You MUST be careful in setting up your usernames and passwords to make
sure they are not easily hacked. Also do not answer any emails you
get from Google re: login info, updating CC info, changing passwords
for security reasons, etc. There are so many phishing scams flying
around and you must all be extremely careful. This problem is not
solely one Google AdWords users experience. They are widespread on
the internet and your first line of defence is to be proactive. If
your password is not strong i.e. containing letters and numbers I
would consider an immediate change. AND.....ANY email you receive
appearing from Goggle should be considered suspicious (to be on the
safe side) and do not click any links within the email because malware
can be installed on your computer. If you receive an email appearing
from Google asking for you to change your password or update your CC
or check your account because your CC is declined, open a new browser
window and log into AdWords to check things out....no not click the
links in the email.
> Please keep us updated on this. I been on the net 30 years and never
> had anything hacked. much less email. This is simply to targeted, to
> focused. Is yahoo ads being hacked this way? If not, there is noway on
> earth it's not an inside job.
> On Aug 9, 9:11 pm, apple1 wrote:
> > Hello,
> > Yesterday and today Aug. 8 and 9 of 2008 two charges to my cc account
> > totaling about $2300 were made for my account.
> > someone set up campaign #5 called "surgry" for a money lending
> > company:
> > Loans - Up to $1500
> > $1500 Wired to Your Bank in 1 Hour.
> > Faster, Cheaper, Better.www.My-fast-loans.net
> > with each click costing about $6.98.
> > I have contacted my bank and they are not going to process the
> > charges.
> > And I have changed my password.
> > How can someone get into my account and create a new campaign and
> > start advertising?
> > Luckily, my bank called me because the charges looked suspicious.
> > Better check your ad accounts every day!
> > Something is definitely wrong here.- Hide quoted text -
I just went to check my bank accounts today and saw a massive google
charge. I have not been running any campaigns. The money was not in
my account. This was linked directly to my bank account as well.
Apparently someone was playing in my account on August 5th to the tune
of over $5,200. I have reported it - but want to know how these
matters are treated. I don't plan on running a campaign at this time,
but I'd hate to get my whole account shut down - email and knols etc.
I have been working on building sites as I can't even afford PPC right
now.
At least you got an address to link to. Who ever was in my account
deleted all the keywords they were using and the ad. All that is left
is a campaign name and a bill. I have been in tears over this. I
hope google is able to go in there and scrape up who did this and
where it came from.
I have changed my password, but don't know if there is anything else I
can do. It is Sunday and I just want to get on the phone with
someone. :(
Had you received an email from Google recently? any email where you
clicked the link and then signed in? I am curious as to how these
scum bags are getting into people accounts and doing their dirty
work. It is very distressing to me and I will be sending out a major
warning to ALL my clients to watch out.
I'll be intersted to know, we need to get to the bottom of this
one...my hunch is that someone was phishing and you got hooked...you
poor thing....
*********Come one Google what can we do?
This is getting worse and worse and something needs to be
done....perhaps the Credit Card or bank info needs to be re-entered
each time there is a budget change? Most advertisers watch their
accounts closely and there are few who have a 5,200 daily budget so
obviously the daily/monthly budget is being changed before the dirty
work get started so an extra check to make sure the changes are being
made by the account holder seems prudent considering what is currently
happending to obviously too many good people.
> I just went to check my bank accounts today and saw a massive google
> charge. I have not been running any campaigns. The money was not in
> my account. This was linked directly to my bank account as well.
> Apparently someone was playing in my account on August 5th to the tune
> of over $5,200. I have reported it - but want to know how these
> matters are treated. I don't plan on running a campaign at this time,
> but I'd hate to get my whole account shut down - email and knols etc.
> I have been working on building sites as I can't even afford PPC right
> now.
> At least you got an address to link to. Who ever was in my account
> deleted all the keywords they were using and the ad. All that is left
> is a campaign name and a bill. I have been in tears over this. I
> hope google is able to go in there and scrape up who did this and
> where it came from.
