Phishing attempt hits Google Adsense account holders.
With all of the talk about Adsense users finding their accounts disabled lately, users should be aware of a phishing scam playing on Adsense clients’ greatest fear: losing their account.
Today I received an email purporting to be from Google telling me my account was disabled. And frankly, it’s the closest I’ve ever come to falling for a phishing attempt. That’s partly do to circumstance and partly because the scam is fairly well done.
On the circumstance side, I had an unusually high number of clicks on one of my sites yesterday. It seemed to good to be true, so I was afraid something was amiss.
On the scam side, the phishers appear to have copied an actual email Google uses to inform users their accounts have been disabled. Or at least something very close. There’s no broken English. Here’s what it says:
Hello,
While going through our records recently, we found that your AdSense
account has posed a significant risk to our AdWords advertisers. Since
keeping your account in our publisher network may financially damage our
advertisers in the future, we’ve decided to disable your account.Please understand that we consider this a necessary step to protect the
interests of both our advertisers and our other AdSense publishers. We
realize the inconvenience this may cause you, and we thank you in advance
for your understanding and cooperation.If you have any questions about your account or the actions we’ve taken,
please do not reply to this email. You can find more information by
visiting
https://www.google.com/adsense/support/bin/answer.py?answer=57153.Sincerely,
The Google AdSense Team
The email came from [email protected], which apparently is a real Google email address that it uses to contact customers, at least according to a couple blog posts. (Surprisingly, Gmail didn’t warn me that the email was actually sent from someone other than the return address like it usually does. But it did put the message in my spam folder.)
But there are a few problems with the email. First, there’s no email address in the ‘to’ line. Second, it just addresses me as “hello”, rather than a name.
And finally — here’s where the phishing takes place — there’s an attachment to the email called Invalid Clicks Appeal.html. Well, that file actually opens up a URL at 110MB.com instead of Google’s web site.
It makes me think that some people who have been reporting that their Adsense accounts were shut down are actually falling victim to a phishing attempt.
Be alert!
I received the exact message. I don’t have an AdSense account so that was a big clue this was phishing.
Full header on the email message looks like this:
From Google Adsense Thu Oct 15 13:17:12 2009
X-Apparently-To: MY.EMAIL.ADDRESS.DELETED via 68.142.199.105; Thu, 15 Oct 2009 13:17:12 -0700
Return-Path:
X-YMailISG: dMPa1yIWLDtzH9oPi5b50O4mg5gCOvT_V4aZgV1C7ESokBsINyVCod19.SSOZSrW2GOBIUFqPZ3Xa2lHUOx5eyLztsx9HpH49k9Ytz43FKAEtAPHZS5UQZKPhh_eSYXcirXVc7AVt8khOum34kiTqOh7.kYmp2SZYgAfcw92NesLuViY_YRAOD8ZrudYSiDVdjXMyFQ6yv2A03D9bpz5.Vdb9rIhXcnVjHnphUZNXFDY00WN07ls9OlTpjLwZCQIBHD3f1qZ_x79_mztGX5rQc39ANnpiHVLuIUo.GmIYV.C.oQBrzkmeAh1o.sAIph53ncz_p8N2s2.KI6wcQRfi56Brvzbpy4hKG1bGSFIqprPt0SaSRigAvYaj14-
X-Originating-IP: [193.84.0.81]
Authentication-Results: mta145.sbc.mail.mud.yahoo.com from=google.com; domainkeys=neutral (no sig); from=google.com; dkim=neutral (no sig)
Received: from 207.115.36.151 (EHLO nlpi137.prodigy.net) (207.115.36.151)
by mta145.sbc.mail.mud.yahoo.com with SMTP; Thu, 15 Oct 2009 13:17:12 -0700
X-Header-Overseas: Mail.from.Overseas.source.193.84.0.81
X-Originating-IP: [193.84.0.81]
Received: from ms01.soliduk.net (ms01.soliduk.net [193.84.0.81])
by nlpi137.prodigy.net (8.13.8 inb ipv6 jeff0203/8.13.8) with ESMTP id n9FKHB6f019560
for ; Thu, 15 Oct 2009 15:17:11 -0500
Received: from User (166.87.broadband7.iol.cz [88.102.87.166])
by ms01.soliduk.net (Postfix) with ESMTP id EFA036DE566;
Thu, 15 Oct 2009 21:17:08 +0100 (BST)
From: “Google Adsense”
Subject: Google Adsense Account Disabled
Date: Thu, 15 Oct 2009 22.17.21 +0200
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary=”—-=_NextPart_000_008C_01C2A9A6.2ABD6B02″
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Message-Id:
To: undisclosed-recipients:;
Content-Length: 1569
Hi Domain Name Wire,
I’m Google ad sense publisher….i do receive the same e-mail, but when i try to sign in to google adsense….it shows my account has been disable…is this some kind of Phishing attack as well…please advice me on next step
Thurai
Though this this article is 4 years back, I would like to update this. I just received an email like this from entitled ( Google AdSense Access Verification for bloggerDOTcom )and without mentioning my name . When I googled the no reply@google, I stumble your site and read this post. So this is the style of the scammers to hold your profit in Adsense. Should I report this message to Google?