« Backscatter Poo | Main | That E-Card Isn't From Hallmark »

June 28, 2008

Look at this well-designed phishing email message:

Its goal is to capture login names and passwords for Google AdWords accounts. The bogus destination page is (except for one busted image) an identical twin sister of the actual Google AdWords login page. The page is also written with an added script that uses a browser cookie to prevent your browser from visiting the fake page a second time—if you try, it immediately redirects you to the real page.

If you perform the rollover test of the clickable link in the message (shown in the image above), the link isn't to Google's site, but to a domain that has what may be a convincing alternate name. I mean, it has "ads" in the name, right? That domain, by the way, was created waaaay back on Wednesday. The domain registration has information from someone in Paris, but no crook in his right mind would leave a trail of bread loaves. The fake site is hosted through a Spanish ISP.

The lesson to learn here is that obvious financial targets, such as financial institutions (banks, credit unions, PayPal) and popular e-commerce sites (Amazon, eBay, Best Buy), aren't the only ones that phishers have their eyes on. If there is an account anywhere on the Internet that has one thin dime in it (or has data that can be turned into a dime), you can be sure phishers will root through your emotional defenses for that dough like a pig hunts for truffles.