Google AdWords 'targeted by phishers'

News
By Asavin Wattanajantra
published

As a new phishing scam is revealed, it seems that the more Google's market share grows, the more profitable it is for criminals to target the company and its users.

A new phishing attack is targeting users of Google AdWords, intending to steal sensitive and confidential financial information.

Research released by security vendor Trend Micro suggests the attack begins with an email claiming that payment hasn't been successful and that the user needs to update their payment information, complete with a link to sign in.

The link displayed is the legitimate one, but clicking on it will send you to a unrelated compromised website which is hosted across different countries including Brazil, Romania and Canada.

Once you get to the fake website, which looks similar to the real AdWords web pages, you are prompted to type in your AdWords name and password (even though any combination would work).

From there you put in your credit card and personal details, with the info sent remotely using a remote server via an SSL connection.

Trend Micro said that attacks on the Google website were increasing due to its wide popularity, referring back to recent attacks on Google's calendaring system.

"In many ways Google can be seen as a victim of its own success," said Rik Ferguson, Solutions Architect at Trend Micro.

"As their market share has increased along with the variety of products and services they offer, so their value to the cybercriminal as a platform to exploit has grown alongside it."

AdWords is one of Google's flagship advertising products and main sources of revenue, offering pay-per-click and site advertising. Trend Micro urged all customers and end-users to demonstrate caution.

The security company also said that users needed to be aware of how ambitious criminals were getting as profits could be big with very little threat of prosecution.

Ferguson said: "Cybercrime and Malware in today's world is big business, and one that increasingly closely resembles the world of legitimate business, right down to outsourcing, R&D budgets, Malware as a Service platforms, SLAs and even EULAs."

And of Google's potential in making money for phishers: "In this world of business it would definitely be fair to say that as the market share expands and the user base grows, so does the perceived 'investment potential' to the cybercriminal. It's all about 'Return on Investment'."

At the time of publication, Google had not responded to our requests for comment.

Asavin Wattanajantra