Here’s a new one: Google Adwords phishing.
According to the folks over at CSIS, the email reads like this:
Dear Google AdWords Customer!
In order to update your billing information, please sign in to your AdWords account at https://adwords.google.com, and submit your billing information. Your account will be reactivated as soon as you have entered your payment details. Your ads will show immediately if you decide to pay for clicks via credit or debit card. If you decide to pay by direct debit, we may need to receive your signed debit authorization before your ads start running, depending on your location. If youchoose bank transfer, your ads will show as soon as we receive your first payment. (Payment options vary by location.)
Thank you for choosing AdWords. We look forward to providing you with
the most effective advertising available.Sincerely,
The Google AdWords Team
More here (no, it’s not transliterated Klingon, it’s Danish). CSIS says these are all fast-flux on Chinese domains.
Alex Eckelberry
(Additional thanks to Mike at Shadowserver)