Phishers target Google AdWords users

Attack designed to steal sensitive data

Security experts at Trend Micro have warned of a Google AdWords phishing attack designed to steal sensitive information.

Victims of the scam receive an email notification informing them that their last AdWords payment has not been successful and asking them to update their payment information.

The link displayed in the email body appears to be legitimate, but is actually a compromised site hosted in a number of different countries including Romania, Brazil and Canada.

Trend Micro believes that Google's huge popularity has led hackers to intensify attacks on the company's websites, following successful attacks on Google Calendar.

Rik Ferguson, solutions architect at Trend Micro, said: "In many ways Google can be seen as a victim of its own success.

"As its market share has increased along with the variety of products and services it offers, so its value to the cyber-criminal as a platform to exploit has grown.

"Today's cyber-crime motivation has shifted from a misplaced sense of 'l33t h4x0r' pride to a sole focus on the business of generating cash, so the threat to any successful platform is clear."

Ferguson added that cyber-crime and malware increasingly resemble the world of legitimate business, right down to outsourcing, R&D budgets, malware-as-a-service, service level agreements and even end-user license agreements.

"As the market share expands and the user base grows, so does the perceived 'investment potential' to the cyber-criminal. It is all about return on investment," he said.