Yes, my company’s Adwords account was kidnapped. Its one of those things, you know. I was “laid back,” got this email, and although I thought is was a bit weird, it looked very official. I thought it had something to do with the Yahoo Search Marketing and Google advertising deal. The email address had YSM in it, so – like an idiot – I clicked through. The whole story can be read on blogoscoped.com The story had to come out so others don’t fall for the same trap.
The GREAT thing here is that this “phishing” and hacking of my account caused some kind of “filter” to stop all my ads running immediately, so no ads were delivered to the spammer. This is an excellent tool and should be highlighted, and Google should be given full credit.
If you happen to get one of these emails send the info to Adwords support.
1. Don’t reply to, or click links within, emails that ask for personal, financial, or account information.
2. Check the message headers. The ‘From:’ address and the ‘Return-path’ should reference the same source.
3. Instead of clicking the links in emails, go to the websites directly by typing the web address into your browser, cut and paste, or use
4. If on a secure page, look for “https” at the beginning of the URL and the padlock icon in the browser.
5. Use a browser that has a phishing filter (Firefox, Internet Explorer, or Opera).
6. Use strong passwords. A strong password should be unique; include letters, numbers, and symbols; and be changed regularly.
7. To protect your computer from malware, keep your computer’s antivirus, spyware, browser, and security patches up to date and regularly run system scans. If you need more information about software that can help detect and remove malware from your computer, please visit http://www.google.com/support/bin/answer.py?answer=8091&topic=13929.