Russell a Google AdWords advertises reports, that he had noticed a lot of odd, likely spammy campaigns had been set up in his AdWords account. The site being advertised is called “LastMinuteSite.com” – claims to offer you a loan for $1,500 instantly with “all applications accepted”. The keywords targeted for this campaign are all variations on “loans”, “fast cash” and so on. The maximum cost per click was set to $6.25. Note the site may or may not be the true origin site of the attack, as it may make sense for a malicious attacker to hide their tracks, camouflage style, by pointing to innocent sites as well:
Russell suggests that Google may have had some kind of “spam flag” raised, because these campaigns were immediately stopped. All Google would tell Russell, he says, “is they have several systems in place which Flags any ’unusual account activity’ which immediately stops all ads running until they have the time to check into it.”
[…]claims that it’s an “official notification from Google AdWords that the service(s) listed below will be deactivated” unless the person renews them “immediately.” The email also claims to be sent from the address firstname.lastname@example.org. When clicked the following URL takes you to the login form
And indeed, Russell logged in to “his account” on that page, and someone likely phished his password, says Russell.
Source:→ Google Blogoscoped