Phish Are Jumpin’

December 15th, 2009

I‘ve had only one management position in my career. As “team leader” I managed four young software engineers who did quality assurance testing. Among my charges was a young fellow from Belarus who was particularly dedicated to the task; he took it personally whenever he found something wrong with the software in development.

Toy Angel Fish

When he found a bug, he’d come into my cube shaking his head, gravitas oozing from his pores, and say to me, “Skeeep,” before showing me his findings, “thees smells of feesh.”

I mention this because I was reminded of my young friend today when I got an e-mail—allegedly from Google—telling my my Google Adwords account had been canceled. As you might imagine, the e-mail provided no fewer than three links to my “login page,” along with helpful instructions about how to rectify this dire situation.

By now, we all know that Google hires only the best and brightest engineers in the business. And I’m certain they seek out the same capabilities in those who provide their public face through the written word. Today’s e-mail alert was not good writing.

It took very little surf-casting of my own to ascertain that the URL provided by the author of the e-mail was http://google-mc.com. A quick look at whois.net revealed that google-mc.com is registered as follows:

[Querying whois.internic.net]
[Redirected to whois.melbourneit.com]
[Querying whois.melbourneit.com]
[whois.melbourneit.com]

Domain Name.......... google-mc.com
  Creation Date........ 2009-12-16
  Registration Date.... 2009-12-16
  Expiry Date.......... 2010-12-16
  Organisation Name.... denis rogers
  Organisation Address. 22th fireball ave
  Organisation Address. 
  Organisation Address. new york city
  Organisation Address. 74836
  Organisation Address. NY
  Organisation Address. UNITED STATES

As you can see, not only are the address and zip code bogus, but the registration date hasn’t yet arrived.

Putting my Web Debugger through its paces, I also found that google-mc.com eventually does hand you off to http://google.com/adwords. While this looks legitimate, be afraid… be very afraid.

So, if you get an e-mail that appears to be from Google, and if you have an Adwords account, do not follow the links in the e-mail. Instead, type http://adwords.google.com in the address bar of your browser. Even if you don’t have an Adwords account, it would be useful to forward the message to phishing@google.com. I’m sure they’ll put some of their best and brightest on the trail to seeing to it this doesn’t trouble us again.

Comments are closed.