baguznet blogs

Howdy All,

This morning when I checked my company’s email, I found an email showing as coming from Google Adwords Team, asking for my immediate action to reactivate my account. What the heck! Sent to my company’s email. I don’t have any account for that. In fact, if I have any, I will not sign using my company’s email as this is personal, not company-related works. Let’s take a look, where is the email came from and the content. Below is the message header.

Return-path: <fmanatt@uark.edu>
Received: from [81.200.21.17] ([81.200.21.17])
 by my.company.com (my.company.com)
 (MDaemon.PRO.v7.2.3.R)
 with ESMTP id md50001221873.msg
 for <emailID@my.company.com>; Wed, 16 Apr 2008 06:07:20 +0800
Received: from [81.200.21.17] by mx5.uark.edu; Wed, 16 Apr 2008 01:07:17 +0300
To: <emailID@company.com>
Subject: Please Re-activate your account
Date: Wed, 16 Apr 2008 01:07:17 +0300
Message-ID: <01c89f5e$369f7060$1115c851@fmanatt>
MIME-Version: 1.0
Content-Type: multipart/alternative;
 boundary=”—-=_NextPart_000_0CCC_01C89F5E.369F7060″
X-Mailer: Microsoft Office Outlook 12.0
Thread-Index: AcgJyXC2PCEIZSJ68676UV16I9LZSX==
Content-Language: us
From: “AdWords-NoReplay” <adwords-noreply@google.com>
X-Lookup-Warning: MAIL lookup on fmanatt@uark.edu does not match 81.200.21.17
X-MDRcpt-To: emailID@company.com
X-Rcpt-To: emailID@company.com
X-MDRemoteIP: 81.200.21.17
X-Return-Path: fmanatt@uark.edu
X-MDaemon-Deliver-To: emailID@my.company.com
X-Spam-Checker-Version: SpamAssassin 2.64 (2004-01-11)
X-Spam-Report:
 *  0.1 HTML_MESSAGE BODY: HTML included in message
 *  4.0 BAYES_70 BODY: Bayesian spam probability is 70 to 80%
 *      [score: 0.7933]
X-Spam-Status: No, hits=4.1 required=5.0 tests=BAYES_70,HTML_MESSAGE
 autolearn=no version=2.64
X-Spam-Level: ****
X-Spam-Processed: my.company.com, Wed, 16 Apr 2008 06:07:24 +0800
 

See the Return Path that I bold above, it shows that the email not coming from Google. And below is the content of the email. Please do not click on the link provided. The site is either infected with virus, or if you follow the instruction on the web, they are just trying to still your personal information.

———————————————————————————
Dear Google Adwords Customer, Your ads have stopped running because we were unable to process your billing information.
To activate your account and start running your ads, enter your billing information.

In order to activate your account and start running your ads, enter your billing information.
Pease sign into your account at http://adwords.google.com/select/login, and update
your billing information.

Once your account is reactivated and your billing information has been processed, any your ads and campaigns can begin running immediately on Google.

———————————————————————————-
This message was sent from a notification-only email address that does not accept incoming email. Please do not reply to this message.

———————————————————————————-

Google Adwords Team 

If you just simply look at the content and the link visually, yes it looks like it is a valid email from Google. Unfortunate, the message header shows that it is not. So, it is good to make a practice to check for the message header when you receive any unusual email.

Tags: Adwords, pishing

This entry was posted on Wednesday, April 16th, 2008 at 9:57 am and is filed under Alert / SCAM / Hoax, General. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.