Adwords Account Compromised |
9/23/08 - 8pm |
I recently had my Adwords account compromised. Since there is little accessible information on this process, I’ll try to shine some light on the experience.
One day I logged into my adwords account and found a new campaign (entitled ‘Electronics’) inside of my account. It is worth mentioning that even though this campaign burned through a couple thousand dollars, it did not appear on my Account Snapshot screen or chart. This is because my account snapshot was set to display the metrics of a certain campaign. I have since set this to display data from “All Online Campaigns”, that way if this issue arose again, I could quickly spot it from this page.
Not too difficult to spot the problem area, eh?
The new campaign contained 3 Ad Groups and burned through a total of $2,377.61. The ads were linking to the site world-el.com, an obvious scam site selling electronics gear. All of the bids were at $1.00 and were hitting terms like “cell phone”, “iphone”, and “digital camera” with a $2,900/day budget.
Upon seeing the campaign, I immediately paused it, changed my Google password, and called Adwords support @ 1-866-246-6453 (not an easy # to track down.) The representative I spoke to immediately forwarded the account to their “specialist team” and the account was suspended by the end of the day. By suspended I mean that the entire account was shutdown and even my legitimate campaigns were not allowed to show ads. Here is the email I received:
On the phone we discussed how you detected an unauthorized campaign in
your AdWords account. I’ve forwarded your complaint to our Specialist team for investigation. As a precaution, your account will be suspended during our investigation, which may take up to several business days. At the end of our investigation, we’ll reactivate your account and reimburse you for any costs accrued due to the unauthorized activity. I’ll email you at that point to let you know the result.
Nothing happened for the next 3 days, at which point I received this email:
Thanks for your continued patience. Our AdWords Specialists have performed a thorough investigation of your account CID ————, and I’ll detail our findings and recommendations below.
WHAT WE FOUND
It appears that your account was compromised between - via login email ——–. During that time, unauthorized activity caused $2,377.61 to accrue on your AdWords account. The following campaign shows unauthorized changes: ‘Electronics’. However, the unauthorized activity was not charged to your credit card/bank account.
RECOMMENDED ACTIONS
1. Please delete the compromised campaign and recreate your original ads in a new campaign.
2. We strongly recommend scanning your computer for malware and changing your Google Account password. Be sure to clean your system first, and then change your password, as malware could capture your new password if the malware is still present within your computer.
3. In order to prevent any further unauthorized charges, your account has been temporarily suspended until we institute one of your two ‘unauthorized charge options’ detailed below.
UNAUTHORIZED CHARGE OPTIONS
You have two choices to clear out the pending unauthorized charges on the account:
1. AdWords credit: We can reactivate the account, allow the charges to go through, and your credit card will be charged. We will then apply a credit for the charges to be used for future clicks shortly thereafter.
2. Write-off: We can process a write-off for the unauthorized activity, which can take several days. Once the write-off has been processed, we can reactivate the account. Please note that the write-off will appear on your Billing Summary page.
Please reply to this email and let me know which option you prefer, along with any additional questions or concerns you might have. Thanks again for your patience and understanding.
I went with option 1 to speed the re-activation of the account. The next day I received this email:
Thanks again for your patience. Our investigation is complete, and your account has been reactivated. We’re processing an AdWords credit, which will appear on your account soon.
Please note that you will be prompted to change your Google Account password the next time you sign in to your account.
In addition, all your campaigns have been paused to allow you to make any necessary changes. We also recommend reviewing and making any desired changes to your account settings.
My account was re-activated this same day. However, for the next several days my account fell under the Adwords Account Review of being limited to $50/day spend. This took some more back & forth emailing between me and the Adwords Support to get resolved.
How was my Adwords account hacked?
Well, it certainly wasn’t from a phishing attempt. I can honestly say that I’m not sure how my account was compromised. I have scanned all of my machines and come up with nothing. (all I can think of was the use of un-encrypted coffee shop wifi a few days before) In any case, the issue has now been resolved and other than being down for 4 days of advertising, there have been no lasting problems with the account.