How to prevent unauthorized PPC campaign attacks in Google AdWords

The recent attack to our client’s Google AdWords account has motivated ke Solutions to offer some support to the companies that might have had this problem and to those that should protect their accounts from this attacks. To find out more about this read our Fast response to an unauthorized PPC campaign attack article.

In case you have your AdWords account compromised, you should notify the AdWords team as soon as possible. During the time Google is investigating the issue you should:

As prevention actions to common malevolent techniques to access an account, we suggest the following:

  1. Phishing

Phishing is an attempt to fraudulently acquire sensitive information, such as usernames, passwords, or credit card details, by masquerading as a trustworthy entity. For example, there are reports of phishing emails that falsely appear to be from adwords-noreply@google.com. These fraudulent emails ask users to update their billing information, take action on a disapproved ad, edit their account, or accept new AdWords terms and conditions. In some cases, the links may lead to websites that install malware onto your computer.

The Google's AdWords team will not send an unsolicited message asking for your password or other sensitive information by email or through a link. If you've received a phishing email that attempts to fraudulently collect passwords, credit card numbers, or other sensitive information, please report it to us immediately by completing the Report Phishing Form at http://adwords.google.com/support/bin/request.py?ctx=cuffhelp&contact_type=phishing.

Tips to protect yourself from phishing:

  1. Don't reply to, or click links within, emails that ask for personal, financial, or account information.
  2. Check the message headers. The 'From:' address and the 'Return-path' should reference the same source.
  3. Instead of clicking the links in emails, go to the websites directly by typing the web address into your browser, cut and paste, or use bookmarks.
  4. If on a secure page, look for "https" at the beginning of the URL and the padlock icon in the browser.
  5. Use a browser that has a phishing filter (Firefox, Internet Explorer, or Opera).
  6. Use strong passwords. A strong password should be unique; include letters, numbers, and symbols; and be changed regularly.
  7. If you ever need to change your account information, such as your billing details or your password, you should always sign in to your account from the main
  8. AdWords login page (https://adwords.google.com) and make the changes directly within your account.

For more information on phishing, please visit https://adwords.google.com/support/bin/answer.py?answer=93198&topic=9146.

  1. Malware

Malware is malicious software that attempts to steal sensitive information from your computer, send spam, or commit fraud. To protect your computer from malware, keep your computer's antivirus, spyware, browser, and security patches up to date and regularly run system scans. If you need more information about software that can help detect and remove malware from your computer, visit http://www.google.com/support/bin/answer.py?answer=8091&topic=13929.

  1. Unauthorized access

Someone may have gained access to your computer and made changes to your account when your computer was left unattended.

For more information, visit OnGuardOnline.gov, which provides practical tips from the United States federal government and the technology industry to help you be on guard, secure your computer, and protect your personal information against internet fraud.