Just last week one of my pay-per-click (PPC) advertising clients got hit by fraudulent Google activity; someone logged into their Google AdWords account, set up a new campaign and in a matter of 12 hours, spent $26,000. Google contacted us about the activity, and my client is not liable for the amount spent, but it’s certainly made for quite a bit of frustration, as their AdWords account is off and will be off indefinitely until the write-off gets posted to their account.Beware of Phishing

How did this happen and how can you prevent it from happening to you?

While we’re not 100% positive how exactly the perpetrators got a hold of the client’s Google AdWords login and password in this particular case, here’s how you can protect yourself:

1. Don’t Get Caught by Phishing Emails (three examples of Phishing emails are at the bottom of this Blog): if you get an email that looks like it’s from Google, and requests that you click a link within the email to login, DO NOT click the link. Phishing emails are emails that are web forgery designed to trick you into sharing logins, passwords, personal or financial information. They look official, but are devious. As a general rule, you should never click a link within an email and login to your account. Always open a browser window and type in the desired URL or use bookmarks.

2. Change your password: if you’ve never changed your password before, now is a great time. I know it’s difficult to remember all those passwords, but it’s a better alternative to getting scammed. We’ve started changing our passwords here at JumpFly on a monthly basis.

3. Hire an Experienced PPC Management Company: then you can forward any emails that look like they are from Google AdWords, Yahoo Search Marketing or Microsoft adCenter to your account manager and not have to deal with it at all.

Three Google Phishing Emails that are making the rounds:

~~~~~~ Phishing Scam Email #1 – Start ~~~~~~
From: adwords-noreply@google.com
Subject: Your AdWords Google Account is stopped

This message was sent from a notification-only email address that does not accept incoming email. Please do not reply to this message.

Dear Google AdWords Customer,

Please sign in to your account at http://adwords.google.com/select/login , and update your billing information.

Your account will be reactivated as soon as you update your payment information.

Your ads will show immediately if you decide to pay for clicks via credit or debit card. If you decide to pay by direct debit, we may need to receive your signed debit authorization before your ads start running, depending on your location.

If you choose bank transfer, your ads will show as soon as we receive your first payment.

We look forward to providing you with the most effective advertising available.

Sincerely,

The Google AdWords Team
~~~~~ Phishing Scam Email #1 – End ~~~~~

~~~~~ Phishing Scam Email #2 – Start ~~~~~

From: reactivation@google.com
Subject: The Google AdWords Team request you to update your
billing information

Dear Google AdWords Customer,

Your ads have stopped running because we were unable to process your billing information. We will reactivate you account after you update your billing information. In order to reactivate your account, please sign it to your account at http://adwordsgoogle.com/select/login, and update your billing information. Once your account is reactivated and your billing information has been processed, any your ads and campaigns can begin running immediately on Google.

You will not be asked to submit your billing information every time you create a new ad or campaign. If your payment has been declined and you’d like to resubmit the same credit card information, you may also do so by clicking the Retry card button on your Billing Preferences page. After updating your credit card information (regardless of whether or not you use a different card), it can take up to 24 hours before your ads start running again. You also have the option of providing a backup credit card to help ensure that your ads run continuously in the case that your primary payment method fails.

Sincerely,

The Google AdWords Team
~~~~~ Phishing Scam Email #2 – End ~~~~~

~~~~~ Phishing Scam Email #3 – Start ~~~~~
From: reactivation@google.com
Subject: Our programme terms have changed.

Dear AdWords Customer,

As part of our ongoing efforts to improve the Google AdWords programme for advertisers and users, we have updated our Terms and Conditions.

Please review the new Terms and Conditions below, then indicate your acceptance.

Yes, I accept the Terms and Conditions. [LINK]

This message was sent from a notification-only email address that does not accept incoming email. Please do not reply to this message.

~~~~~ Phishing Scam Email #3 – End ~~~~~

More about Nikki

More from Google about avoiding phishing