Last Updated on December 3, 2019 by Christopher G Mendla
I just had a client fall victim to a phishing attack. He has an adwords account an also happened to have an expiring credit card. He got what appeared to be a legitimate ‘please renew’ email from Google and renewed. A couple of days later, he got another renewal notice and renewed again.
When he got a third renewal notice, he got suspicious and emailed it to me. A ‘view source’ of the email showed a url for the link that was something like www.google.com.randomnumbers.cn . A whois quickly confirmed the obvious that the domain was in no way related to Google.
The perps had probably managed to get his credit card info, mother’s maiden name, google account info and a bunch of other personal and sensitive information.
There is one very reliable way to avoid this type of attack.
Never, ever, click on a link in an email and then put in login credentials or sensitive information, not even once.
When you get an email about credit cards expiring you should go in to that side the way you always do, with your bookmarks and then login the way you always do. That way, there is no chance that a phishing email link can redirect you.
Some questions in my mind about him getting two phishing emails relating to adwords and an expiring credit card are
(1) Did they know he had an Adwords account or was the email sent out randomly
(2) Did they know he had an expiring credit card or was that also random.
I would think that you would have to send out a lot of emails in order to get to the point where you hit enough people with Adwords accounts and expiring credit cards.
The other thing was that the hosting trail was obscured with proxies and private domain registrations (surprise surprise surprise)
This really ticks me off, especially in light of the recent news about the botnet operator getting a slap on the wrist by some lenient judge. The botnets are the enablers of this type of phishing attack which costs consumers tons of money every year.