I made my previous post in a bit of a panic, but have now searched the forum and discovered other posts covering the same problem...so I've found pretty much all the info I need, and at least my original post will highlight the fact that the hacking is still going on.

gotta secure that password. brute force software is on the prowl... a simple password can be cracked in less than a day with the right program...

seen it happen first hand.

have you gotten any mysterious emails lately regarding Adwords? an associate of mine got some just before his was hacked. im wondering if they are targeting accounts, whoever is doing this.

i would also look at the domain that the new account was pointing to and either call them on it, or maybe seek legal action.

Oh my God, I've just logged in and can't beleive my eyes: a weird campaign with $7400/day budget, and $5000 already spent! My heart just stopped, it's a real financial catastrophy for me. What to do? I emailed google but no reply... Please share some info!

Forgot to add: all ads look like this:

s
s
s
www.s.com

This sounds obvious but while you are waiting for a reply from Google you did pause the campaign and CHANGED the password, right?

Yes, I've deleted the campaign and changed the password. Are there any chances that Google won't charge my credit card?

I've never had an experience like yours but my feeling is that you would not get billed for that activity.

Also, I would think they would be able to see the IP adddress of whoever added the campaign or some other identifier that may exclude yourself.

Freddy - Google did charge my credit card but it was only £70 or so. They took a couple of days to reply to my email but have been very helpful and have given me a couple of options for recovering my money. Either they will credit the amount charged to my Adwords account (not an option you'd want to go for I suspect!) or they suggest I get my card provider to reverse the charge. In the latter case Google will close my Adwords account and I'll have to set up a new one.

Freddy - just out of interest, was your password a weak one like mine?

Tintin, good to hear that. I've emailed them about 6 hrs ago, no reply yet. I've just received automated letter that my ads have been disapproved (in the deleted campaign, lol!).

Are you saying that my only option (except getting the credit back) is issuing chargeback with my bank? It's a long process where I'll lose these $6K for months. I really hope that I won't be charged by Google at all.

About password - yes, it was weak, very weak. However, I've checked my other 2 accounts which passwords contained at least 8 characters itth bboth letters and numbers, and these accounts are not hacked.

Freddy, It may be that Google won't charge you. I had one charge appear on my credit card after the account was hacked - this was what alerted me to the problem. The account had incurred more charges before I paused it and contacted Google but they haven't appeared on my card yet, so maybe Google won't charge me for those.

For the charges that have already been made to my card those were the only two options Google gave me.

Good to hear about your passwords - that seems pretty good evidence that it was a brute force attack.

Hope it all works out OK for you!

I got hit for $7,000 Oct. 5. I both phoned and emailed google where I was informed they would investigate. They did so quickly, and told me they would be refunding.

It's now Nov 20 and no refund, even after followup mail. I'm still on the hood for the credit card charge, plus interest.

I notified the cc company to get it on record that this had occurred since there is a time limit for reporting fraudulent use. To go forth with trying to get my money back through the credit card company requires the complaint be forwarded to the fraud department, and then who knows, due to the large size. If it's over 1000 or 2000 it doesn't get disputed, but is sent to the fraud department.

I'm very unhappy about their slowness in refunding me the money (funny how fast they are at charging me), but my conversations with google were good. I wish the actions matched.

It's conceivable I could be on the hook for all of this due to google's delay, if it changes it's mind. I'm fairly confident it will all work out, but this is significant money.

Everyone ... check your accounts! I got hit also. And I'm certain I never clicked on the link in a phishing email.

-- Roger

Roger - was your password weak? eg a word in the dictionary?

> Roger - was your password weak? eg a word in the dictionary?

It wasn't a dictionary word, but wasn't a strong password.

It is now. :-)

-- Roger

I guess this explains how the default setting for the "Campaign Summary" report got changed. As I related in the "Cardiac Test" thread, I logged on a few days ago and scrolled to the bottom of the report to see my spending for the previous day. It said something like $25,000!

