The latest AdWords scam I've received is thus;
Exported by: Outlook Export v0.1.2
From: AdWords-NoReplay
E-mail:adwords-noreply@google.com [ 64.233.167.99 - py-in-f99.google.com ]
Date: 08/09/2008 09:51:36
Subject: Your ads are not running.
**************************************************************************
Links
**************************************************************************
Link: https://adwords.google.com/select/images/adwords_home/new_logogif
Domain: adwords.google.com
IP: 64.233.183.112 [ Resolution failed ]
hpHosts Status: Listed
MDL Status: Not Listed
PhishTank Status: false
Link: http://adwords.google.com/select
Domain: adwords.google.com
IP: 64.233.183.112 [ Resolution failed ]
hpHosts Status: Listed
MDL Status: Not Listed
PhishTank Status: false
Link: http://www.adwords.google.com.coisfon.cn/select/Login
Domain: www.adwords.google.com.coisfon.cn
IP: 87.69.85.21 [ Resolution failed ]
hpHosts Status: Not Listed
MDL Status: Not Listed
PhishTank Status: false
Link: https://adwords.google.com/support/bin/answer.py?answer=28857&hl=en_GB
Domain: adwords.google.com
IP: 64.233.183.112 [ Resolution failed ]
hpHosts Status: Listed
MDL Status: Not Listed
PhishTank Status: false
Link: https://adwords.google.com/support/?hl=en_GB
Domain: adwords.google.com
IP: 64.233.183.112 [ Resolution failed ]
hpHosts Status: Listed
MDL Status: Not Listed
PhishTank Status: false
**************************************************************************
Text Version
**************************************************************************
<https://adwords.google.com/select/images/adwords_home/new_logogif>
Hello,
Our attempt to charge your credit card for your outstanding Google AdWords account balance was declined. Your account is still open. However, your ads have been suspended. Once we are able to charge your card and receive payment for your account
balance, we will re-activate your ads.
Please update your billing information, even if you plan to use the same credit card. This will trigger our billing system to try charging your card again. You do not need to contact us to reactivate your account.
To update your primary payment information, please follow these steps:
1. Log in to your account at http://adwords.google.com/select <http://www.adwords.google.com.coisfon.cn/select/Login> .
2. Enter your new or updated billing information.
6. Click 'Update' when you have finished.
In the future, you may wish to use a backup credit card in order to help ensure continuous delivery of your ads. You can add a backup credit card by visiting your Billing Preferences page or visit the AdWords Help Centre for more details:
https://adwords.google.com/support/bin/answer.py?answer=28857&hl=en_GB
Thank you for advertising with Google AdWords. We look forward to providing you with the most effective advertising available.
Sincerely,
The Google AdWords Team
---------------------------
This message was sent from a notification-only email address that does not accept incoming email. Please do not reply to this message. If you have any questions, please visit the Google AdWords Help Centre at https://adwords.google.com/support/?hl=en_GB to find answers to frequently asked questions and a 'contact us' link near the bottom of the page.
-----------------------------
**************************************************************************
HTML Version
**************************************************************************
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META NAME="Generator" CONTENT="MS Exchange Server version 6.5.7036.0">
<TITLE></TITLE>
</HEAD>
<BODY>
<!-- Converted from text/plain format -->
<P><FONT SIZE=2> <<A HREF="https://adwords.google.com/select/images/adwords_home/new_logogif">https://adwords.google.com/select/images/adwords_home/new_logogif</A>><BR>
<BR>
Hello,<BR>
<BR>
Our attempt to charge your credit card for your<BR>
outstanding Google AdWords account balance was declined.<BR>
Your account is still open. However, your ads have been suspended. Once<BR>
we are able to charge your card and receive payment for your account<BR>
balance, we will re-activate your ads.<BR>
<BR>
Please update your billing information, even if you plan to use the<BR>
same credit card. This will trigger our billing system to try charging<BR>
your card again. You do not need to contact us to reactivate your<BR>
account.<BR>
<BR>
To update your primary payment information, please follow these steps:<BR>
<BR>
1. Log in to your account at <A HREF="http://adwords.google.com/select">http://adwords.google.com/select</A> <<A HREF="http://www.adwords.google.com.coisfon.cn/select/Login">http://www.adwords.google.com.coisfon.cn/select/Login</A>> .<BR>
2. Enter your new or updated billing information.<BR>
6. Click 'Update' when you have finished.<BR>
<BR>
In the future, you may wish to use a backup credit card in order to<BR>
help ensure continuous delivery of your ads. You can add a backup<BR>
credit card by visiting your Billing Preferences page or visit the<BR>
AdWords Help Centre for more details:<BR>
<A HREF="https://adwords.google.com/support/bin/answer.py?answer=28857&hl=en_GB">https://adwords.google.com/support/bin/answer.py?answer=28857&hl=en_GB</A><BR>
<BR>
<BR>
<BR>
Thank you for advertising with Google AdWords. We look forward to<BR>
providing you with the most effective advertising available.<BR>
<BR>
Sincerely,<BR>
<BR>
The Google AdWords Team<BR>
<BR>
---------------------------<BR>
This message was sent from a notification-only email address that does<BR>
not accept incoming email. Please do not reply to this message. If you<BR>
have any questions, please visit the Google AdWords Help Centre at<BR>
<A HREF="https://adwords.google.com/support/?hl=en_GB">https://adwords.google.com/support/?hl=en_GB</A> to find answers to<BR>
frequently asked questions and a 'contact us' link near the bottom of<BR>
the page.<BR>
-----------------------------<BR>
<BR>
<BR>
</FONT>
</P>
</BODY>
</HTML>
**************************************************************************
Headers
**************************************************************************
Return-Path: <fleshpots@yahoo.com>
Delivered-To: services@[REMOVED]
Received: from Postfix filter 42a77884ce2a0a03efc6bb50a6dcdb21 (localhost.localdomain [127.0.0.1])
by smtp-in-125.livemail.co.uk (Postfix) with SMTP id BE78B534184
for <services@[REMOVED]>; Mon, 8 Sep 2008 09:51:18 +0100 (BST)
Received: from smtp-in-115.livemail.co.uk (smtp-in-115.livemail.co.uk [213.171.216.115])
by smtp-in-125.livemail.co.uk (Postfix) with ESMTP id AB5F453418A
for <ceo@[REMOVED]>; Mon, 8 Sep 2008 09:51:18 +0100 (BST)
Received: from Postfix filter 42a77884ce2a0a03efc6bb50a6dcdb21 (localhost.localdomain [127.0.0.1])
by smtp-in-115.livemail.co.uk (Postfix) with SMTP id 9109D327452
for <abuse@[REMOVED]>; Mon, 8 Sep 2008 09:51:18 +0100 (BST)
Received: from [75.91.2.27] (h27.2.91.75.dynamic.ip.windstream.net [75.91.2.27])
by smtp-in-115.livemail.co.uk (Postfix) with ESMTP id 55EB2327452
for <abuse@[REMOVED]>; Mon, 8 Sep 2008 09:51:17 +0100 (BST)
Received: from [75.91.2.27] by f.mx.mail.yahoo.com; Mon, 8 Sep 2008 03:51:36 -0500
To: <abuse@[REMOVED]>
Subject: Your ads are not running.
Date: Mon, 8 Sep 2008 03:51:36 -0500
Message-ID: <01c91166$30cf5400$1b025b4b@fleshpots>
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_0CCC_01C91166.30CF5400"
X-Mailer: Microsoft Office Outlook 12.0
Thread-Index: AcgJyLD6O6KP8W7HVNC719G7XNH9M4==
Content-Language: us
From: "AdWords-NoReplay" <adwords-noreply@google.com>
X-Original-To: abuse@[REMOVED]
Also not surprising is that the scammy site itself (www.adwords.google.com.coisfon.cn) is running on a fastflux;
Ref:
http://hosts-file.net/?s=www.adwords.google.com.coisfon.cn
So what does the phishing page itself look like?
vURL Online results for this site:
http://vurl.mysteryfcm.co.uk/?url=http://www.adwords.google.com.coisfon.cn/select/Login/&selUAStr=1&cbxLinks=on&cbxSource=on&cbxBlacklist=on
1 comment:
Got the same thing here :)
Thanks for the diggin'!
Post a Comment