Google AdWords Account Hacked - $2,700 in Charges in 10 hours

[domaingamer]

I woke up last Friday and logged into my AdWords account about 9:30am to check my campaigns. I noticed that there was a new campaign (that I had not set up) with a daily limit of $5,850 had been created and had already rang up $2,700 in charges. I quickly paused the account and tried to contact Google Support.

Getting anything out of Google support has been near impossible. I started with live chat and then sent multiple emails describing the situation. Since last Friday my account has been frozen while they investigate the situation. Freezing my account for a week has been extremely frustrating as I have 2 offline businesses that heavily rely on AdWords to bring in customers.

The only intelligent response I've received from Google so far is that they recognize suspicious behavior has occurred, but they need to investigate further - which they are taking their sweet time with.

I have done some research on the domain in question and found out the owner that is registered under the WHOis information. I've not yet contacted this person, but am planning to do shortly. I was hoping for quicker resolution from Google so I could have that out of the way before I figure out how I want to approach the potential culprit.

The information in the WHOis record showed that the domain was created last Friday by a company that is completely different from the LLC's and personal accounts I use for my domains - I have made sure to highlight that in my email exchanges with Google. The person on the WHOis record has a MySpace page that leads me to believe his identity was stolen, but I will try and find out.

I'm trying to figure out how they got my account, could be a number of ways - I was talking to someone and we thought Roboform might be a culprit, but I'm not sure.

I'm posting this as a warning, I'm not asking for anything, this is primarily a public service message as I've given very little back to this community and I have taken a lot by lurking here over the last 6 months.

 

[mediastar100]

what were the adgroups, kws etc?

 

[mreed]

Dude, sorry to hear about the trouble. Hopefully Google does you right.

I received a weird email the other day. When I clicked the link, it asked me for my Google login for Gmail.

I put it in out of reflex, but then realized that I am always logged into Gtalk and Google never asks me for my pass.

I wish I saved the email. I think it was "Some one has invited you to use GTALK" thats why it was strange, I'm already on Gtalk. My first impression was Google must have messed up.

I can usually recognize a phisher by the URL this one was more difficult.

I changed my password immediately. Maybe thats how they got yours?

 

[productionhead]

Well since it already happened, for research value what was he advertising?

 

[directresponse]

That sucks, but you do have a few options. This happened to a client of mine a few years ago, and they lost about 25K to an ex-employee. From what I remember, Google or Yahoo (I forget who it was) wasn't much help.

1) Have a lawyer send a letter to him, his domain registrar, and his ISP. Tell him it is a serious crime and could result in jail time, assuming he's in the US. Most people will fold once they get something like this.

2) You can contact your credit card company, and tell them you are disputing the charges. If you do this, it will severly piss off Google. You may have trouble with your account if you do this.

Good luck to you.

 

[domaingamer]

#1 The Adgroup was titled: Fregate - probably named after the island by some not so witty hacker.
#2 The keywords were all about loans: business loan, cash advance, etc.
#3 Here's the URL that ads were run to: www dot UsPremiumLoans dot net
#4 Thank you directresponse for the advice. Option #2 is what I'm considering if Google doesn't help out.

After talking with Mason, I think it's possible that a phishing email was how they might have got my info. It was quite an email - it included the google extension and looks very similar to other AdWords response emails. Embarrassing posting this (if in fact this is how they got my info), but I've included a copy of the email at this link:

www dot Seattle-Cedar dot com/google.html

 

[bamboo]

sneaky fucking email, that sucks man... theres a ton of fake ebay and paypal ones also

 

[fonske]

Looked like a phishing email the minute I saw it.

 

[nachoninja]

owned

 

[elime]

Augh come on man, really? That's a phish, painfully obvious. =\

Hopefully you've already seen the WHOIS for the domain:

removed

I'd call him up.

EDIT: Heh, or swing by: /removed/

 

[domaingamer]

I'm willing to take my lumps on this for clicking that bulllshit link, much deserved.

I have that same info and his MySpace page, have not called him yet, planning to do that shortly.

 

[$5 Submissions]

There's been quite a bit of Adwords phishing spam in the past few weeks. Sorry to hear about the hassle you went through.

 

[elucidex]

Same here.. getting spoofed adwords email all the time. Hope you get everything resolved. Google support sucks and is always extremely slow. If it's possible open another account, maybe under someone elses name to make sure they don't give you any shit.

 

[Aequitas]

This is why you place your adwords account on Pay As You Go so that even if someone hacks your account they cannot use what isn't already there.

Keep only what you need in the account, once it reaches that amount boom everything is instantly paused.

And yes yes I know some people will jump on me by saying this doesn't work and Google will keep charging you but the people who think that way are just the dumb ones who never talk to a company employee's in real life.

 

[interwebmarketr]

That's fucking horrible, man. For something like this I would've skipped the chat and email and ring them up right away.

There will always be a time when someone gets the best of you, even if it's with a retarded phishing scam. I hope you get this resolved and I hope this fucknaut gets what he deserves.

 

[MDSandB]

i received an email from Google today asking me to rest my gmail password. the email was from gmail again.

I never asked for my password to be reset. I assume its phishing attempt.

 

[izzamaney]

I'm betting that who.is info is fake.

 

[Drake]

Glad it does not look like it was Roboform. That scared the shit outta me.

I do prepaid Google as well. It is sometimes a pain but helps from having weird things happen.

 

[-Matt-]

Hopefully you've already seen the WHOIS for the domain:

But if the hacker is even slightly intelligent, he'd be using someone else's information.

--

On another note, anyone stupid enough to fall for such obvious phishing emails like that one deserve to be hacked. My aunt once got her paypal hacked because she fell for an email, and it was hard to hold myself back from flat out calling her an idiot.

 

[elime]

But if the hacker is even slightly intelligent, he'd be using someone else's information.

True enough. But in that case I'm sure the kid (Jason whatever) would like to know that someone is doing naughty things with his name. So either way it's a good idea to notify the registrant, since from what we can all tell he's a real person.

But if it that really IS the culprit, he's obviously stupid and chances are would shit himself upon being contacted.