Google AdWords phishing attack strikes inboxes

Have you received an email from Google saying that your Google AdWords campaign may have stopped running?

Here’s an image of just such an email (click on it for a larger version):

Google AdWords phishing email. Click for larger version

Google AdWords

Sign up to our free newsletter.
Security news, advice, and tips.

Your Google campaigns may have stopped running today (Monday, July 25, 2011)

Dear AdWords Advertiser,

For quality services and running your ads without any problems (Innactive account meaning Pausing your Ads) check your AdWords account regularly.

Click here to check your AdWords account now.

2011. Google

The messages have been spammed out across the internet, attempting to trick users into visiting a bogus website that pretends to be the Google AdWords login page.

Google AdWords phishing site

It’s a realistic replica of the main Google AdWords page, created with some care in an attempt to phish your credentials off you. And don’t forget, your same username and password will be not just used by Google AdWords, but also Gmail, Google Docs, Google+ and so forth..

In short, your Google username and password are a very attractive commodity to phishers.

That’s one of the reasons why I recommend Gmail users set up two step verification, which provides an extra level of security.

To be extra sure of my suspicions, I checked that the google-oa.net website didn’t belong to Google by doing a WHOIS look-up:

Whois information for google-oa.net

That’s certainly not Google, and the fact that the domain has only just been registered makes it even more suspicious.

And what’s with that odd zip code? I’m pretty sure 90211 is likely be next door to the world’s most famous zip code, 90210 in Beverly Hills, California.

Seriously, 90210 is probably the zip code we see most often in the WHOIS information for bogus websites.

Of course, the registrant’s name and the address in New York are quite possibly phony as well.

Sophos’s products intercept the messages as spam, preventing you from unwittingly handing your Google username and password over to cybercriminals.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.