Get Your FREE Video Website Builder!

Now you can get the VideoClipMinisites Builder Lite version for FREE! Our Lite version is comparable to the full version of other Video Clip Site Builders.

 

Adwords Account Hacked - Have you checked your account?

Posted November 26th, 2007 by Mike Gates

Categories: Main · Tags: , ,

Comments: 8 comments

 

If you're new here, you may want to subscribe to my RSS feed. Thanks for visiting!

If you have an Adwords account your aren’t using, you need to either cancel that account, or monitor it DAILY!

If you are using your Adwords account, I strongly encourage you to keep a close eye on it.

I don’t have a lot of activity going on in my Adwords account, but every morning I check the number of my Adwords clicks for the previous day, and it’s a good thing I do.

Somehow, someone hacked into my adwords account, setup a new campaign, set the max bid at $5 and the daily max at $5000! They ending up racking up over $350 one day and $75 the next day, before I caught it.

After doing some research on Google account hacking, I see my case is not an isolated one. I have read stories of people setting up their Adwords account and payment info, then never really using their account. Suddenly, they see a charge of thousands of dollars on their credit card statement from Google.

They login to their Adwords account to find campaigns running that they never setup. If you have an Adwords account you don’t check, AND you’re not good about looking at your credit card charges, you could be in even bigger trouble.

Google will just keep merrily charging your card until it runs out of room. Then they will contact you to change your billing info. Imagine what a shock that would be to find your card got maxed out by someone hacking into your account and buying thousands of $5 clicks on your credit card.

I have been in contact with Google to report this fraud and to give them all the info I have.

I hope they don’t charge me for those clicks - it appears they have been very fair to others in the same situation in the past.

Google tells me my password may have been stolen due to malware on my computer. I run an anti-virus program constantly. I run a spyware detection program weekly, and I have run a number of malware detection programs the last few days, and nothing has been detected. I have a wireless network, but this computer is hardwired to the router, so that shouldn’t be an issue.

I have been online for over 10 years and am very careful about protecting my PC. I never load programs like ebay, paypal or Adwords from email because of phishing issues. I never download, open, load, or run files unless I know where they came from and they are from a trusted source. I am very careful which makes this all the more frustrating.

To protect myself in the future, I have changed my adwords password and plan on changing it at least monthly. I don’t know what else I can do to keep this from happening again.

So what about the site the clicks were directed to?

Well, I found some strange things about the website my hacker pointed their clicks to. The domain the Adwords ad is directed to is a .net domain (that was registered the same day as my account was hacked). The .net domain redirects to a .com of the same name. The weird thing is, this is a blog and I don’t see any monetization on the blog. The only links on the blog go to major finance sites and I see no affiliate links, or suspicious looking links.

Why would someone steal $425 worth of clicks and not try to make money on it? Could it be someone is trying to screw me personally for some reason, instead of trying to steal clicks to make money?

I can’t imagine who would do that - I don’t know of anyone who is upset with me (except my wife from time to time).

Anyway, let this be a lesson to you - if you have an Adwords account go check it right now. Run a spyware/malware detection program and clean up your computer and then change your Google Adwords password.

Finally, make it a habit to check your adwords account daily.

If you like this post, please buy me a Cup of Cofee :-)

Share and Enjoy:
  • Digg
  • del.icio.us
  • Netvouz
  • blinkbits
  • BlinkList
  • Furl
  • Netscape
  • PlugIM
  • Reddit
  • Simpy
  • Slashdot
  • StumbleUpon
  • Technorati

 

Discussion

What do you think? Leave a comment. Alternatively, write a post on your own weblog; this blog accepts trackbacks [trackback url].

Comments
1.
On February 13th, 2008 at 1:36 pm, Ash said:

Hi, I had the same experience, i logged in to my account just now and was charged $300 for a campaign that I didn’t setup.

Talked to Adwords Rep and they told me they will look into it and will disable my account temporary.

So what happend in the end? did you have to pay for the loss?

2.
On February 20th, 2008 at 9:35 am, Mike Gates said:

Hi Ash,

The Adwords people disabled my account, had me run some spyware and virus removal programs. Those programs found nothing.

Then Adwords support had me create a new Adwords account, and then I had to let them know about it, so they could enable it.

They did not charge me for the fraudulent campaign.

I’m sure they’ll do the same for you. I wish they could catch the thieves!

I still don’t know how someone got access to my account. I now check my account daily.

Mike

3.
On February 20th, 2008 at 10:57 pm, Ash said:

Mike,

Thanks for the update. They told me to open a new account which I did. Unfortunately, my credit card was declined for the new account. Did you had to use another credit card for the new account?

I’m very frustrated as my account history was gone and have to build it all over again.

Btw, there’s a thread here that explains how the hacking was done http://www.webmasterworld.com/google_adwords/3320021-2-30.htm

Thanks

Ash

4.
On February 26th, 2008 at 6:14 am, Michael said:

Ours was hit for $500,000 in two days over the weekend. Same story, check your computers for spyware. I think there is a security hole in gmail. The user they used to access the account was from Gmail. Where yours?

5.
On February 26th, 2008 at 1:40 pm, Ash said:

Sorry to hear that Michael, …but there are a lot of possibilities on how this can be done…

are you using firefox or IE?
did you store your password in your browser?

6.
On April 29th, 2008 at 4:34 pm, janni said:

According to a WebmasterWorld forum thread, two of the users’ accounts were hacked while the advertising campaigns were entirely modified. GregOne, a forum member, reported that his AdWords account was hacked although the password wasn’t changed. The user sustained there were some new running campaigns bundled with new credit card billing info, name and address. The campaigns were redirecting the users to some malicious websites that are trying to install an infected ActiveX on the users’ computers.

7.
On May 24th, 2008 at 2:32 am, Johnnie from Auto Insurance Quotes said:

I have always been paranoid about things like this especially since i run campaigns for financial websites. Luckily nothing has happened yet, but the number of “attacks” seem to be increasing.

And with the number of undetectable viruses being created daily, it’s really important to check your adwords account daily and talk to your credit card company or bank to let them to look out for any strange activity.

8.
On June 7th, 2008 at 12:07 am, Ashley said:

Really good information. i read your blog and realize some important things for the google adwords account. thxx… i think this info is very helpful for PPC management costumers from google…..you should updated information about the Google adwords….

Leave a Reply

This site uses KeywordLuv. Enter YourName@YourKeywords in the Name field to take advantage.

For example, if I wanted to use the keywords "Free Website Builder" as my link text for my Website above, I would use mike@Free Website Builder