I just started up a client account in AdWords which had been dormant since 2009. When I logged in I told the client to me it appeared that the account had been hacked. This was verified by Google one day later and a credit was applied to the client’s credit card.
So how did I know the AdWords account had been hacked?
- Daily budget was set at $630 per day. That is a spend of $18,900 per 30 days. Previously the budget was $63/day.
- Keywords hidden inside an ad group with the correct name were payday loan related.
- The URL and ad text in the ad group had been changed from the client’s website.
This can happen to anyone. If you are not going to use your AdWords account it is best to either close it or to remove the credit card information.
In this case the client only got hit with a $10.00 charge before AdWords shut the account off. The last hacked account I saw had a $10,000 charge on their credit card for fraudulent clicks in less than seven days, so it is very important to watch what is happening in AdWords or better yet hire an account manager who will keep a careful eye on your account.
I’ve had a client hacked in the past with over $10K of charges racked up (all in a weekend), but it took nearly 2 weeks to fix and their account was out of commission the whole time.