 |
|
 |
|
09.19.08 Keep Your Account Secure  By Timothy Rule At some point, most people have had some sort of encounter with internet scams, viruses, spyware or other security problems. Hackers and scam artists are a pervasive reality in today's world and making assumptions about security is unwise. A pay per click account makes an attractive target to a technically savvy criminal and gaining access to someone's account allows them to promote their schemes at someone else's expense. Originally trained in Network Security, I have always taken such precautions very seriously and now even more so, since a recent fraudulent act affected one of our client's accounts. Early this summer I arrived at the office on a Monday morning and proceeded to check my weekend mail. Two emails caught my attention right away. The first from AdWords, informing us that the client's credit card was declined and the second, from the client asking " What is the campaign "Qwasde" - Campaign #1"? Upon reading that came the realization that this account had been hacked. This was further confirmed by a review of the account's recent activity. I discovered that on the previous Friday someone had created this new, innocuously named Campaign #1 with a daily budget of $7000. It contained only the single "Qwasde" ad group, with a single ad: 
No doubt this was intended to phish for bank account details of anyone unwisely clicking on this ad.
This hacker was pretty slick. The whole scam was set up late in the day on Friday, when it was less likely to be detected. The domain the ad was directed at was registered in Australia to a "resident" of New Jersey. The website was put up on Friday and gone by Monday morning and in 2 days the ad generated $13,000 in click charges. I immediately called Google and an investigation was initiated. They agreed this looked like fraudulent activity and promised to contact us with their investigation results within a few days. Concerned about the means by which this person gained access, I checked my security for any indications of a breach. Finding nothing unusual in my own logs, I then contacted the client with instructions for locking down and cleaning his computer system, advising him to change any sensitive passwords in case his system was infected. Google got back to us a couple of days later confirming the results and promising to refund the client's money. This was good news, as it appeared the fallout from this would be limited to a loss of only a week or so in the client's Google marketing initiative. In reality though, this had a far greater impact. According to Google, the account needs to remain inactive until the refund process reaches completion. This took place nearly 2 months ago and still there is no sign of the refund. The account is still frozen. Google has no ETA on completion of this process; apparently their refund department has a huge backlog, due to the numerous email phishing scams that keep cropping up. We still haven't figured out how the breach occurred. For my part, I think it's possible the client inadvertently became a victim of the phishing scam. This scam is similar in some respects to the Paypal phishing scam of 2 years ago. It's pretty slick and can easily fool the uninformed. In fact, another of our clients with an AdWords account received an email some months ago asking me what to do with it and I had them forward a copy of the email to me. Thankfully, they hadn't clicked on the link, as it was indeed one of these scams. Continue reading this article. About the Author: Timothy is a writer on the StepForth SEO News Blog |
|
| ||
| -- antiSPAMnews
is an iEntry, Inc.
publication -- iEntry, Inc. 2549 Richmond Rd. Lexington KY, 40509 2008 iEntry, Inc. All Rights Reserved | Privacy Policy | Legal | Contact archives | advertising info | news headlines | free newsletters | comments/feedback | submit article |
antiSPAMnews is brought to you by: