When AdWords Users Get Phished
We’re all familiar with phishing schemes: an email urging you to login to your PayPal account at this URL (which doesn’t turn out to be PayPal or eBay at all), etc. Most of us have seen enough of these—and enough horror stories circulating on the web or the nightly news—to avoid these scams.
But not everyone has. A post on Google Blogoscoped details the aftermath of one such phishing expedition. After receiving an official-looking email apparently from Google AdWords, one AdWords account owner clicked through on the link and entered his login information. The email had urged him to renew his account before it was deactivated, but he couldn’t find anywhere to do that once he was logged in.
A few weeks later, this AdWords owner noticed some strange things while checking his AdWords account. Considering he only had one campaign set up, it probably wasn’t hard to notice the dozens of other campaigns that had suddenly popped up in his account, which included campaigns for such things as “fast cash” and “pay day loans,” all with a max CPC of $6.25.
Fortunately for this account owner, all of the campaigns had been stopped even before he’d discovered them. He says the response from Google on this issue was that “they have several systems in place which Flags [sic] any ‘unusual account activity’ which immediately stops all ads running until they have the time to check into it.”
In this case, the filters certainly saved the account owner some serious money. But now we have to wonder what it would take to trip these filters, and whether your average user (or average power user) could accidentally make Google stop their campaigns until Google has the time to look into it further.
Good on Google for preventing scammers from taking advantage of this guy—but do we have something to worry about now?