:17:11 -0500
    Received: from User ( [])
    by (Postfix) with ESMTP id EFA036DE566;
    Thu, 15 Oct 2009 21:17:08 +0100 (BST)
    From: “Google Adsense”
    Subject: Google Adsense Account Disabled
    Date: Thu, 15 Oct 2009 22.17.21 +0200
    MIME-Version: 1.0
    Content-Type: multipart/mixed;
    X-Priority: 3
    X-MSMail-Priority: Normal
    X-Mailer: Microsoft Outlook Express 6.00.2600.0000
    X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
    To: undisclosed-recipients:;
    Content-Length: 1569

  2. says

    Hi Domain Name Wire,

    I’m Google ad sense publisher….i do receive the same e-mail, but when i try to sign in to google adsense….it shows my account has been disable…is this some kind of Phishing attack as well…please advice me on next step


  3. says

    Though this this article is 4 years back, I would like to update this. I just received an email like this from entitled ( Google AdSense Access Verification for bloggerDOTcom )and without mentioning my name . When I googled the no reply@google, I stumble your site and read this post. So this is the style of the scammers to hold your profit in Adsense. Should I report this message to Google?

Leave a Reply