Posted June 19, 2008 4:16 pm by with 11 comments

Tweet about this on TwitterShare on LinkedInShare on Google+Share on FacebookBuffer this page

We’re all familiar with phishing schemes: an email urging you to login to your PayPal account at this URL (which doesn’t turn out to be PayPal or eBay at all), etc. Most of us have seen enough of these—and enough horror stories circulating on the web or the nightly news—to avoid these scams.

But not everyone has. A post on Google Blogoscoped details the aftermath of one such phishing expedition. After receiving an official-looking email apparently from Google AdWords, one AdWords account owner clicked through on the link and entered his login information. The email had urged him to renew his account before it was deactivated, but he couldn’t find anywhere to do that once he was logged in.

A few weeks later, this AdWords owner noticed some strange things while checking his AdWords account. Considering he only had one campaign set up, it probably wasn’t hard to notice the dozens of other campaigns that had suddenly popped up in his account, which included campaigns for such things as “fast cash” and “pay day loans,” all with a max CPC of $6.25.

Fortunately for this account owner, all of the campaigns had been stopped even before he’d discovered them. He says the response from Google on this issue was that “they have several systems in place which Flags [sic] any ‘unusual account activity’ which immediately stops all ads running until they have the time to check into it.”

In this case, the filters certainly saved the account owner some serious money. But now we have to wonder what it would take to trip these filters, and whether your average user (or average power user) could accidentally make Google stop their campaigns until Google has the time to look into it further.

Good on Google for preventing scammers from taking advantage of this guy—but do we have something to worry about now?

  • Good catch by G for sure. They’re software does seem to get smarter all the time. In this case, I don’t think it would be a problem for a legitimate AdWords user. A quick email or phone call to support, would resolve such an ad stoppage pretty quick I would think.

    Top Rated’s last blog post..Absolutely The Best Point And Shoot Digital Camera

  • PS3

    I’m not sure how many other organisations would have been so quick to put a stop to that, would eBay for example?

    I almost got caught myself with a mail about an eBay item that had not been paid for. It followed one of my auctions, very clever. Damn phishers.

  • Yep, that was a good one from Google. At least this area I do hope that the s/w can become more intelligent.

  • I don’t think we or anyone has anything to worry about. Thanks for the story, I feel a lot better about using AdWords – I think I may have opened that email and logged in too.

    I trust Google products (probably too much) and feel bad for the guy that gets caught using Google to run a scam – his poor websites wouldn’t have a chance.

  • Thanks, I use AdWords and never was fished, but now it seems I must be very careful. I don’t want to give all credence to Google filters.

  • I think that a lot more publicity to such scamming has to be given to bloggers. Perhaps a dedicated blog from someone knowledgeable? Any takers?

    Nicole Price’s last blog post..Bag It!

  • I agree with you, Nicole. More information is needed. Forewarned is forearmed, one can not rely on filters to save your bacon, and I doubt if Google will be generous enough to wipe the account clean if something like this did happen.

  • I get these google-phishing mails at least once a week, telling me that there were some problems with my credit card. I must admit i was concerned. of course i am VERY aware of phishing and looked at the email-sourcecode immideately. But i am sure 99% of adwords-users dont have the knowledge to check it out that fast.
    And if google already has filters in place to detect this, then there must be a lot of successful cases in the past.

  • jdmartindale

    The only thing a regular user has to worry about is unusual account activity. Same thing that my bank does when they notice unusual transactions, they put a stop to the transaction until receive confirmation that the purchase was valid.

    We get a good story about a feature of Google’s working and all people do is complain that maybe their account, might one day get shut down for a couple hours because of a legitimate purchase? What is wrong with people?

  • Pingback: Internet Defense Technology » » Google AdWords Phishing()

  • Pingback: Google AdWords Phishing – Questa Volta()