Beware the Google Adsense “Account Disabled” Phishing Scam
Thursday, October 15th, 2009
Phishing attempt hits Google Adsense account holders.
With all of the talk about Adsense users finding their accounts disabled lately, users should be aware of a phishing scam playing on Adsense clients’ greatest fear: losing their account.
Today I received an email purporting to be from Google telling me my account was disabled. And frankly, it’s the closest I’ve ever come to falling for a phishing attempt. That’s partly do to circumstance and partly because the scam is fairly well done.
On the circumstance side, I had an unusually high number of clicks on one of my sites yesterday. It seemed to good to be true, so I was afraid something was amiss.
On the scam side, the phishers appear to have copied an actual email Google uses to inform users their accounts have been disabled. Or at least something very close. There’s no broken English. Here’s what it says:
While going through our records recently, we found that your AdSense
account has posed a significant risk to our AdWords advertisers. Since
keeping your account in our publisher network may financially damage our
advertisers in the future, we’ve decided to disable your account.
Please understand that we consider this a necessary step to protect the
interests of both our advertisers and our other AdSense publishers. We
realize the inconvenience this may cause you, and we thank you in advance
for your understanding and cooperation.
If you have any questions about your account or the actions we’ve taken,
please do not reply to this email. You can find more information by
The Google AdSense Team
The email came from firstname.lastname@example.org, which apparently is a real Google email address that it uses to contact customers, at least according to a couple blog posts. (Surprisingly, Gmail didn’t warn me that the email was actually sent from someone other than the return address like it usually does. But it did put the message in my spam folder.)
But there are a few problems with the email. First, there’s no email address in the ‘to’ line. Second, it just addresses me as “hello”, rather than a name.
And finally — here’s where the phishing takes place — there’s an attachment to the email called Invalid Clicks Appeal.html. Well, that file actually opens up a URL at 110MB.com instead of Google’s web site.
It makes me think that some people who have been reporting that their Adsense accounts were shut down are actually falling victim to a phishing attempt.