11/08
2008
More Google AdWords Phishing Emails (7,901 views)
Another one:
From: Google AdWords-noreply [adwords-noreply@google.com]
Received: Wed 11/5/2008 2:26 PM
Subject: Update your payment information.
Header: Return-Path: <fm130190@yahoo.com>
X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on
*my mail server*
X-Spam-Level:
X-Spam-Status: No, score=0.1 required=5.0 tests=BAYES_05,HTML_MESSAGE,
RDNS_NONE autolearn=ham version=3.2.5
Delivered-To: [myemail]@ninanet.com
Received: (qmail 71229 invoked by uid 1058); 5 Nov 2008 22:25:36 -0000
X-Mail-Scanner: Scanned by qSheff 1.0-r3 (http://www.enderunix.org/qsheff/)
Delivered-To: [myemail]@ninanet.com
Received: (qmail 71220 invoked from network); 5 Nov 2008 22:25:36 -0000
X-Mail-Scanner: Scanned by qSheff 1.0-r3 (http://www.enderunix.org/qsheff/)
Received: from unknown (HELO ?151.50.63.103?) (151.50.63.103)
by *my mail server* - 151.50.63.103 with SMTP; 5 Nov 2008 22:25:35 -0000
Received: from [151.50.63.103] by f.mx.mail.yahoo.com; Wed, 5 Nov 2008 23:25:35 +0100
Message-ID: <01c93f9d$cdaf4180$673f3297@fm130190>
From: "Google AdWords-noreply" <adwords-noreply@google.com>
To: <[myemail]@ninanet.com>
Subject: Update your payment information.
Date: Wed, 5 Nov 2008 23:25:35 +0100
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_0007_01C93F9D.CDAF4180"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4522.1200
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200
++++++++++++++++++++++++++++++++++++++++++++++++++++
Dear Advertiser,
Our attempt to charge your credit card for your
outstanding Google AdWords account balance was declined.
Your account is still open. However, your ads have been suspended. Once we are able to charge your card and receive payment for your account balance, we will re-activate your ads.
Please update your billing information, even if you plan to use the
same credit card. This will trigger our billing system to try charging your card again. You do not need to contact us to reactivate your account.
To update your primary payment information, please follow these steps:
1. Log in to your account at http://adwords.google.com/select.
2. Enter your primary payment information.
3. Click ‘Update’ when you have finished.
——————————————————————————
This message was sent from a notification-only email address that does not accept incoming email. Please do not reply to this message. If you have any questions, please visit the Google AdWords Help Centre
—————————————————————————
Thank you for advertising with Google AdWords. We look forward to
providing you with the most effective advertising available.
——————————————————
++++++++++++++++++++++++++++++++++++++++++++++++++++
Again, some notes:
Sender (from) in Italy (151.50.63.103)
Mail server used: f.mx.mail.yahoo.com (68.142.202.247)
Return Address: fm130190@yahoo.com
Real URL: http://www.adwords.google.com.aeropt.cn/select/Login.
++++++++++++++++++++++++++++++++++++++++++++++++++++
Both links have already been reported as fakes and show a warning in Firefox.
I am the owner of bobpalin.com – I wish I knew who was faking the dex@bobpalin.com address and how to stop them. I have spent a lot of time on this problem, they are not using my mail server just altering the headers of their email.
My apologies for any inconvenience this has caused you.
Bob Palin
Great site. A lot of useful information here. I’m sending it to some friends!