AdWords
4.7K members online now
4.7K members online now
Understand Google's advertising policies, including ad approval status and account suspension
Guide Me
star_border
Reply

Another weekend, new Phishing Ad for AdWords account logins - 5th case

[ Edited ]
Collaborator ✭ ✭ ✭
# 1
Collaborator ✭ ✭ ✭

Hello,

 

It seems that lately , every weekend I get to see phishing AdWords Ads for AdWords logins when I search for "adwords en forum" from location Romania, Bucharest, browser language=english.

This is the 5th case in the past 2 months.

 

This is the Click ID needed for Google security teams to block the advertiser account :

 

http://www.google.ro/aclk?sa=L&ai=CZ6wZPF-ZVbT6K6a-7QaGtruwB7Hg_fkG6Yj35bkCt-i-CAgAEAFgg6XhhegbyAEBq...

 

At the end of the Click ID we have : &adurl=http://bitly.com/1GDjoee&cad=rja

 

This time hackers use a legitimate Display URL a google domain from UK , see ad below

www.google.co.uk/Adwords

 

After clicking I get redirected here where I am being asked for my google account login , which is obviously a phishing page .

http://adword-google-com.pavalconstruction.com/Adwords/

 

How many users have been fooled by this elaborate scam since every time the display URL looks legitimate google domain ?

When will google start a security chat line open 24/7 for these security threats created with their own product, AdWords ?

 

Sir @MosheTLV , please do what you do to stop them.

 

adwords-phishing-ad-no5.png

 

 

phishing-page-asking-for-google-account-login.png

1 Expert replyverified_user
Marked as Best Answer.
Solution
Accepted by topic author Adrian B
September 2015

Re: Another weekend, new Phishing Ad for AdWords account logins - 5th

[ Edited ]
Top Contributor
# 2
Top Contributor

Thanks @Adrian B;

This is being taken care  by the appropriate team at google as I type my reply....

I will update the thread if Google discloses info about this scam.

Moshe, AdWords Top Contributor , Twitter | Linkedin | Community Profile | Ad-Globe
Did you find any helpful responses or answers to your query? If yes, please mark it as the ‘Best Answer’

Re: Another weekend, new Phishing Ad for AdWords account logins - 5th

Collaborator ✭ ✭ ✭
# 3
Collaborator ✭ ✭ ✭

As a lesson from these experiences, google should update their AdWords policy and forbid the usage of keywords which can match search terms such as "adwords login" , "google sign in" .

These keywords only make sense to a phishing attack campaign.

 

This Ad appears with different titles if I use "adwords login " , the title is "AdWords Login" and if I search "google sign in" the title of the phishing Ad is "Google AdWords Login"

 

The description line 2 does not even make sense in english "Account and manage your campaign" as "account" is not a verb.

 

adwords-login-search-term.JPG

 

google sign in.JPG

Re: Another weekend, new Phishing Ad for AdWords account logins - 5th

Collaborator ✭ ✭ ✭
# 4
Collaborator ✭ ✭ ✭

I did some more digging to investigate this case myself and it seems the advertiser has a huge budget since the AdWords Ad Preview tool shows this Ad as active for the search term "adwords login" even for :

 

1) Location = London , domain = google.co.uk

2) Location = USA , domain= google.com

 

(see screenshots below)

 

This means the Ad is targeted as a global security attack and I do not know if Google has the means to announce users if their Account data has been stolen as a result of such an AdWords phishing Ad.

 

I sincerely hope Google is prepared to respond very fast to this particular phishing AdWords Ad. I will check back in 12 hours to see if it has been stopped on monday morning.

 

I now have to train my clients to only login by typing www.adwords.com and not by searching.

 

phishing-ad-on-google.com-location-USA.JPG

 

phishing-ad-on-google.co-uk-location-london.JPG

Re: Another weekend, new Phishing Ad for AdWords account logins - 5th

Collaborator ✭ ✭ ✭
# 5
Collaborator ✭ ✭ ✭

Update : 4 hours later this AdWords phishing Ad is still on no 1 spot globally even if I reported it here where the complaint is forwarded to a "dedicated communication channel open 24/7."

Why is the reaction time so slow ? 

 

I want to bring new relevant updates , the phishing Ad is running with adapted Titles also on these high traffic search terms :

ppc

ppc management

pay per click

ppc hero

 

as seen in these screenshots

 

pay-per-click.JPG

 

 

ppc-hero.JPG

 

 

 

ppc.JPG

 

 

ppc-on-google.co.uk.JPG

 

 

Re: Another weekend, new Phishing Ad for AdWords account logins - 5th

[ Edited ]
Top Contributor
# 6
Top Contributor

@Adrian B;

As you well know, I do not work at Google, nor I was appointed as Google's "chief enforcement officer". (Furthermore, I don't have plans to apply...)

 

As I explained there is dedicated communication channel  for reporting to Google open 24/7.  I can confirm, that although it is the weekend, (further, in the USA  Independence day weekend),  due to the urgency, a Google employee,  in the relevant team, was interrupted during his weekend activities, and took over ownership of the case.

 

From this point and on, the case is in the hands of Google. Since neither of us  knows what actions are taken by Google, or the methods, tools and techniques used by Google to track the scammers, criticizing Google for the time-  it takes to remove the scam,  without being familiar with the facts, is not appropriate. (And, as you know,  the methods and tools are not disclosed by Google...)

Once the case was reported, it is  up to Google engineers and specialists to  chase after the scammer, and track them down.

 

Let's wait for Google to comments.

As in past cases, I drew the attention  of Google to your additional comments, and your suggestions for lesson to be learnt.

-Moshe

Moshe, AdWords Top Contributor , Twitter | Linkedin | Community Profile | Ad-Globe
Did you find any helpful responses or answers to your query? If yes, please mark it as the ‘Best Answer’

Re: Another weekend, new Phishing Ad for AdWords account logins - 5th

Collaborator ✭ ✭ ✭
# 7
Collaborator ✭ ✭ ✭

Yes, thank you for the additional details about how Google operates in these cases.

 

Somehow I expected them to react like fireman squads to a big fire outburst , in a matter of minutes, but I was not right to have this expectation, now I understand.

 

I think the case was solved successfully , I do not see similar ads anymore but as long as phishing brings access to accounts with money to be exploited and Google does not assign proper permanent emergency teams for the weekend, I have not doubt there will be similar cases.

 

Thank you for the availability and for the guidance.