> I have changed my password, but don't know if there is anything else I
> can do. It is Sunday and I just want to get on the phone with
> someone. :(
When I found that mine had been hacked, the campaign was actually
still running. I paused it and changed my password, etc. I've got
the website address that the ad was created for but I have no way of
knowing if the whois on the domain is a real name and address. I
filed a police report and I got the impression that not much could be
done on their end.
I have never answered any emails to "check your adwords account", etc.
So I don't it was due to phishing in my case.
I'm just glad that my credit card company isn't making me pay the
$2900 or so that was charged on my account.
> Had you received an email from Google recently? any email where you
> clicked the link and then signed in? I am curious as to how these
> scum bags are getting into people accounts and doing their dirty
> work. It is very distressing to me and I will be sending out a major
> warning to ALL my clients to watch out.
> I'll be intersted to know, we need to get to the bottom of this
> one...my hunch is that someone was phishing and you got hooked...you
> poor thing....
> *********Come one Google what can we do?
> This is getting worse and worse and something needs to be
> done....perhaps the Credit Card or bank info needs to be re-entered
> each time there is a budget change? Most advertisers watch their
> accounts closely and there are few who have a 5,200 daily budget so
> obviously the daily/monthly budget is being changed before the dirty
> work get started so an extra check to make sure the changes are being
> made by the account holder seems prudent considering what is currently
> happending to obviously too many good people.
> > I just went to check my bank accounts today and saw a massive google
> > charge. I have not been running any campaigns. The money was not in
> > my account. This was linked directly to my bank account as well.
> > Apparently someone was playing in my account on August 5th to the tune
> > of over $5,200. I have reported it - but want to know how these
> > matters are treated. I don't plan on running a campaign at this time,
> > but I'd hate to get my whole account shut down - email and knols etc.
> > I have been working on building sites as I can't even afford PPC right
> > now.
> > At least you got an address to link to. Who ever was in my account
> > deleted all the keywords they were using and the ad. All that is left
> > is a campaign name and a bill. I have been in tears over this. I
> > hope google is able to go in there and scrape up who did this and
> > where it came from.
> > I have changed my password, but don't know if there is anything else I
> > can do. It is Sunday and I just want to get on the phone with
> > someone. :(
First off, I am truly sorry that this has occurred in your accounts,
and I agree that it is exceedingly unfortunate and worrisome. Having
had my own credit card number stolen at one point (almost certainly
through a brick and mortar store rather than online) I am familiar
with how this feels, even though it is not exactly the same thing -
and it is anything but good.
I regret the concern and even fear that this causes, though I would
like to assure you all that that you will not be responsible for
charges accrued in 'fraudulent' campaigns that you did not create. So
I hope you will rest easy on that point.
It is exactly the right thing to do to contact your bank and the
AdWords support team directly, too, of course, so they can start
working on it from this end.
MrsC, I absolutely share your concern - and I will pass your specific
suggestions along to the right teams. Although I am not in the product
development end of things, your idea about re-entering one's credit
card when a substantial budget change certainly seems to have merit.
(I do strongly suspect from past experience, though, that many of the
vast majority of advertisers who have not been effected by what those
in this thread have experienced, would see this as a 'needless'
inconvenience - especially if making budget changes from outside their
actual account UI.)
Since this sort of thing does appear to most often result from a
unrecognized phishing 'attack', I've included some information below
for the benefit of anyone reading this thread who is wondering how to
protect themselves.
Thanks for the message in this thread! I am sure it will annoy some
people to have to re-enter the billing information but something needs
to be done. Perhaps just the last 4 digits of the CC. Perhaps it
should be restricted to budget changes of over 50.00.
No matter what the problem seems to be getting worse and it is not
just bad for the advertisers, time consuming and stressful for them to
prove their case but I can imagine you at Google are not to happy
about it either. AND think if the ledgit advertisers that are losing
position to these crooks...it is a loose, loose situation all across
the board.
