It seems pretty much anyone can be a target of phishing, and this week we've seen a lot of phishing spam 'targeting' Google AdWords customers.

Its quite a nicely done phish too, as the following images demonstrate.

The phishing spam for Google AdWords. Obviously that link doesn't really go to adwords.google.com....

... instead it goes to quite a nicely constructed (and going by the amount of javascript in there, quite possibly dangerous beyond the phishing) site with the giveaway toplevel domain of .cn.

The phishing sites all seem to be Chinese domains (something.cn) that are using fast flux to swap in and out compromised machines so that shutting down the phishing site becomes just that much more difficult.

This is a relatively new phish, and system administrators might consider blocking any requests for URLs of the form:

http://adwords.google.com.*.cn/select/Login/

As always, be careful with email messages directing you to a website, especially those that you're not expecting. And keep an eye on that address bar - most phishes don't bother trying to hide the real URL in the address bar and that's an easy way to spot a fake.

Regards,

MDB