False Adwords Emails

Some people have been receiving emails that appear to come from Google AdWords. The email has a long story about your account being suspended and gives you a link to reactivate it.

At first glance the link  to Google Adwords seems genuine but instead it takes you to a fake web site that looks exactly like Google Adwords. It lets you type in your username and password, sends it to the person who setup this fake site, then takes you to the login page of the real Google Adwords site.

This is a common phishing email targeting Google Adwords customers.

Usually to identify real links from fake malicious links put the mouse pointer over the link and wait a second. Most email clients will show you the true destination either in a yellow tool-tip or at the bottom of the window.

I checked my spam folder and found one of these emails, let’s have a close look at it:

adwords phishing

The sender looks legitimate. Look at the part in the angled brackets, adwords-noreply@google.com. Technically the sender’s name & email is trivial to forge. This email didn’t really originate from Google.

Now at the end of the email is a link to http://adwords.google.com/select/login. At first glance this look innocent. What everyone should get into the habit of doing is putting the mouse pointer over the link (without clicking) and looking at the bottom of the screen to see where it really points to.

Let’s have a look at where this link would really take you:


It’s says: http://adwrods.google.select.ncjd43.cn (NOTE: don’t try visiting this site).

This is not Google’s site. It’s hosted on ncjd32.cn (always look at the last 2 parts of the URL, as explained in our earlier article). CN stands for China, so this fake site was registered in China – something that should make you suspicious of this link. Also note they spelt adwords wrong (adwrods). The word Google in this link doesn’t have anything to do with the real Google, it’s only here to trick casual readers.

So there you have it, an example on how to spot a phishing email.

A good virus & spam filtering system will filter out most of these phishing emails.

Note: Google Adwords is an advertising service run by Google. Go to Google’s site and type in adwords to find the real site.

Identity Theft Using LimeWire

Here’s an interesting story that hopefully raises your awareness of identity theft.

Lime Gregory Kopiloff, from Seattle USA, has pleaded guilty to a number of fraud related crimes and has been jailed for 4 years. He used LimeWire to download tax and credit reports, bank statements and student financial aid applications that people had made available using this P2P system.

Why would anyone put sensitive documents on a file sharing program for everyone to see? Maybe the people who put these files up thought they have nothing to lose, that documents should be free and shared. Whatever the reason documents like these are sensitive and should not be shared, especially through anonymous file sharing programs like LimeWire.

Gregory used this information, as well as dumpster diving and mail theft, to commit identity theft. He obtained credit cards and debit cards under these people’s names and used them to spend US$73,000 in online purchases.

In this case it’s not the technology that’s at fault, it’s the misconceived value placed on financial documents by regular people.

3.6 Million People

crowdGartner is a well recognised research company. They’ve recently added up the numbers and come up with 3.6 million adults that lost money in 2007 due to phishing scams. In 2006 the figure was 2.3 million.

That’s a lot of people being conned and losing money online. According to this report it adds up to US$3.2 billion in USA alone.

Some tips you might find useful to avoid being of of these 3.6 million people:

  • Never hand over personal details to people or web sites, unless you’re 100% certain of who you’re handing the details to.
  • Pay attention to web addresses you click on. Read our article on this here.
  • If you didn’t ask your bank or other service provider to send you an email then treat it as suspicious.
  • Scammers always take advantage of popular events to send phishing emails. E.g., it’s now Easter so expect lots of Easter related scam emails.
  • Be skeptical of what you read online. Chances are you didn’t really win a lottery in Spain without even buying a ticket.
  • Use a good antivirus package that includes a web site scanner. The newer packages filter out fraudulent pages.

G-Archiver Password Theft

G-Archiver is an archival tool for Gmail. It lets you backup your Gmail emails to your computer. It’s been discovered that it also has a darker purpose.

emailG-Archiver costs US$29.95, and it does what it claims. To use it you enter your Gmail username and password, and it downloads emails to your computer as a backup.

Unfortunately the program has also been sending people’s usernames and password to the program’s creator (identified as John Terry).

If you’ve used G-Archiver before then uninstall it and change your Gmail password.