It took a while before I realized the report was set to "All Time" rather than "Yesterday." During that time, I changed my credit card into to something invalid.

So far, I haven't seen a charge on my credit card for the fradulent campaign, so it may be that Google tried the invalid number.

-- Roger

coachm, I'd be screaming from the rafters if I were you. (Not that that would help, but I sure would be) Making you wait that long for a refund and to use your account is unconscionable.

I wonder how many of the hacks were from gmail accounts.

Freddy, I had the same "s" ad set up in my account and it accrued over $12,000 in charges without me noticing. (it's an old account for a different currency that i no longer use.)

Google wrote off the full amount and told me to be careful about clicking links in emails and to check my system for malware. Thing is, I never click links from emails, especially for google and I can't find any suspicous programs on my computer. I have no idea where they got my login info.

has anyone tried to contact the administrative contacts to the domains that these ads are pointing to? are they private?

i would expect them to obviously deny it, but someone has to be working for them...

i wouldnt hack an account for just any old site, it would have to be worth it to me.

My hacked ad pointed to <snip> - I didn't browse to it as I suspect it's not a genuine site but a spreader of viruses! I guess the whole point of this for the hackers is to get as many people as possible to visit these sites to spread whatever nasty infection is waiting for them there.

[edited by: eelixduppy at 1:00 am (utc) on Nov. 25, 2008]
[edit reason] removed URL [/edit]

off topic a bit... but i had a dream last night that my account got hacked... and i use uppercase and lower case with numbers passwords... and i felt so embarassed.

i was like "how am i going to praise the all mighty password when i just got hacked... the webmasterworld is going to laugh at me.."

oh the shame i felt... it was even worse because i dont have any active campaigns right now...

AdWords support handled the situation quickly and I'm happy with the resolution.

My notebook computer died a few weeks ago and I've been using a different computer at home. In spite of running an antivirus program and using a firewall, I think something wormed its way into the other computer. When I ran a full virus scan and Spybot S&D, several things where found and cleaned up.

Even though I haven't had any sign that any other accounts were compromised, I used another PC, my office computer, to change all my passwords for sites like my bank and credit cards. I switched to more secure passwords - with special characters, numbers, and mixed upper/lowercase. Ironically, one of my credit cards doesn't allow special characters in the password.

I know there are probably good reasons for not including url's in posts but wouldn't it be a good idea to publish them in this sort of case?

Sorry, in case my last post wasn't clear - I've just noticed that the url that my hacked ad pointed to was snipped from a previous post of mine. I'd have thought it would be useful for people to know that information?

tintin99 the information may be useful but what would happen if the site was hacked and added infections to those that visited the site. Best be left out of all post to keep others from adding infected links as useful information.

You can see were it could go from allowing this to continue....:)

yes I guess you're right bwnbwn - thanks for explaining

coachm, I'd be screaming from the rafters if I were you. (Not that that would help, but I sure would be) Making you wait that long for a refund and to use your account is unconscionable.
I wonder how many of the hacks were from gmail accounts.

No gmail here.

(edited) Payment sent according to google, today, but not yet on my credit card. Assume it will be there shortly.

Over a month wait, and I guess I'm on the hook for the interest.

My credit card was charged too (for $6400), in spite of the fact I've requested a write-off! Just don't know what to do know, shot another email to them. I've searched through the forums and saw that none were refunded for these invalid charges, which is a bad sign.

Update (and to freddy). My refund finally was processed through my card two days ago. All told it took google about five weeks from time of notification to investigate and process. Another day or so from the time they authorized the refund until it showed on my card.

I got extremely good help both on the phone and via email. I'd recommend phoning if you can, and following up with an email. I "bugged" them a bit since the process went so slowly, but they were apologetic and tracked the whole thing across several representatives. I was fairly pleased overall, but I do wish the refund was faster, particularly since the investigation phase was relatively short.

Hope it all works out for you guys. I wonder what we all have in common that caused us to end up targeted, but I guess we'll never know.

im seeing lots of spoofing emails
never follow links to adwords from email
never
never
never
............................