- 
August 12, 2008
How To Prevent Successful Phishing Attempts with Your Google AdWords Account
A couple months ago, there was an increase in attempts to collect personal account information within AdWords by 3rd parties. The most common term for this is phishing, whereby 3rd parties fraudulently try to acquire sensitive information, such as usernames, passwords, and credit card details, by masquerading as a trustworthy source.
At the time, Google had written that many phishing attempts came from adwords-noreply@google.com. The emails sent by this address asked users to update their billing information, take action on a disapproved ad, edit their account, or accept new AdWords terms and conditions.
In some cases, the links that were included in the email led to websites that install malware (software that attempts to steal sensitive information from your computer, send spam, or commit fraud) onto your computer. While the number of these attempts has decreased, they are still prevalent (we just received another email attempting this today), so you need to keep your eyes open for fraudulent behavior and contact Google of any possible phishing attempts.
During the influx of hacking attempts, one of our clients was affected. Overnight, someone was able to gain access to their account using their login name and password. They created a new campaign with one ad group and allocated a $9000/day budget in order to sell ringtones.
Fortunately, Google caught this suspicious behavior and temporarily suspended the account to investigate. While this phishing attempt was spotted and stopped before it could do some real harm, you may not be so lucky.
To safeguard your AdWords account, there is a number of precautions that Google suggests in order to prevent your account from being one that is accessed by an unauthorized person like that of our clients.
- First, do not reply to or click on links that ask for personal, financial, or account information.
- Review the From field of a suspected email. The email address and the return-path should reference the same source.
- If an email does request an account change and provides a link to make such a change, do not click the link. Conversely, go to the website directly by typing the address into your browser.
- Be sure to keep your computer's antivirus, spyware, browser, and security patches up to date and conduct regular system scans.
- It will also help if you use a browser that has a phishing filter such as Firefox, Internet Explorer, or Opera.
Lastly, be sure to review your accounts regularly, not only to maintain effective and successful performance but also to check for unauthorized activity. If you are subjected to a phishing email it should be reported to Google by completing the Report Phishing Form.
