• Recently Written
  • What If Blogging Could Be 100% Automated?
  • Search Engine Optimization Training
  • Cross Promotions For Net Marketers! Easy Visitors
  • 3 Top Mistakes of Internet Marketing
  • How The search engines Makes Search engines Marketing Function
  • Exceptional Web Marketing Suggestions For Your Web Business
  • How the Internet Changed Media: The Internet And The Shape Of Things To Come
  • Looking For Search Engine Optimization Companies
  • How Google AdWords Can Send You Targeted Traffic
  • Is There Substance Behind The Unique Article Wizard?
• Categories
  • adCenter
  • Adsense
  • Affiliate Marketing
  • AuctionAds
  • Blogs
  • Brand Name Bidding
  • Commission Junction
  • Email Marketing
  • Glyphius
  • Google
  • Google Adwords
  • Google Adwords Editor
  • Google Affiliate Network
  • Internet Marketing
  • James Brausch
  • Link Discosure
  • Linkshare
  • MSN
  • Multivariate Testing
  • Online Advertising
  • Pay Per Click
  • Pay Per Post
  • Performics
  • Quality Score
  • RaSof
  • Reviews
  • Search Engine Marketing
  • Search Engine Optimization
  • Split-Testing
  • Uncategorized
  • Viral Marketing
  • Yahoo
  • Yahoo Publisher Network
  • Yahoo Search Marketing
• Search

Links

Archives

• July 2010
• June 2010
• May 2010
• April 2010
• March 2010
• February 2010
• January 2010
• December 2009
• November 2009
• October 2009
• September 2009
• August 2009
• July 2009
• June 2009
• July 2008
• March 2008
• February 2008
• January 2008
• December 2007
• September 2007
• August 2007
• July 2007
• June 2007
• May 2007
• April 2007
• March 2007
• February 2007
• January 2007

Admin

• Log in
• Wordpress
• XHTML

I recently had a bad experience with Google Adwords. Our main Adwords account was hacked! I hope in sharing this story and what I learned from it, I will be able to help others take preventative action so it never happens to them.

It was a Monday morning and like any other Monday morning I was logging into my affiliate network accounts and my pay per click accounts to check on our numbers over the weekend. Upon logging into our main Adwords account I was surprised to see a total spend over the weekend of $30,000!

My adrenaline started to rush and my mind raced to figure out if I had turned a bid up too high and charged over $30,000 in clicks in 2 days. I checked the date range. It was correct. I checked the affiliate network to see what kind of earnings spending $30,000 in a weekend brought in. Nothing was out of the ordinary, and there certainly wasn’t enough to cover that kind of spending.

So I dug deeper to see which adgroup might have taken off, all the while I was wondering how my budgeting could have been blown out so badly. I keep a reasonable budget limit on all of our Adwords campaigns to keep a handle on runaway adgroups.

I opened up the campaign and immediately noticed that the campaign budget had been changed to $20,000/day. I saw which adgroup it was, and realized this was an adgroup that had been virtually inactive for several months. I checked on the ads and found that the ads that charged all those clicks were not my ads. They were not affiliate ads at all. They were driven directly to a forex site. I checked the bid and the keywords and found that both had been changed. The bid was set to $20.00 a click and the keywords were forex based. My keywords had been deleted.

 My nerves started to calm as I realized my Adwords account had been hacked. I thought surely Google would have a record of the hacker who accessed my account. They would be able to tell it was not me who made those changes. At that point, I knew they would credit my account for the charges in question.

I immediately contacted Google. They had never heard of any account being hacked, so my issue was escalated to the top level team for a click fraud investigation. The next day they gave me word that they were still investigating but the preliminary result was a confirmed case of an account hijacking. They shut down my account, and advised me to move everything over into a new account. Thank god for the Adwords Editor! You’ve got to love copy and paste.

I contacted my credit card company and they cancelled my card and established a new one to be sent out in the mail.

Upon completion of the investigation Google informed me that the account had indeed been hijacked, and advised me how to avoid such a hijacking in the future. I asked if they had the IP address of the hacker, but they said they did not.

I was curious because I do have several employees with access to that account and I wanted to be sure they were not responsible. In the process of communications with Google, they accidentally leaked an internal email that had the IP address in it. I looked it up and it was in the Netherlands. No surprises there. At least I know my employees are honest.

So how can you protect your Adwords account from being hacked? I have put together a few tips

1. Have everyone who works in your account use a separate username and password. This way if one password is compromised you can just eliminate one user’s access. This also simplifies things if you have to fire an employee, because you just take one user’s access away and everyone else’s passwords stay the same. This was the main thing Google advised us to do in the future. You can give other users access to your account under the Account tab through the Access link.
2. Use randomly generated passwords like those that are generated using Roboform. The password that was compromised was one of those made up ones that are easy to remember. Even though it had 2 numerals in it, it was much easier to break than one that is randomly generated.
3. Keep your budgeting in place. You should set your campaign budgets about twice what they usually spend. This way you will not lose money by hitting your budget, but nothing will run away from you. (unless the hacker raises your budget like mine did, but budgeting could protect you from a lazy hacker who forgets this step)
4. Have someone check on your account on a daily basis. The person who hacked our Adwords account clearly planned the change over the weekend to maximize the traffic he would get out of it. It was changed late Friday night, and I did not discover it until Monday morning. He also chose a forgotten campaign in the hopes it would not be noticed. It had not received any clicks in over a month.

In looking back on this event, I realize that it did not turn out so badly. Google recognized the account was hijacked and credited the account. The Adwords Editor made it relatively easy to move all our campaigns into a new account. The credit card did not get compromised before it was cancelled. It was not that bad for me, but it could have been much worse.

What if the hacker had simply replaced my affiliate ID with his own across all of our campaigns? I might have been managing his campaigns for a week before I even noticed, and I doubt Google would have given us credit in that scenario.

Advertisers beware and protect your account access. Even Google gets hacked now and then.

• Advertisement