| AdWords Account Security
At some point, most people have had some sort of encounter with internet scams, viruses, spyware or other security problems. Hackers and scam artists are a pervasive reality in today's world and making assumptions about security is unwise. A pay per click account makes an attractive target to a technically savvy criminal and gaining access to someone's account allows them to promote their schemes at someone else's expense. Originally trained in Network Security, I have always taken such precautions very seriously and now even more so, since a recent fraudulent act affected one of our client's accounts.
Early this summer I arrived at the office on a Monday morning and proceeded to check my weekend mail. Two emails caught my attention right away. The first from AdWords, informing us that the client's credit card was declined and the second, from the client asking " What is the campaign "Qwasde" - Campaign #1"?
Upon reading that came the realization that this account had been hacked. This was further confirmed by a review of the account's recent activity. I discovered that on the previous Friday someone had created this new, innocuously named Campaign #1 with a daily budget of $7000. It contained only the single "Qwasde" ad group, with a single ad:
No doubt this was intended to phish for bank account details of anyone unwisely clicking on this ad.
This hacker was pretty slick. The whole scam was set up late in the day on Friday, when it was less likely to be detected. The domain the ad was directed at was registered in Australia to a "resident" of New Jersey. The website was put up on Friday and gone by Monday morning and in 2 days the ad generated $13,000 in click charges.
I immediately called Google and an investigation was initiated. They agreed this looked like fraudulent activity and promised to contact us with their investigation results within a few days.
Concerned about the means by which this person gained access, I checked my security for any indications of a breach. Finding nothing unusual in my own logs, I then contacted the client with instructions for locking down and cleaning his computer system, advising him to change any sensitive passwords in case his system was infected.
Google got back to us a couple of days later confirming the results and promising to refund the client's money. This was good news, as it appeared the fallout from this would be limited to a loss of only a week or so in the client's Google marketing initiative. In reality though, this had a far greater impact.
According to Google, the account needs to remain inactive until the refund process reaches completion. This took place nearly 2 months ago and still there is no sign of the refund. The account is still frozen. Google has no ETA on completion of this process; apparently their refund department has a huge backlog, due to the numerous email phishing scams that keep cropping up.
We still haven't figured out how the breach occurred. For my part, I think it's possible the client inadvertently became a victim of the phishing scam.
This scam is similar in some respects to the Paypal phishing scam of 2 years ago. It's pretty slick and can easily fool the uninformed. In fact, another of our clients with an AdWords account received an email some months ago asking me what to do with it and I had them forward a copy of the email to me. Thankfully, they hadn't clicked on the link, as it was indeed one of these scams.
Here is the email they had received:
-----Original Message-----
From: Google AdWords [mailto:adwords-noreply@google.com] Sent: Sunday, May 25, 2008 4:49 PM
To: xxxxxxxxxxx
Subject: Google AdWords Account Verification Email
Dear Google AdWords customer!
In order to confirm your contact details, please click the link below:
Google AdWords Form
This should take you directly to the Google AdWords Form.
Thank you for choosing AdWords. We look forward to providing you with the most effective advertising available.
Sincerely, The Google AdWords Team ------------------------
This particular scam differs from most emails of its kind because it looks like a legitimate AdWords support email. Also it lacks the spelling and grammatical errors common to spam n' scam emails.
There is a tell tale flaw though:
In the original email if you mouse over the link, you would see it is not actually pointing to google.com but rather to google.com.adwdl.org.uk, a completely different domain and unrelated to Google.
Other email variations report imminent account closure unless account details are verified. Even if you don't provide account details, just following the link can expose your system to malicious software.
Tips to Protect your account
Here are some guidelines to help keep your account secure. Bear in mind this is best practice for security of any sensitive financial, business or personal information, not just AdWords.
- Google will NEVER ask for your account information by email; they won't even ask for your password on the phone. All they ever ask for whenever I phone them is the 10 digit account number. They don't need any other information to open up the account for viewing. Most legitimate enterprises don't need your login details, so if someone requests them, be very cautious.
- If you receive notification about something you didn't initiate, likely this is about something not to your benefit. i.e.: receiving a confirmation of a password change when you didn't change your password, etc.
- Always use security solutions and keep them up to date. Virus protection, firewall and spyware protection are vital for any system that connects to the internet.
- Use strong passwords. Weak passwords, while easy to remember, are also very easy for password cracking programs. A strong password contains both alphabetical and numeric characters and utilizes capitalization, length and special characters. As well, stronger passwords don't use recognizable or easy to guess words.
