Google AdWords 'targeted by phishers'
By Asavin Wattanajantra,
A new phishing attack is targeting users of Google AdWords, intending to steal sensitive and confidential financial information.
Research released by security vendor Trend Micro suggests the attack begins with an email claiming that payment hasn't been successful and that the user needs to update their payment information, complete with a link to sign in.
The link displayed is the legitimate one, but clicking on it will send you to a unrelated compromised website which is hosted across different countries including Brazil, Romania and Canada.
Once you get to the fake website, which looks similar to the real AdWords web pages, you are prompted to type in your AdWords name and password (even though any combination would work).
From there you put in your credit card and personal details, with the info sent remotely using a remote server via an SSL connection.
Trend Micro said that attacks on the Google website were increasing due to its wide popularity, referring back to recent attacks on Google's calendaring system.
"In many ways Google can be seen as a victim of its own success," said Rik Ferguson, Solutions Architect at Trend Micro.
"As their market share has increased along with the variety of products and services they offer, so their value to the cybercriminal as a platform to exploit has grown alongside it."
AdWords is one of Google's flagship advertising products and main sources of revenue, offering pay-per-click and site advertising. Trend Micro urged all customers and end-users to demonstrate caution.
The security company also said that users needed to be aware of how ambitious criminals were getting as profits could be big with very little threat of prosecution.
Ferguson said: "Cybercrime and Malware in today's world is big business, and one that increasingly closely resembles the world of legitimate business, right down to outsourcing, R&D budgets, Malware as a Service platforms, SLAs and even EULAs."
And of Google's potential in making money for phishers: "In this world of business it would definitely be fair to say that as the market share expands and the user base grows, so does the perceived 'investment potential' to the cybercriminal. It's all about 'Return on Investment'."
At the time of publication, Google had not responded to our requests for comment.
You may also like...
Sponsored Links
advertisement
You may also like...
Latest Security Analysis & Insight
Do British police get cyber security?
Davey Winder listens to telephone conversations between the FBI and the Metropolitan Police, courtesy of Anonymous, and isn't impressed.
- Who to trust after the VeriSign hack?
- Striving to solve the security skills crisis
- Would you employ a hacker or malware writer?
- Q&A: Raj Samani, CTO McAfee
- Erase and rewind: the EU and privacy
- My email address is [CENSORED]
- Is there such a thing as a secure tablet?
- 2011: The year in news
- BYOD: Old or new, good or bad?
Latest Security Reviews
Check Point 2210 Appliance review
Rating: 
advertisement
Most popular
- Ubuntu vs. Windows 7 on the business desktop
- York researchers heat storage to speed up data
- BlackBerry Bold 9790 review
- OneNote hits Google?s Android
- O2 trials Olympic-scale remote working
- Will someone rid me of these troublesome Macs?
- Lenovo beats expectations again
- Who to trust after the VeriSign hack?
- Google to promise fairness after Motorola buy
- Report: Google cloud storage coming soon
Latest News Videos in Security
IT PRO Podcast: Are UK data protection laws flawed?
PlayWe bring in two experts to talk about the problems with UK data protection law and the way it is managed.
Register for IT PRO
You'll get exclusive member benefits including free whitepapers, downloads, Webinars and weekly newsletters full of the latest IT PRO news, reviews, insight and expertise.
