Got Suspicious Email about Google Service? Me too!
Today I was surprised to find an email starting with words “dear adwords customer” in my mailbox. It was weird enough, because I don’t use Google AdWords and therefore I don’t have an account with them. But even more strange was the fact that the email asked to use some URL which had nothing to do with google.com to login to my account and check “a new alert from Google AdWords Team” I supposedly received recently.
Based on those 2 facts it was pretty easy for me to guess: I have been targeted for a against my google account. Most probably if I had followed the instructions in the email, my account with google would already have password changed by hackers, my private info stolen and my AdWords account balance used to advertise some questionable sites (if I would have one).
So, if you receive some suspicious emails from Citibank, Facebook, Google and others on daily basis, and not sure how to deal with those, continue reading. Hope you will find this article useful.
What is phishing and how does it work?
Usually phishing attempt starts with an email. Phishing emails try to mimic emails being sent from real websites and systems: popular services, social websites, internet stores and auctions, banks, payment processing systems, forums.
Phishing email will do everything to drag your attention and make you click on the URL it contains: it will urge you to check the recent update in your account, or receive an important notification, or even address an issue which requires your immediate attention and can cause your account suspension if you ignore it (main call to action in such emails is “click on the link below to login”). The page available by this URL may look very similar (even identical!) to the page which exists on real website, so people very often don’t recognize they are visiting some other site instead.
This page and this email exist only to make visitor fill in their login and password information after that it is just matter of time when criminals will log into the account, steal the private information or even change password and start using the account for their fraudulent activities. Sometimes such pages also tries to install malware on the computer of the visitor.
How to distinguish phishing email from the real one?
#1. Try to remember if you have an account with the system which claims to sent you an email. Very often phishing emails are being sent to wide range of email addresses independently of the fact if that address is registered with the system the “phishing” attempt is targeting or not. So the first fact what should really alert you is receiving email which appeals to your account in the system you don’t have an account with (just like in my case, I don’t have an account with AdWords, so it is weird for me to receive email about some alert in my AdWords account, so the email about it is a phishing email with 99.99% confidence).
#2. If you have an account with them, make sure the email address on file with this account is the same as the email address you’ve received the email to. If not, it is most probably a scam email!
#3. If you have an account with the website the email refers to, login into it and check if the issue/info described in the email is true. For that open your browser, type in the URL of the website (but NOT the URL sent in the email!!!), login to your account and check: do you really got an alert or notification or invitation to some group the email was talking about? If not – you most probably are the target of a phishing attempt.
#4. Check if URL in the email does include the exact domain of the website it implies to lead you to. Pay double attention to singular/plural forms of words used in the domain name, using characters which look similar but are in fact different (like number 1 instead of letter l), using a website name as subdomain in some different domain, adding some prefix or suffix to the domain name to make it similar looking but yet different domain. If you notice any of those – the email most probably is phishing email.
#5. Check if the email is indeed sent by the system which clams to sent it. See the email headers “From: ” header can be easily faked, however “Return-Path:” should be related to the system which sends it. So it you expect email to be sent from google the “Return-Path:” value should include some adress on google mail server, for example …@analytics.bounces.google.com. However this method bring some false positive results in case the company used some third party email sending software, so don’t rely only on this one.
What to do if you receive suspicious email / link?
- If you are not sure whatever an email you’ve received is legitimate and suspect it to be a phishing one, never ever click on or open the URL sent in it! If the issue described in the email sounds like it require your immediate attention try to login into your account by typing the website address in your browser manually instead.
- If you are confident what you are target for phishing attempt, report it to the website which the phishing email trying to obtain your info for . Most websites have contact forms or pages where you can submit info about abuse or phishing email you’ve received (make sure you access this website by typing the address directly, not by clicking on the link in the email!). After all, the website owner customers of whom are getting targeted by such activity should be most concerned with preventing this. For my case, I reported the email on “” page.
If your account has been compromised
- If you happened to have your account on some website already compromised do to phishing activity, contact the owner of the website as soon as possible in order to prevent any data loss and using your account for any fraudulent activity.
- While you are waiting for their reply try to re-set password, a lot of resources have a functionality to re-set password and send it to the email they have on file for your account, however that will only work if the person who got access to your account hasn’t change this email to his yet.
If you are using the same combination of login and password to access other resources or/and mailboxes – change passwords for those to something unique. Generally it is good practice to use unique passwords for each service.
- Hope for the best!
Instead of PS…
Sad to say, but phishing is not only email related issue nowadays. Messages with damaging URLs can be sent via instant messengers, private messages inside the the social network or even posted on a website. So be extremely cautious before clicking any suspicious URL even if it has been sent / posted / twitted by your friend. Their account may have been compromised and criminals may use it get to your private information. If you notice some unusual activity from your friend account: let him know directly, it might save him some troubles later on.
Thanks for reading, feel free to share your thoughts about the topic in the comments section bellow.