Here's what happened
Yesterday, August 25th, I logged in to my Adwords account and I about flipped out upon realizing that my Adwords account had been hacked.
The big tip off was seeing that an unfamiliar campaign in my account had ran up a bill for $2,540.41 for the day and $2,142.80 for the previous day. That's a total of $4,683.21 due to unauthorized changes made to my Adwords account.
And here's the sole ad that the perpetrator was displaying. He was triggering the ad with a list of non specific short tail travel related keywords.
From the wording, it looks like the cracker speaks some variant of Engrish. The ad was costing an average of $1.51 a click.
I decided to click on the ad to see where it would take me. It led to a site on the domain alert-safety.com which was some kind of malware distribution site made to look like a site owned by Google.
There was a message, written in Engrish, that explained that the viewer's computer was infected and that security software would need to be downloaded. A link, presumably to a malware application, was conveniently provided as a remedy. Upon clicking the link, the application would begin to download.
Aside from the poor English, the landing page looked like it was a Google brand site called GSafety Beta.
So what did I do?
Well, I Googled "hacked Adwords" and read some of the results. It was comforting to know that others have had this happen to them and that their problems were resolved and unauthorized charges refunded.
Before contacting Adwords through their Chat support, I was a little bit nervous. Nervous because I wasn't sure that the Adwords representative would actually believe that my account was hacked and that the representative would instead believe that I was just some guy with my own runaway Adwords campaign.
It took about 30 minutes of waiting before an Adwords representative was able to chat with me.
I was glad I didn't lose hope and I finally was chatting with somebody from Adwords.
He asked me some questions about what made me thing that somebody has made unauthorized changes in my account.
I mentioned the unauthorized campaign with a daily budget of $8,500.00.
I must not have made it clear that this was not a campaign that I created because the Adwords rep asked me what the daily budget was before it was set at $8,500. Well, the campaign simply did not exist before the 24th.
It didn't take too much time to explain that it was not the case that somebody used an already existing campaign in my account, but that somebody created an entirely new campaign with a name that follows a naming convention that I commonly use to name my own campaigns.
I still wasn't sure that he believed me. As far as the Adwords representative was concerned, I could have been just another person whining because they let their campaign get out of control.
What I think must have removed any doubt as to whether or not the unauthorized campaign was created by me was my mentioning that the landing page for the campaign at the domain alert-safety.com was actually a phishing or malware distribution site that was made to look like a Google property. Nobody in their right mind would report to Google that they were using their own Adwords account for such fraudulent activity, right?
So then what happened?
Well, the Adwords rep basically acknowledged that there have been some unauthorized changes to my account.
The representative also let me know that my case would be sent to an Adwords Specialist team for further investigation. I'm told that during that time, which I am told would be about three days, none of my ads would run; my account would be put into a suspended state as a precaution.
Most importantly, the Adwords representative told me that at the end of the investigation he would notify me, my Adwords account will be reactivated, and that Google Adwords will reimburse me for any costs accrued due to the unauthorized activity.
I did notice though, that my ads are still running. So I can only hope that the Adwords Specialist Team hasn't gotten around to looking at my account. I'll keep you updated on what transpires.