Google AdWords phishing scam on the loose

The creativity and resourcefulness of the criminal underground never ceases to amaze me. Granted, these guys have nothing else to do but sit around and come up with new scams, but still, some of these things are truly inspired. Have a look at this Google AdWords phishing scam that has been showing up in recent days:

From: Google AdWords To: xxx@xxx.xxxSubject: Google AdWords AlertDate: Wed, 12 Nov 2008 02:27:xx +1000 Hello, Our attempt to charge your credit card on Wed, 12 Nov 2008 02:27:xx +1000for your outstanding Google AdWords account balance was declined.Your account is still open. However, your ads have been suspended. Oncewe are able to charge your card and receive payment for your accountbalance, we will re-activate your ads. Please update your billing information, even if you plan to use thesame credit card. This will trigger our billing system to try chargingyour card again. You do not need to contact us to reactivate youraccount. To update your primary payment information, please follow these steps: 1. Log in to your AdWords account at: http://adwords .google .com.session- xxxxxxxxxxxxxxxxxxxx .xxxxxxxxxxxxxxxxxxxx .com68 .ru3. Click 'Billing Preferences' link.4. Click Edit next to the appropriate 'Payment Details' section.5. Enter your new or updated payment information.6. Click 'Save Changes' when you have finished. In the future, you may wish to use a backup credit card in order tohelp ensure continuous delivery of your ads. You can add a backupcredit card by visiting your Billing Preferences page.------------------------------------------------------------------This message was sent from a notification-only email address that doesnot accept incoming email. Please do not reply to this message. If youhave any questions, please visit the Google AdWords Help Centre athttps://adwords.google.com/support/?hl=en_GB to find answers tofrequently asked questions and a 'contact us' link near the bottom ofthe page.---------------------------------------------------------------- Thank you for advertising with Google AdWords.We look forward to providing you with the most effective advertising available. Sincerely,The Google AdWords Team

I don’t see too many glaring errors in this message that make it stand out as a phish. As the Internet Storm Center diary entry on this scam points out, the only real problems are the URL ending in .ru and the date that is in the future. Aside from that, this is pretty solid work. I’d guess that most average users would have little to no chance of recognizing this as a phishing email. No misspellings, no first-grade grammar and no pleas for money to be transferred to an account in Djibouti. Egads.