As you probably know, a phishing scam arrives as an email pretending to be from someone you trust. Most often, the email alerts you to an alarming urgent issue, and encourages you to log in to rectify the problem quickly and easily by clicking on a link in the email. Phishing emails can be sneaky and hard to recognize if you’re not looking for the signs.
Fortunately, there are signs, and you can learn to identify phishing emails, like this Google Ads phishing scam.
Here is a recent Google Ads phishing scam email we received. You’ll notice the urgent issue: our Google Ads account is suspended. If we have a Google Ads account, and that is a source of revenue that is now suspended, we’d automatically be concerned by the email. We would want to get it activated and working again ASAP!
But wait… let’s take a closer look.
First things first – if you know you don’t even have a Google Ads account, then flag the email as spam and delete it.
If you do have a Google Ads account, then look more closely at the email.
Check the sender
Who is it from? Here, you can see the from address has nothing to do with Google at all. Why would Google send you an email from an address like that? (They wouldn’t.)
Check the email’s content
The email lists a customer ID. Do you have one? Does the one in the email match yours? If it does match, that doesn’t necessarily mean the email is or isn’t a scam. A scammer could have found your ID online somewhere. If it doesn’t match, though, that’s a red flag.
Inspect the links in the email
Next, if you’re on a desktop or laptop computer, try moving your mouse to hover over the links in the email. Here, if we mouseover the customer ID, we see the link goes to w3schools.com. That has nothing to do with Google or the customer number or anything else in this email. Red flag.
This link in the footer is similar – another w3schools.com link, totally unrelated to Google Ads.
In the “log in here” link, you see a URL that also has nothing to do with Google. Google wouldn’t ask you to log in to a site that is not on a Google domain.
What if you’re on a mobile device?
You can’t “hover” or mouseover when you’re on your phone or tablet, but you can still inspect the link. Press your finger or stylus on the link and hold it. When it is highlighted or outlined, lift your finger, and view the menu. You should see the full URL displayed, along with some options of what to do with the link.
Before reading further, please note: We don’t ever recommend you click on links in emails when you’re not 100% certain they are legitimate.
However, in the content of this email, if you do happen to click on the “Circumventing Systems” link, you’ll see that it does go to a legitimate Google link. But look in the address bar – those utm_source and utm_campaign links indicate the phisher may be tracking clicks on their fraudulent email. Including legitimate links alongside illegitimate ones can help convince a recipient the email is real.
Proofread the email
Continuing with the email content, we see a few other red flags. Some of these require critical proofreading skills.
- Item #2 doesn’t start with a capital letter.
- “Log-in” is incorrectly written. In this context, “log in” should be two words, not hyphenated.
- There are two spaces after the log in link.
- There is an extra space inside the word “Amphitheatre” in the address in the email’s footer.
I realize these may seem like minor details. But large companies pay a lot of attention to these tiny details – and get them right.
What if you aren’t sure whether the email is a phishing scam?
Phishing scammers are relying on recipients scanning emails quickly and not reading them closely. They send out a large number of similar emails, hoping someone will fall into their trap. Don’t fall for it. Always treat unsolicited emails as potential scams. If you’ve tried the suggestions outlined above, and you’re still not sure whether you’re looking at a fraudulent email or phishing scam attempt, try these steps:
- Open a new browser window, type in the URL for the site you want to reach and log into your account that way. See if there are any alerts.
- Contact the company to see if they confirm the email is real.
- Contact your trusted web developer, and ask her opinion.
If you’re a website owner, you should also be aware of the SSL renewal scam and the phishing campaign that targets WordPress website owners.