Examples: lame password = your name, password (the actual word) or 123456; weak password = date of birth, newgirl22, ItsaSecret, p@$$word; strong password = tP%m34!pX
- Use different passwords. If you use the same password because it's easier to remember, then everything you do becomes compromised if any forums or sites you use become breached. I have hundreds of logins and passwords, so I use RoboForm to securely store them. This type of program can also reduce vulnerability to keylogger type spyware.
- Keep the number of account users with administrative access to the minimum necessary. The more people who have access, the greater the chance of an information leak.
- Turning your computer off or disconnecting from the internet when you are done using it greatly reduces the chance of bad things happening unnoticed.
- Don't send login or password information by insecure means such as email or instant messaging. Generally if I have to pass on that sort of info, I always do it by phone.
- Monitor your account regularly; particularly at the end of the week and take random peeks on the weekends. It only takes a minute to log on and check for abnormal account activity.
The most important thing to remember is that there are people out there who will rob you blind if you leave yourself open, so a modicum of paranoia along with a bit of common sense will go a long way to saving yourself some real hassle.
by Tim Rule, PPC Specialist
| Yahoo Hires Former Microsoft Exec
In an effort to help out Yahoo with its revenue problems, Yahoo has hired Joanne Bradford, a former Microsoft Corp. Executive.
Yahoo announced the recent hire in a press release Tuesday. Bradford was Microsoft's head of their Media Network and resigned back in March after a 7 year stint with the software giant. She then joined Spot Runner Inc as their Executive Vice President of National Advertising Services before being swept up by Yahoo.
"My decision to come to Yahoo! was simple because there is no other company that combines one of the world's most recognizable brands with unparalleled reach, industry-leading products and programming, and a full spectrum of advertising offerings for marketers," said Bradford. "I am convinced that the very best days for this company are ahead, and I want to leverage my experience in programming, distribution, and selling to help Yahoo! take this business to the next level."
Bradford will be assigned the title of Senior Vice President of U.S. Revenue and Market Department. A rather large title probably compensated with an equally large pay check.
by Scott Van Achte, Senior SEO | Google Results and WebPosition Gold
For those of you out there who use WebPosition Gold, you will be happy to know that it is now properly reporting on Google results. While news had circulated all over the forums and various SE News sites that WebPosition had been banned by Google, apparently this simply was not true.
Supposedly Google had changed the way in which they display results within the HTML of the site, a change not visible on the site when performing a search. As a result of this change, it essentially broke WebPosition, and the software then required some updating to correct the issue. Back in August Google posted to the official GoogleBlog that they were testing a number of items within the search results. One test included creating slightly more whitespace between the first and second listings. It is some of the small HTML changes like these that are likely the culprit to the temporary down time experienced by WebPosition.
As of earlier this month, the leader in reporting software did in fact complete the update and now reported results do appear to be correct. While there is much speculation as to how long reporting software will continue to work without being permanently banned by Google, for now, things are working once again.
by Scott Van Achte, Senior SEO | Google and Your Private Data
Like most websites Google keeps a log of IP addresses in order to track visitor behavior, and to help serve up more useful ad targeting. Previously they held onto this non-identifying information for 18 months following your visit to their site. Over the past couple of years regulators and policymakers have had privacy concerns over the storage of this data, and as a result Google has cut the time it holds onto this information by half, down to 9 months. Peter Fleischer, Google's global privacy counsel was noted as saying: "Finding the right balance between data retention and privacy is a tough issue for policymakers, Google and our industry. There is great utility in data, but we also believe that limiting the amount and types of data we keep can improve privacy while continuing to provide a strong user experience. Anonymizing the data earlier will have costs, particularly in terms of future search quality improvements. But our engineers are working hard to minimize those losses."
by Scott Van Achte, Senior SEO
| The Net Reality Evolution of the Web:
Since it's conception the Web has evolved from being used mostly for text and a social platform to now becoming, according to Chris Shipley, a "distributed Web" where in essence we can access what we want, when we want from anywhere at any time using any device.
In viewing some of the emerging technologies being showcased at DEMO.com held in San Diego, CA this past weekend Alerts.com is one service most of us, especially sports fans need to sign up for. Just as its name implies one can ask for an alert, on any device such as your phone, notifying you for example every time the score of a game changes.
One product, introduced by Real Networks, I know my boss as well as many of my co-workers will want to use is RealDVD. The software, available later this month, allows you to save your DVDs to your PC which will then allow you to watch the DVD whenever and wherever you want without the disc/s.
For more information on these and other products being demoed view Sam Diaz's blog; it is well worth the read. By Anita Sperrer, Office Manager
| | | | | | Top Web Marketing Articles from StepForth
| |
No comments:
Post a Comment