Today a client forwarded an email message to me–worried it meant that her Yahoo Search Marketing account was going to be canceled.  The body of the message is at the bottom of this post.  This message is nothing but a scammers attempt to phish for Yahoo advertiser’s account names and passwords in order to hijack accounts and access personal or billing information that are on file in the account.  I would expect they have an equivalent phishing scheme set up for Google Adwords advertisers.

I am glad my client forwarded me the message rather than responding.  The link included in the message (I’ve removed it below for safety reasons) takes the scam target to a website that looks like Yahoo but is NOT owned by Yahoo.  Be vary wary of links within emails particularly from large companies such as eBay, Paypal, Yahoo, and Google.  Always check that these direct to, NOT something like Your safest bet is to always use your EXISTING bookmarks or go to the company’s home page and find the login link from there.

Here’s the scammer’s email.  Note the sense of urgency and the limited options given for response (“do not respond to this email”, no customer service phone number- just the phishing link)

Renew Your Account Now !

Dear Advertiser,   This is your official notification from Yahoo! Inc. that the service(s) listed below will be deactivated and deleted if not renewed immediately.    As the Primary Contact, you must renew the service(s) listed below or it will be deactivated and deleted.   Renew Now your Yahoo Sponsored Search services.

SERVICE: Yahoo Sponsored Search
EXPIRATION: April, 1 2008
Thank you for using Yahoo Inc service.
We appreciate your business and the opportunity to serve you.
Yahoo Inc. Sponsored Search Service*Note:Please do not reply this Customer Service e-mail.

ed. 4/14/08
As expected, I have seen my first example of the Google-version of this phishing technique. Here’s an example email below:

Dear Google AdWords Customer,

Your ads have stopped running because we were unable to process your billing information.

We will reactivate you account after you update your billing information.

In order to reactivate your account, please sign it to your account at  (<<< this URL did NOT link to page that is displayed, but a page meant to LOOK like Google’s login page), and update your billing information.
Once your account is reactivated and your billing information has been processed,
any your ads and campaigns can begin running immediately on Google.

Advertise your business on Google
No matter what your budget, you can display your ads on Google and our advertising network. Pay only if people click your ads.

The Google AdWords Team