Beware the bad words about Google Adwords

Stuart Corner
Friday, 02 May 2008 16:01

Your IT - Home IT

The latest phishing exercise aimed at getting you to divulge details of your bank account purports to be from Google telling you it can't pay you for your Google Adwords.

I got one yesterday: "Dear Google AdWords Customer," it said: "We were unable to process your payment.  Your ads will be suspended soon unless we can process your payment. To prevent your ads from being suspended, please update your payment information. Please sign into your account at http://adwords.google.com/select/login, and update your payment information."

Of course the real link behind that URL doesn't go to any site associated with Google. According to TrendLabs, Trend Micro's global threat research and support organisation, it goes to a compromised site hosted across a number of different countries including Romania, Brazil and Canada. "Google's rising popularity has led to hackers intensifying their attacks on the company's websites, following recent attacks on Google Calendaring system," Trend Micro says.

It's also an indication that, as more and more legitimate services involving some sort of financial relationship with users spring up on the Internet and gain popularity the opportunities for exploitation by cybercriminals will similarly increase many times over.

As Rick Ferguson at Trend Micro says: "In many ways Google can be seen as a victim of its own success: as their market share has increased along with the variety of products and services they offer, so their value to the cybercriminal as a platform to exploit has grown alongside it. Given the fact that today's cybercrime motivation has shifted from a misplaced sense of pride to a sole focus on the business of generating cash;  the threat to any successful platform is clear."

One thing that would help the unwary would be a little piece of software that looks at the URL text showing in a message, compares it with the actual URL behind the text and says: "watch out: you may think that links to google.com (or whatever) but it goes somewhere else entirely. Exercise great caution!" Surely that shouldn't be too difficult.