Domain Name Wire

Domain Name Wire

  • Beware the Google Adsense “Account Disabled” Phishing Scam

    1. BY - Oct 15, 2009
    2. Domain Services
    3. 9 Comments

    Phishing attempt hits Google Adsense account holders.

    With all of the talk about Adsense users finding their accounts disabled lately, users should be aware of a phishing scam playing on Adsense clients’ greatest fear: losing their account.

    Today I received an email purporting to be from Google telling me my account was disabled. And frankly, it’s the closest I’ve ever come to falling for a phishing attempt. That’s partly do to circumstance and partly because the scam is fairly well done.

    On the circumstance side, I had an unusually high number of clicks on one of my sites yesterday. It seemed to good to be true, so I was afraid something was amiss.

    On the scam side, the phishers appear to have copied an actual email Google uses to inform users their accounts have been disabled. Or at least something very close. There’s no broken English. Here’s what it says:

    Hello,

    While going through our records recently, we found that your AdSense
    account has posed a significant risk to our AdWords advertisers. Since
    keeping your account in our publisher network may financially damage our
    advertisers in the future, we’ve decided to disable your account.

    Please understand that we consider this a necessary step to protect the
    interests of both our advertisers and our other AdSense publishers. We
    realize the inconvenience this may cause you, and we thank you in advance
    for your understanding and cooperation.

    If you have any questions about your account or the actions we’ve taken,
    please do not reply to this email. You can find more information by
    visiting

    https://www.google.com/adsense/support/bin/answer.py?answer=57153.

    Sincerely,

    The Google AdSense Team

    The email came from adsense-adclicks-noreply@google.com, which apparently is a real Google email address that it uses to contact customers, at least according to a couple blog posts. (Surprisingly, Gmail didn’t warn me that the email was actually sent from someone other than the return address like it usually does. But it did put the message in my spam folder.)

    But there are a few problems with the email. First, there’s no email address in the ‘to’ line. Second, it just addresses me as “hello”, rather than a name.

    And finally — here’s where the phishing takes place — there’s an attachment to the email called Invalid Clicks Appeal.html. Well, that file actually opens up a URL at 110MB.com instead of Google’s web site.

    It makes me think that some people who have been reporting that their Adsense accounts were shut down are actually falling victim to a phishing attempt.

    Be alert!

9 Comments
  • Beware the Google Adsense ?Account Disabled? Phishing Scam – http://tinyurl.com/ylesqyd

  • I received the exact message. I don’t have an AdSense account so that was a big clue this was phishing.

    Full header on the email message looks like this:

    From Google Adsense Thu Oct 15 13:17:12 2009
    X-Apparently-To: MY.EMAIL.ADDRESS.DELETED via 68.142.199.105; Thu, 15 Oct 2009 13:17:12 -0700
    Return-Path:
    X-YMailISG: dMPa1yIWLDtzH9oPi5b50O4mg5gCOvT_V4aZgV1C7ESokBsINyVCod19.SSOZSrW2GOBIUFqPZ3Xa2lHUOx5eyLztsx9HpH49k9Ytz43FKAEtAPHZS5UQZKPhh_eSYXcirXVc7AVt8khOum34kiTqOh7.kYmp2SZYgAfcw92NesLuViY_YRAOD8ZrudYSiDVdjXMyFQ6yv2A03D9bpz5.Vdb9rIhXcnVjHnphUZNXFDY00WN07ls9OlTpjLwZCQIBHD3f1qZ_x79_mztGX5rQc39ANnpiHVLuIUo.GmIYV.C.oQBrzkmeAh1o.sAIph53ncz_p8N2s2.KI6wcQRfi56Brvzbpy4hKG1bGSFIqprPt0SaSRigAvYaj14-
    X-Originating-IP: [193.84.0.81]
    Authentication-Results: mta145.sbc.mail.mud.yahoo.com from=google.com; domainkeys=neutral (no sig); from=google.com; dkim=neutral (no sig)
    Received: from 207.115.36.151 (EHLO nlpi137.prodigy.net) (207.115.36.151)
    by mta145.sbc.mail.mud.yahoo.com with SMTP; Thu, 15 Oct 2009 13:17:12 -0700
    X-Header-Overseas: Mail.from.Overseas.source.193.84.0.81
    X-Originating-IP: [193.84.0.81]
    Received: from ms01.soliduk.net (ms01.soliduk.net [193.84.0.81])
    by nlpi137.prodigy.net (8.13.8 inb ipv6 jeff0203/8.13.8) with ESMTP id n9FKHB6f019560
    for ; Thu, 15 Oct 2009 15:17:11 -0500
    Received: from User (166.87.broadband7.iol.cz [88.102.87.166])
    by ms01.soliduk.net (Postfix) with ESMTP id EFA036DE566;
    Thu, 15 Oct 2009 21:17:08 +0100 (BST)
    From: “Google Adsense”
    Subject: Google Adsense Account Disabled
    Date: Thu, 15 Oct 2009 22.17.21 +0200
    MIME-Version: 1.0
    Content-Type: multipart/mixed;
    boundary=”—-=_NextPart_000_008C_01C2A9A6.2ABD6B02″
    X-Priority: 3
    X-MSMail-Priority: Normal
    X-Mailer: Microsoft Outlook Express 6.00.2600.0000
    X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
    Message-Id:
    To: undisclosed-recipients:;
    Content-Length: 1569

  • […] Domain Name Wire » News » Beware the Google Adsense “Account … […]

  • […] un sistema per ospitare pubblicità sul proprio sito o blog ed ottenere piccole o grandi entrate. Domainnamewire segnala un caso di phishing collegato proprio a Google AdSense. Sebbene l’email in inglese […]

  • […] Beware the Google Adsense "Account Disabled" Phishing Scam, Domain Name Wire […]

  • Stinky Hackers: Beware the Google Adsense "Account Disabled" Phishing Scam, Domain Name Wire http://tinyurl.com/ylesqyd

  • Hi Domain Name Wire,

    I’m Google ad sense publisher….i do receive the same e-mail, but when i try to sign in to google adsense….it shows my account has been disable…is this some kind of Phishing attack as well…please advice me on next step

    Thurai

  • Though this this article is 4 years back, I would like to update this. I just received an email like this from entitled ( Google AdSense Access Verification for bloggerDOTcom )and without mentioning my name . When I googled the no reply@google, I stumble your site and read this post. So this is the style of the scammers to hold your profit in Adsense. Should I report this message to Google?

Leave a Reply