I can't imagine that Google will loose customers by making them re-
enter the CC when a budget change is made but I can imagine them
loosing advertisers who have had a big scare.
Unfortunately the warnings about the phishing emails are not being
heard by everyone. Perhaps a big warning to all new customers during
their sign-up process would also be a good idea too.
> First off, I am truly sorry that this has occurred in your accounts,
> and I agree that it is exceedingly unfortunate and worrisome. Having
> had my own credit card number stolen at one point (almost certainly
> through a brick and mortar store rather than online) I am familiar
> with how this feels, even though it is not exactly the same thing -
> and it is anything but good.
> I regret the concern and even fear that this causes, though I would
> like to assure you all that that you will not be responsible for
> charges accrued in 'fraudulent' campaigns that you did not create. So
> I hope you will rest easy on that point.
> It is exactly the right thing to do to contact your bank and the
> AdWords support team directly, too, of course, so they can start
> working on it from this end.
> MrsC, I absolutely share your concern - and I will pass your specific
> suggestions along to the right teams. Although I am not in the product
> development end of things, your idea about re-entering one's credit
> card when a substantial budget change certainly seems to have merit.
> (I do strongly suspect from past experience, though, that many of the
> vast majority of advertisers who have not been effected by what those
> in this thread have experienced, would see this as a 'needless'
> inconvenience - especially if making budget changes from outside their
> actual account UI.)
> Since this sort of thing does appear to most often result from a
> unrecognized phishing 'attack', I've included some information below
> for the benefit of anyone reading this thread who is wondering how to
> protect themselves.
I just discovered my account has been compromised and found this
thread after some digging on the web...
I changed my password and send a report through the Contact Us form
(although I have not heard back from Google at this point). My account
had racked up >$1600 at the time I paused it with an add pointing to
spyware2remover[.]net (the site is still up and running).
The part that strikes me the most is that I have not logged into the
account for at least 6 months (if not a year). The account is still
set up under an e-mail username (that is, not a gmail username like
you are forced to do now). There is absolutely no possibility of
phishing simply because I have not type my login information anywhere
in the last >6 months at least.
They must be stealing login information from somewhere, or maybe brute-
forcing it...
> First off, I am truly sorry that this has occurred in your accounts,
> and I agree that it is exceedingly unfortunate and worrisome. Having
> had my own credit card number stolen at one point (almost certainly
> through a brick and mortar store rather than online) I am familiar
> with how this feels, even though it is not exactly the same thing -
> and it is anything but good.
> I regret the concern and even fear that this causes, though I would
> like to assure you all that that you will not be responsible for
> charges accrued in 'fraudulent' campaigns that you did not create. So
> I hope you will rest easy on that point.
> It is exactly the right thing to do to contact your bank and the
> AdWords support team directly, too, of course, so they can start
> working on it from this end.
> MrsC, I absolutely share your concern - and I will pass your specific
> suggestions along to the right teams. Although I am not in the product
> development end of things, your idea about re-entering one's credit
> card when a substantial budget change certainly seems to have merit.
> (I do strongly suspect from past experience, though, that many of the
> vast majority of advertisers who have not been effected by what those
> in this thread have experienced, would see this as a 'needless'
> inconvenience - especially if making budget changes from outside their
> actual account UI.)
> Since this sort of thing does appear to most often result from a
> unrecognized phishing 'attack', I've included some information below
> for the benefit of anyone reading this thread who is wondering how to
> protect themselves.
I missed one important detail - the only reason I discover this issue
was that I got an e-mail from AdWords telling me that they could not
charge $xxx to the credit card on file... I guess if they did not try
to charge me this soon, I would still be piling up rouge charges on my
account...
> I just discovered my account has been compromised and found this
> thread after some digging on the web...
> I changed my password and send a report through the Contact Us form
> (although I have not heard back from Google at this point). My account
> had racked up >$1600 at the time I paused it with an add pointing to
> spyware2remover[.]net (the site is still up and running).
