Happy Thanksgiving! Could you please pass me your AdWords account information?
The Weasels are everywhere...
Today, I received an email appearing to be from Google letting me know that there is irregular activity on my Google AdWords account. Although this is the day before Thanksgiving, I wasn't feeling quite generous enough to click on this bogus link. The tip-offs that something was rotten with this e-mail were:
- A clickable link in an email - " We detected irregular activity on your Google AdWords Account. Please use the link below to verify your account immediately:"
Google AdWords will never have a link in an email which will lead you to enter your password or other sensitive information. This also goes for any other reputable websites where you need to log in. Don't trust an email asking you to click a link to verify or validate an account, no matter how official it may look.
- Misspelling - I'm pretty sure Google would have correctly spelled "Sincerely". Assuming that they use the GMail client which autodetects spelling errors.
- The Big Bright Red Warning Message - I use GMail for my domain based email account, and as you can see in the screenshot, GMail is warning me in a bright red box that this appears to be a phishing attempt. The lesson here is to have a reliable e-mail client that can detect phishing attempts.
- Subject Line - "Security Measure" - Kind of a vague subject line that doesn't at all fit in with what I would receive in a typical AdWords Email.
- Sender "AdWords@Google.com" - This one isn't as big a deal - but most of the messages I receive from the Google AdWords team are from adwords-noreply@google.com. So that seemed off - but please note, even if it was from that address, it could have been spoofed. E-mail spoofing is making an email appear like it was sent by someone - when in fact it wasn't. It is incredibly easy for a scammer to make an email appear like it is from adwords-noreply@google.com - so don't just assume that if the sender looks alright, that the email is alright.
AdWords Account Phishing
If you think you have received a phishing e-mail attempt regarding your AdWords account, Google has an extensive section on phishing in their help area. I reported this e-mail to Google to their phishing email addresses as detailed in the above link. The AdWords phishing page provides a ton of information on how to identify phishing attempts and how to prevent falling victim.
If you have accidentally already submitted your information via an AdWords phishing attempt, be sure to contact Google immediately. Google AdWords has an entire section about starting the process to get your AdWords account back.
How Does this Help Me Market My Denver Small Business?
Well, it helps to know that there are weasels out there actively trying to compromise your AdWords account through methods such as phishing. Hopefully this email has provided good resources for you to learn how to avoid becoming a victim, and what to do if someone has hacked into your Google AdWords account. Once weasels get into your AdWords account, they can rack up some serious AdWords charges. Your credit card information should remain safe, but they can create new campaigns and charge a lot of unwanted clicks to your credit card.
Anyone could have a bad day and accidentally click on an email like this and inadvertently enter their password information. Especially if you're distracted or not thinking things through clearly. The more that you hear about AdWords phishing attempts like this, the more likely you are to question any e-mail that comes into your inbox asking you to click on a link to provide sensitive information.