If you have an Adwords account your aren’t using, you need to either cancel that account, or monitor it DAILY!
If you are using your Adwords account, I strongly encourage you to keep a close eye on it.
I don’t have a lot of activity going on in my Adwords account, but every morning I check the number of my Adwords clicks for the previous day, and it’s a good thing I do.
Somehow, someone hacked into my adwords account, setup a new campaign, set the max bid at $5 and the daily max at $5000! They ending up racking up over $350 one day and $75 the next day, before I caught it.
After doing some research on Google account hacking, I see my case is not an isolated one. I have read stories of people setting up their Adwords account and payment info, then never really using their account. Suddenly, they see a charge of thousands of dollars on their credit card statement from Google.
They login to their Adwords account to find campaigns running that they never setup. If you have an Adwords account you don’t check, AND you’re not good about looking at your credit card charges, you could be in even bigger trouble.
Google will just keep merrily charging your card until it runs out of room. Then they will contact you to change your billing info. Imagine what a shock that would be to find your card got maxed out by someone hacking into your account and buying thousands of $5 clicks on your credit card.
I have been in contact with Google to report this fraud and to give them all the info I have.
I hope they don’t charge me for those clicks – it appears they have been very fair to others in the same situation in the past.
Google tells me my password may have been stolen due to malware on my computer. I run an anti-virus program constantly. I run a spyware detection program weekly, and I have run a number of malware detection programs the last few days, and nothing has been detected. I have a wireless network, but this computer is hardwired to the router, so that shouldn’t be an issue.
I have been online for over 10 years and am very careful about protecting my PC. I never load programs like ebay, paypal or Adwords from email because of phishing issues. I never download, open, load, or run files unless I know where they came from and they are from a trusted source. I am very careful which makes this all the more frustrating.
To protect myself in the future, I have changed my adwords password and plan on changing it at least monthly. I don’t know what else I can do to keep this from happening again.
So what about the site the clicks were directed to?
Well, I found some strange things about the website my hacker pointed their clicks to. The domain the Adwords ad is directed to is a .net domain (that was registered the same day as my account was hacked). The .net domain redirects to a .com of the same name. The weird thing is, this is a blog and I don’t see any monetization on the blog. The only links on the blog go to major finance sites and I see no affiliate links, or suspicious looking links.
Why would someone steal $425 worth of clicks and not try to make money on it? Could it be someone is trying to screw me personally for some reason, instead of trying to steal clicks to make money?
I can’t imagine who would do that – I don’t know of anyone who is upset with me (except my wife from time to time).
Anyway, let this be a lesson to you – if you have an Adwords account go check it right now. Run a spyware/malware detection program and clean up your computer and then change your Google Adwords password.
Finally, make it a habit to check your adwords account daily.