> The part that strikes me the most is that I have not logged into the
> account for at least 6 months (if not a year). The account is still
> set up under an e-mail username (that is, not a gmail username like
> you are forced to do now). There is absolutely no possibility of
> phishing simply because I have not type my login information anywhere
> in the last >6 months at least.
> They must be stealing login information from somewhere, or maybe brute-
> forcing it...
> On Aug 12, 9:06 am, AdWordsPro wrote:
> > Hello apple1, imabigboy, and knucklehead,
> > First off, I am truly sorry that this has occurred in your accounts,
> > and I agree that it is exceedingly unfortunate and worrisome. Having
> > had my own credit card number stolen at one point (almost certainly
> > through a brick and mortar store rather than online) I am familiar
> > with how this feels, even though it is not exactly the same thing -
> > and it is anything but good.
> > I regret the concern and even fear that this causes, though I would
> > like to assure you all that that you will not be responsible for
> > charges accrued in 'fraudulent' campaigns that you did not create. So
> > I hope you will rest easy on that point.
> > It is exactly the right thing to do to contact your bank and the
> > AdWords support team directly, too, of course, so they can start
> > working on it from this end.
> > MrsC, I absolutely share your concern - and I will pass your specific
> > suggestions along to the right teams. Although I am not in the product
> > development end of things, your idea about re-entering one's credit
> > card when a substantial budget change certainly seems to have merit.
> > (I do strongly suspect from past experience, though, that many of the
> > vast majority of advertisers who have not been effected by what those
> > in this thread have experienced, would see this as a 'needless'
> > inconvenience - especially if making budget changes from outside their
> > actual account UI.)
> > Since this sort of thing does appear to most often result from a
> > unrecognized phishing 'attack', I've included some information below
> > for the benefit of anyone reading this thread who is wondering how to
> > protect themselves.
I just got found my account had $6000 worth of charges as well, and my
usual bill is around $100. Here's the strange part(s), which I
thought I'd include to help Google out...
1. I haven't answered any emails pretending to be Google. I never
click on links in any email, period.
2. Accounts that had been deleted for months - in one case , years,
were showing billings of $1000 for the month. Deleted accounts!
3. There was one brand-new account set up for a cheap travel
website.
4. My one existing active account, which averaged $100 in billings
per month, suddenly showed $1500 of clicks in just a few days.
For any Google personnel reading this, I did send a complete
description to the Adwords team via the email form and did notify my
CC company regarding the billing. Anything else I can do?
I have removed your post, and then copy/pasted it, verbatim, below my
signature - but minus the URL that you consider to be potentially
dangerous.
As a reminder to all our members: if you feel that a link may be
potentially dangerous, please DO NOT post it in this forum, or any
other public forum. To do so is to put your fellow community members
at risk - and I very much would like to avoid that here.
I just got my statement today and it was 4 times the normal fees. I
went to to Adwords and found that someone had set up a campaign called
DSF that pointed at a site [URL deleted]. I am afraid to go to this
site :) This campaign shows deleted so I can only assume Google
figured it out and shut it down. It looks like $170 was run up in one
day and the account had a $5 dollar a day maximum. I an wondering how
it got so high in one day with a $5 max, why no notification was sent
to me and why the charges weren't removed when the account was
deleted?
I sent an email to Google and we will see what they have to say? Also.
I jacked up my password just in case to strong.
I received the message below today back from Google. It looks like I
am going to be shut down for a few days, this stinks. I hope I never
has to go through this again...
--------------------
Thank you for your continued patience. I understand that you detected
activity in your AdWords account that you didn't authorize. I've
forwarded
your complaint to our Specialist team for investigation. As a
precaution,
your account will be suspended during our investigation, which may
take up
to several business days. At the end of our investigation, we'll
reactivate your account and reimburse you for any costs accrued due to
the
unauthorized activity. I'll email you at that point to let you know
the
result.
RECOMMENDED ACTIONS
1. Check your computer for malware and viruses. Find tips below, under
the
'Malware' heading.
|