PayPal Phishing

There’s a new phishing attack targeting PayPal customers. It begins with an email like the following:

Subject: PayPal Account Review Department

Dear PayPal customer,

We recently reviewed your account, and we suspect an unauthorized transaction on your account

Protecting your account is our primary concern. As a preventive measure we have temporary limited your access to sensitive information.

Paypal features. To ensure that your account is not compromised, simply hit “Resolution Center” to confirm your identity as member of Paypel.

  • Login to your Paypal with your Paypal username and password.
  • Confirm your identity as a card member of Paypal

Please confirm account information by clicking here Resolution Center and complete the “Steps to Remove Limitations.”

hookAll typos and grammatical errors are from the original email.

If someone was to click on the link provided in the email they would be taken to a hacked copy of PayPal’s site and they’d be asked to provide their bank’s name, ATM PIN code, mother’s maiden name, birth date,and social security number. All very personal information that the real PayPal doesn’t need.

So avoid traps like these by never giving out sensitive information like the above, not trusting emails you didn’t ask for, and most of all use a good antivirus package that also scans web sites for attacks such as this. Also have a look at the new version of Haute we discussed recently, available for free.

There are thousands of phishing emails such as this and over time the quality of them gets better, such as the tax scams we wrote about earlier (Australian version here, US version here) and the student phishing attack last month.

Fraudulent eBay Bid

Records Imagine someone steals your eBay password and bids $3,002,500 on an item on eBay? That’s what happened last week to someone only identified as jopsoup.

His password was stolen while he was at an internet cafe and it was used to make a bid on a record collection.

The matter’s been cleared up by eBay because it was of such a large amount. For smaller items it might not end so well. Always be cautious when using other people’s computers, especially public computers at internet cafes or at hotels.

(Full article here)

Has your email been hacked?

If you suspect someone else is reading your emails you normally change your password immediately and figure out how they were able to access your account.

lens If you’re curious then the following information could interest you 😉

There’s a free online service called OneStatFree that can be used as a tripwire to detect access to your emails. It will tell the time and day your email was opened (by someone other than you), the country it was access from, the IP address and possibly more information (such as city) depending on the actual network used.

The way it works is you create a special email and send it to yourself. You never open this email yourself and if someone else does it will instantly send some information to the OneStatFree service, which you then check at a later date.

Full instructions are provided here, it should be fairly easy for most people to follow.

Just keep in mind that if someone is indeed reading your emails this trick won’t stop them. So think carefully if you want to continue compromising your email while you investigate the culprit, or take immediate action and change your password.

Fraud Statistics

The US Federal Trade Commission (FTC) has released a report showing some statistics on fraud for 2007. These statistics come from people who report incidents of fraud to them, so it’s really limited to USA. The problem worldwide would be much much worse.

The top 20 complaint categories were:

Rank    Category    Complaints

  1. Identity Theft    258,427
  2. Shop-at-Home/Catalog Sales    62,811
  3. Internet Services    42,266
  4. Foreign Money Offers    32,868
  5. Prizes/Sweepstakes and Lotteries    32,162
  6. Computer Equipment and Software    27,036
  7. Internet Auctions    24,376
  8. Health Care Claims    16,097
  9. Travel, Vacations, and Timeshares    14,903
  10. Advance-Fee Loans and Credit Protection/Repair    14,342
  11. Investments    13,705
  12. Magazines and Buyers Clubs    12,970
  13. Business Opportunities and Work-at-Home Plans    11,362
  14. Real Estate (Not Timeshares)    9,475
  15. Office Supplies and Services    9,211
  16. Telephone Services    8,155
  17. Employ. Agencies/Job Counsel/Overseas Work    5,932
  18. Debt Management/Credit Counseling    3,442
  19. Multi-Level Mktg./Pyramids/Chain Letters    3,092
  20. Charitable Solicitations    1,843

That’s 258,427 cases of identity theft in one year, in one country! The total fraud losses recorded in this report totals more than $1.2 billion. The full report is here.

Tax Refund Scams Have Reached Australia

The tax refund scam mentioned a few days ago now comes in an Australian version. It’s the same email and same scam but customised to look like the Australian Tax Office (ATO). They even make a fake website that copies the ATO’s website.

The scam involves asking people for their credit card number, expiry date, security code, and other personal details.