|Protect Your AdWords Account|
A few anti-phishing preventative measures
We all know that AdWords Phishing is running rampant at the moment. Seems like every day I run across a new post or email or tweet from someone who's been hacked, and I found at least six phishing emails purportedly from Google in my spam folder this morning.
I hope I know better than to fall prey to any of these scams, but as I was thinking about it this morning, it occurred to me that I have been lazy about security in some ways, and it's even more important because I hold the keys to a number of client accounts in addition to my own.
So I'm developing a set of procedures, and I'll post them here in case anyone else wants to take them up. Feel free to add anything I've missed.
AWA, if you are reading this (and I'm sure you are) this probably be a good subject for an Inside AdWords blog post.
- Go through and change your password on your AdWords account. If you have an MCC, change the password on that. If you are managing client accounts, and have full control, change all their passwords too (I'm going to) and if you don't have full control, suggest that your clients change their passwords.
- If you manage clients who have their own passwords, send out a quick email to those clients warning them about all the AdWords phishing and not to click on anything they get in email; if there's even the slightest question, tell them to call you or forward the email to you.
- Check and see who has Access rights to your account. I bet I have at least half a dozen clients still linked into my MCC who haven't been in touch in some time. Also, who's to say that the account hasn't been phished and is 'sleeping' until it's needed? If I were a miscreant, that's how I'd do it, to avoid notice. So go into My Account and click on the Access link and make sure you recognize everyone who's there.
- Next, go back to Campaign Management, then Tools, and then My Change History, and run a report for at least the past 30 days; make sure you can account for every change you see in there.
- Finally, create a reminder in whatever calendar program you utilize for some period of time - once a month, once every three months, whatever, and go through all these steps all over again. I'm setting mine to the 24th of every month; it'll be easy for me to remember, it's the day I give my cat his monthly flea prevention.
It shouldn't take too long, and I'm going to make it part of my regular routine, starting today.
great tips netmeg, thanks -- i change my password and my client's passwords the first of every month, always making sure to use combo of upper/lower case letters, numbers and symbols. and most important, never email the updated passwords!
My answer, NEVER try to access your account by clicking on a link on an email.
|So I'm developing a set of procedures, and I'll post them here in case anyone else wants to take them up. Feel free to add anything I've missed. |
This is really excellent, netmeg - and many thanks for taking the time to first do it, then post it here.
|AWA, if you are reading this (and I'm sure you are) this probably be a good subject for an Inside AdWords blog post. |
Yep, I agree. I have a meeting with the Inside AdWords blog folks on Friday afternoon, and I'll discuss doing just that.
I know that as a Google employee, I should not actually link to Google blogs here - but I would like to say that there have been a number of useful posts on the subject of online security on the official Google blog. Two of the posts that I think are worth seeing are named below. If you get to either, be sure to click the link near the top to see the rest of the series.
* How to avoid getting hooked
* Does your password pass the test?
Thanks again, netmeg. You rock. ;)
you're welcome and thanks!
Strong passwords really are necessary, as is using a password that is not used for any other service anywhere else - especially one that can be associated with your email address.
If you are worried about being able to remember many different passwords, then get yourself a USB memory stick and a copy of Keepass (or similar) to store them all in a secure, encrypted, but portable manner.