Freely subscribe to our NEWSLETTER

“Once again, the social engineering technique used in this campaign is quite sophisticated,” said Stephen Pao, vice president of product management for Barracuda Networks. “The scammers are leveraging the Google brand in the hopes that recipients will trust the sender.”

Once on the fake Google AdWords account Web site, users are directed to provide their Google username and password, as well as prompted to update their account information including credit card number in order to avoid having their account suspended. Unsuspecting users who provide this information run the risk of fraudulent charges to their credit card as well as possibly to their legitimate Google account.

As of late this afternoon, Barracuda Central was tracking thousands of these messages sent to Barracuda Spam Firewall customers and the campaign appears to be increasing in magnitude. The Barracuda Spam Firewall utilizes a powerful combination of reputation and content scanning techniques to detect and block phishing email.

However, as the holidays approach, Barracuda Networks warns consumers to be extra vigilant in responding to unsolicited email including Web links that request account information or credit card numbers. In November 2007, Barracuda Networks saw the number of phishing Web sites and subsequent emails increase 10-fold on Thanksgiving in the run up to the holiday weekend. Barracuda Central researchers warn that the amount of phishing emails leading up to and through this holiday weekend may be even greater given the continued sophistication of attacks seen in the past 12 months.

“While not necessarily aimed at the average consumer, in a larger sense, this Google AdWords phishing campaign signifies that scammers are gearing up for the holiday shopping days ahead and consumers should be extra cautious when providing sensitive credit card, username or other account information online,” said Pao.