My adwords account was hacked and incurred a cost of $5938.04 in one day

This is scary Stuff.

Not sure how it happened, but my adwords account was hacked and incurred a cost of $5938.04 in one day, Google noticed the abnormal activity and has frozen the account pending an investigation

I have been reassured that I will Not be responsible for for the debt, however, My account has been locked pending the investigation (for up to 14 days)

Here are some tips from Google for preventing this from happening:

Common techniques below that a criminal could use to
obtain access to your account. Please keep these in mind in the future so
that you can guard against them.

I. Phishing

Phishing is an attempt to fraudulently acquire sensitive information, such
as usernames, passwords, or credit card details, by masquerading as a
trustworthy entity. For example, there are reports of phishing emails that
falsely appear to be from " These fraudulent
emails ask users to update their billing information, take action on a
disapproved ad, edit their account, or accept new AdWords terms and
conditions. In some cases, the links may lead to websites that install
malware onto your computer.

Please remember that Google's AdWords team will never send an unsolicited
message asking for your password or other sensitive information by email
or through a link. If you've received a phishing email that attempts to
fraudulently collect passwords, credit card numbers, or other sensitive
information, please report it to us immediately by completing the Report
Phishing Form at
http://adwords.google.com/support/bin/request.py?ctx=cuffhelp&contact_type=phishing.

Tips to protect yourself from phishing:

1. Don't reply to, or click links within, emails that ask for personal,
financial, or account information.
2. Check the message headers. The 'From:' address and the 'Return-path'
should reference the same source.
3. Instead of clicking the links in emails, go to the websites directly by
typing the web address into your browser, cut and paste, or use bookmarks.
4. If on a secure page, look for "https" at the beginning of the URL and
the padlock icon in the browser.
5. Use a browser that has a phishing filter (Firefox, Internet Explorer,
or Opera).
6. Use strong passwords. A strong password should be unique; include
letters, numbers, and symbols; and be changed regularly.
7. If you ever need to change your account information, such as your
billing details or your password, you should always sign in to your
account from the main AdWords login page (https://adwords.google.com) and
make the changes directly within your account.

For more information on phishing, please visit
https://adwords.google.com/support/bin/answer.py?answer=93198&topic=9146.

II. Malware

Malware is malicious software that attempts to steal sensitive information
from your computer, send spam, or commit fraud. To protect your computer
from malware, keep your computer's antivirus, spyware, browser, and
security patches up to date and regularly run system scans. If you need
more information about software that can help detect and remove malware
from your computer, visit
http://www.google.com/support/bin/answer.py?answer=8091&topic=13929.

III. Unauthorized access

Someone may have gained access to your computer and made changes to your
account when your computer was left unattended.

For more information, visit OnGuardOnline.gov, which provides practical
tips from the United States federal government and the technology industry
to help you be on guard, secure your computer, and protect your personal
information against internet fraud.

 

That's terrible. But i think it should be easy to find what site was using it, right?

 

Yeah, report the site it was advertising to for sure.

 

Have to be careful. I always suggest that the prepay option is the best. Nonetheless Google are generally very supportive.

 

wow, that's scary!!! thanks for the protection info

 

Any idea what they used you account for?

 

probably just some bot clicking his links over and over thousands of times.

 

Or signing him up for a very expensive CTR campaign for their own site so that their link appears in first spot all the time and will recieve thousands of clicks an hour.

 

Seems that more and more accounts are being compromised...mine included!

 

impossible. you would have to have a very aged account with lots of history to even be able to spend $5k in a day. anyone who has been around that long wouldn't fall for a phishing scam. I get about 5 of these scams a day wanting me to give up my adwords pw.

 

Google won't even let me into my account until the investigation is over so I can't see what campaigns were set up.

I am positive that I DID NOT fall for a phishing scam (I've been around this game long enough)

Anyway, I'll just have to wait it out

 

Do you have a strong password? involving uppercase, lowercase, and characters and numbers... a weak password only leads to an easy opening :S

 

Wow thats horrible.

 

yeap, 12 letters and 5 digits (and No, it is not a birth date or something lame like that)

 

It's not even close to "impossible". You don't need an "aged" account to spend $5K a day.

 

That's damn bad luck.

It always blows me away that why someone that comes up with these rip off hacking ideas (plus has the know how to pull it off), would bother doing it. They could surely make a fortune in honest online activities because they obviously have brains!

Hope they sort your account out soon.

 

I got to thinking, and now I have a theory...

I was trying to figure out why someone would go through all the trouble for no financial gain, and then something hit me like a Lightening Bolt.

Google informed me that my account was AUTOMATICALLY LOCKED when the adwords system detected the abnormal activity

However, when adwords support finally let me back into my account (today), I could see everything in the campaign EXCEPT the KEYWORDS, because they were all deleted.
_________________________________________________________________________________________________

3 adgroups were created with a total of 173 keywords across all 3, Unfortunately all keywords have been deleted so I am not able to see what they were.

In each adgroup there was 1 ad variation which simply had the letter S as the title and the letter S on each line of the description

The destination and display URL was http://www.S.com (which goes nowhere)

The search network and Content network were turned on

Max cpc was set at $100.00

Max daily budget was set at $10,000
___________________________________________________________________________________________________

So I started thinking, how did those keywords get deleted if my account was automatically LOCKED while the campaign was running.

Here's my theory.... Google deleted them so I would not see them!

Why?

Because the cost per click ranged between $15.77 to 29.78 (yes you saw that right, $15.77 to 29.78 per click) and Google doesn't want Me (or anyone) to know what keywords are that Valuable

Why?

Because I (or anyone) could start building websites around those keywords and throw on some adsense ads.

That's when the lightening Bolt hit me!

I bet that whoever hacked my account was in fact after that very information

They throw in a whack of keywords that they suspect might be expensive (and therefore valuable on an "made for adsense site") then they monitor the account closely and gather up the information, and it doesn't cost them a dime!

That's my story and I'm stickin' to it!

 

I could see everything that took place in my account. They just added high priced keywords and were sending (I guess would have sent) people to sites with ads/affiliate links. That's how they attempt to make $$$.

 

Thanks for the warning and the great info everyone.

These days hacking is a hobby more than anything, Too bad that dumb$&# that did that didn't realize jail was coming. Google will catch em'

 

Vstar, I don't know about the keword research. 173 keywords isn't enough for them to be learning much. They would have used 1000s. How about this spin on the scenario. They have 173 keyword optimized pages or websites with adsense ads on them. They choose somewhat less common keywords so there aren't lots of sites competing with them for the content network. Then they compromise several accounts in adwords simultaneously so they can bid up the CPC they will receive from their adsense ads. They drive traffic via other means to their adsense pages. If the keywords are uncommon, they can get a high percentage of the money you spent. What do you think?