Monday, May 14, 2007

Phishing using google ads

I received an interesting phishing email today. Whenever I receive any such email I hover my mouse over the link to see the actual url behind the link. In this particular case, it caught my attention. It was pointing to google.com. I was a little bit surprised then I copied the actual url behind the link separately to see where is it pointing. Be careful before you click on the url.

Here is a copy of phishing email for exploiting google ads

Please visit the resolution center located here
https://www.paypal.com/cgi-bin/webscr?cmd=_login-run_rc_loginusto verify your identity and avoid the blocking of your account
Sincerely,PayPal Account Review DepartmentPayPal,an eBay Company

the actual url behind the link is

http://www.google.com/pagead/iclk?sa=l&ai=Br3ycNQz5Q-fXBJGSiQLU0eDSAueHkArnhtWZAu-FmQWgjlkQAxgFKAg4AEDKEUiFOVD-4r2f-P____8BoAGyqor_A8gBAZUCCapCCqkCxU7NLQH0sz4&num=5&adurl=http://adsl-63-201-176-6.dsl.lsan03.pacbell.net/www.paypal.com/cgi-bin/webscr=home=p/index.php

2 comments:

Carl said...

You've probably already googled this yourself, but there's a more detailed discussion about this at http://ha.ckers.org/blog/20060822/google-redirection-hole-used-for-phishing/

Anurag Agarwal said...

I actually saw it after i posted and also saw the mention in Rsnake and Jeremiah's book on the same.

but thanks for pointing out.