Google AdWords “Update Your Billing Information” email phishing scam

Some folks are really ruining it for the rest of us. What if I really did need to tend to something in my AdWords account? After noticing this little gem of a phishing scam, I am ruined from ever trusting any email reporting to be Google AdWords related.

This one is super elaborate, as you’ll see. So you don’t get buned, here’s how I knew this was a scam. Most phishing emails will provide you a link to a login page. If the scammer is only half intelligent, it will look identical to the login page for the entity they are claiming to be. Oh, but it’s not. Check out the link in the email I received.

Google AdWords email phishing scamDon’t click that link. Right click it, copy the underlying URL, and paste it into a text editor. I’ll bet you it’s not the same as the URL for the actual site login. In this case, the link reads ” http://adwords.google.com/select/login”, but the actual link is to “http://adwords.google.com.fikde.cn/select/Login/”. Notice the “fikde.cn” in there? Guess what? Not Google. The IP address of the server at fikde.cn is 86.126.243.20.

In this Google AdWords phishing scam, it doesn’t even matter what you enter as login credentials. I entered nice.try@asshole.com and no password and was successfully “logged in”. The scammer wants you to get through to the account editing screen where you “update” all your info. Of course, none of that info is going to Google. It’s more likely going to a database of other stolen identities to be sold to the highest bidder.

Fake Google AdWords email scamUpdate: Got another one today.  This one links to a scammer who’s using a misspelled subdomain.  It’s close, but it’s still not Google – http://adwrods.google.select.IsMyBank.cn/select/Login/index.html

Email list management systems

A selection of companies providing broadcast or bulk email list management solutions and their pricing at 1000 emails per month:

iContact – $11.90 per month*

Emma – $30 per month

ConstantContact – $30 per month

CoolerEmail – $39.95 per month

eROI – (contact them for a quote)*

PHPlist – (free, but only for experienced techy types)*

Note that these are just the ones I’ve come across, and this doesn’t include setup fees. The starred products are systems I am currently managing for my clients.

Why does Hotmail, Yahoo, Gmail etc think my emails are SPAM?

eROIA client of mine recently asked me this question. It’s a good one I hear all the time. This particular client designs and manages their own broadcast emails with a web based app built by local email marketing gurus, eROI.

First off, SPAM filtering is some of the worst voodoo out there, so all the info herein is totally based on my experience in email design.

Being mistook for a spammer is typically due to the composition of your broadcast email. Social spam marking functions aside, spam filters are usually based on a point threshold system. Incoming emails are scored bad points based on a list of predefined spam-ish characteristics. Once an email scores a certain level of bad points, the server marks it as spam. Depending on your email provider’s settings, the next course of action may be to deliver the message to a special “junk” mailbox, or delete the message altogether.

Here’s a couple of things that I think are probably the most common mistakes you can make when composing a broadcast email. In my experience, these are quick ways to get yourself bad points. This is by no means comprehensive, and each ISP may have it’s own spam criteria.

- Weird characters, sales text, and all caps in the subject line or From address. Real spammers try to get creative with call-to-action text and cr/\zy characters in the Subject or From fields. Not surprisingly, spam filters are clamping down on such abuse. So, try and step back from it and view the text strictly on a logical plane. Do the words or phrases shout “I’m Junk Mail!” ?

- Content that is mostly an image. I know it looks good, and it’s way easier than coding the HTML, but to a spam filter it looks like you’re hiding something. The filter can’t tell what the image says or looks like, so it gets nervous about letting it through. So, it may mark the email with a bad point, just in case.

These are just a couple of areas that I can confirm the filters take into consideration. Thankfully, there are services and features built in to many email list management apps that will test your email before you send it. Lately, I’ve been a fan of iContact, and they’ve built in a spam point checker. Not sure if the eROI guys have one, so check with them.

I have Hotmail, Yahoo, and Gmail email accounts strictly for spam testing, and I leave the filter settings at the default. Before a blast goes out, I send it to all of my addresses and make sure it doesnt get marked as spam.

Related Posts Plugin for WordPress, Blogger...