Receive new blog posts immediately direct to your email inbox!
The ROI Revolution Blog
« Internal Site Search Reporting | Main | Avoiding Calamity: Google AdWords/Analytics User Access »
How To Prevent Successful Phishing Attempts with Your Google AdWords Account
August 12, 2008
A couple months ago, there was an increase in attempts to collect personal account information within AdWords by 3rd parties. The most common term for this is phishing, whereby 3rd parties fraudulently try to acquire sensitive information, such as usernames, passwords, and credit card details, by masquerading as a trustworthy source.
At the time, Google had written that many phishing attempts came from adwords-noreply@google.com. The emails sent by this address asked users to update their billing information, take action on a disapproved ad, edit their account, or accept new AdWords terms and conditions.
In some cases, the links that were included in the email led to websites that install malware (software that attempts to steal sensitive information from your computer, send spam, or commit fraud) onto your computer. While the number of these attempts has decreased, they are still prevalent (we just received another email attempting this today), so you need to keep your eyes open for fraudulent behavior and contact Google of any possible phishing attempts.
During the influx of hacking attempts, one of our clients was affected. Overnight, someone was able to gain access to their account using their login name and password. They created a new campaign with one ad group and allocated a $9000/day budget in order to sell ringtones.
Fortunately, Google caught this suspicious behavior and temporarily suspended the account to investigate. While this phishing attempt was spotted and stopped before it could do some real harm, you may not be so lucky.
To safeguard your AdWords account, there is a number of precautions that Google suggests in order to prevent your account from being one that is accessed by an unauthorized person like that of our clients.
- First, do not reply to or click on links that ask for personal, financial, or account information.
- Review the From field of a suspected email. The email address and the return-path should reference the same source.
- If an email does request an account change and provides a link to make such a change, do not click the link. Conversely, go to the website directly by typing the address into your browser.
- Be sure to keep your computer's antivirus, spyware, browser, and security patches up to date and conduct regular system scans.
- It will also help if you use a browser that has a phishing filter such as Firefox, Internet Explorer, or Opera.
Lastly, be sure to review your accounts regularly, not only to maintain effective and successful performance but also to check for unauthorized activity. If you are subjected to a phishing email it should be reported to Google by completing the Report Phishing Form.
Posted by Matt Fritz, PPC Specialist at 5:52 PM
Permalink | Comments ( 3 ) | TrackBacks ( 0 )
Filed under: Pay-Per-Click
TrackBack
TrackBack URL for this entry:
/mt/mt-tb.cgi/310.
Comments
Great to remind everyone about the phishing!
Yikes! $14 bid per KW... that's a little overkill. I am actually getting these emails forwarded too by internal staff. One of them even has a typo in it.
Posted by: Rob at August 13, 2008 9:47 AM
Great post Mark.
The same thing just happened to one of our clients. $9000 budget - luckily their credit card maxed out & the crims only got about $250 worth of clicks (cheap airline tickets this time!)
Google have reviewed the activity & will credit the account, but that's a great checklist for people to follow.
mike
Posted by: mike at August 17, 2008 5:16 AM
I just received the email requesting to update my credit information. Is this real or not? All information I read about it says it came out a couple months ago.
