Knowledge is the Foundation To Success  

February 2nd was Groundhog Day, and Punxsutawney Phil saw his shadow. What does that have to do with PPC advertising? And my answer is absolutely nothing, but it’s a great excuse for me to remind you to change your password on your PPC accounts.

I’ve blogged about this topic before, but I figure this is one of those topics that it can’t hurt to repeat over and over! If you haven’t changed your password on your Google AdWords, Yahoo Search Marketing or MSN accounts since you created them, it’s time to change your password.

Even if you changed it six months ago, it’s time to change it again. There are oodles of phishing emails out there, trying to get your personal information. Changing your password frequently can help prevent your account from being hijaxed. A phishing email looks official, uses all the right language and official-looking URLs, but the trouble starts if you were to click on a link in the email. Nine times out of ten, it’ll take you to a dead page, but sometimes you might land on a page that looks like where you are supposed to go. When you use your login and password, the site records them for later use.

Hijaxing occurs when someone then uses the login and password to log-in to your PPC account, sets up a new campaign with a super high budget and spends until they either get caught or max out your credit card. I know of one instance just a few months back, where a hijaxed account spent, in a matter of just 10 hours, over $12,000 until Google’s fraud department caught it.

At JumpFly, we change our management shell login and passwords every month, and we recommend that our clients change their personal login and passwords too. It’s a good habit to get into.

For the record, when the groundhog sees his shadow, it means another six weeks of winter. And for your trivia buffs out there, according to the Punxsutawney Groundhog Club, since 1887, Phil has seen his shadow 97 times, not seen his shadow 15 times and there are no records for nine of the years.

More about Nikki

Just last week one of my pay-per-click (PPC) advertising clients got hit by fraudulent Google activity; someone logged into their Google AdWords account, set up a new campaign and in a matter of 12 hours, spent $26,000. Google contacted us about the activity, and my client is not liable for the amount spent, but it’s certainly made for quite a bit of frustration, as their AdWords account is off and will be off indefinitely until the write-off gets posted to their account.

How did this happen and how can you prevent it from happening to you?

While we’re not 100% positive how exactly the perpetrators got a hold of the client’s Google AdWords login and password in this particular case, here’s how you can protect yourself:

1. Don’t Get Caught by Phishing Emails (three examples of Phishing emails are at the bottom of this Blog): if you get an email that looks like it’s from Google, and requests that you click a link within the email to login, DO NOT click the link. Phishing emails are emails that are web forgery designed to trick you into sharing logins, passwords, personal or financial information. They look official, but are devious. As a general rule, you should never click a link within an email and login to your account. Always open a browser window and type in the desired URL or use bookmarks.

2. Change your password: if you’ve never changed your password before, now is a great time. I know it’s difficult to remember all those passwords, but it’s a better alternative to getting scammed. We’ve started changing our passwords here at JumpFly on a monthly basis.

3. Hire an Experienced PPC Management Company: then you can forward any emails that look like they are from Google AdWords, Yahoo Search Marketing or Microsoft adCenter to your account manager and not have to deal with it at all.

Three Google Phishing Emails that are making the rounds:

~~~~~~ Phishing Scam Email #1 – Start ~~~~~~
From: adwords-noreply@google.com
Subject: Your AdWords Google Account is stopped

This message was sent from a notification-only email address that does not accept incoming email. Please do not reply to this message.

Dear Google AdWords Customer,

Please sign in to your account at http://adwords.google.com/select/login , and update your billing information.

Your account will be reactivated as soon as you update your payment information.

Your ads will show immediately if you decide to pay for clicks via credit or debit card. If you decide to pay by direct debit, we may need to receive your signed debit authorization before your ads start running, depending on your location.

If you choose bank transfer, your ads will show as soon as we receive your first payment.

We look forward to providing you with the most effective advertising available.

Sincerely,

The Google AdWords Team
~~~~~ Phishing Scam Email #1 – End ~~~~~

~~~~~ Phishing Scam Email #2 – Start ~~~~~

From: reactivation@google.com
Subject: The Google AdWords Team request you to update your
billing information

Dear Google AdWords Customer,

Your ads have stopped running because we were unable to process your billing information. We will reactivate you account after you update your billing information. In order to reactivate your account, please sign it to your account at http://adwordsgoogle.com/select/login, and update your billing information. Once your account is reactivated and your billing information has been processed, any your ads and campaigns can begin running immediately on Google.

You will not be asked to submit your billing information every time you create a new ad or campaign. If your payment has been declined and you’d like to resubmit the same credit card information, you may also do so by clicking the Retry card button on your Billing Preferences page. After updating your credit card information (regardless of whether or not you use a different card), it can take up to 24 hours before your ads start running again. You also have the option of providing a backup credit card to help ensure that your ads run continuously in the case that your primary payment method fails.

Sincerely,

The Google AdWords Team
~~~~~ Phishing Scam Email #2 – End ~~~~~

~~~~~ Phishing Scam Email #3 – Start ~~~~~
From: reactivation@google.com
Subject: Our programme terms have changed.

Dear AdWords Customer,

As part of our ongoing efforts to improve the Google AdWords programme for advertisers and users, we have updated our Terms and Conditions.

Please review the new Terms and Conditions below, then indicate your acceptance.

Yes, I accept the Terms and Conditions. [LINK]

This message was sent from a notification-only email address that does not accept incoming email. Please do not reply to this message.

~~~~~ Phishing Scam Email #3 – End ~~~~~

More about Nikki

More from Google about avoiding phishing

One of the benefits of hiring a professional PPC Management company to take care of your PPC campaigns is to prevent you from getting taken in by the phishing emails that have been making the rounds. Our clients know to forward us any emails they get from Yahoo, Google and MSN instead of dealing with them on their own. There’s been a rash of emails coming in that look like they are legitimate with official looking logos and language. The emails promise dire consequences if you don’t click a link within the email itself, like your Google account will be canceled or your Yahoo account will go offline.

Good account managers can tell if it’s a legitimate email or not so you don’t have to. We can tell from within your account if there is an issue and if there is, we can take care of it for you. If there’s not and it is a phishing email, we can forward it on to our dedicated reps at the search engines for proper investigation.

Most of the time, if you click the link, you’ll end up on a dead web page, but if you were to get through, most likely they’d ask for a credit card number and account information, basically all the information a thief would need to go on a shopping spree or steal your identity. Google, Yahoo and MSN (and for that matter, any bank, financial institution etc) should never ask you for personal or business information on an email, or ask you to click a link within the email itself. The safest way to prevent phishing is to login to your account directly through a bookmark or by typing the URL into a address bar, not by clicking a link in an email.