Practical Ecommerce

Pay-per-click Spyware and Other Scams

If you thought click fraud was bad, consider this: your Google AdWords, Yahoo! Search Marketing ads and Microsoft adCenter accounts are new targets for spyware applications, hackers and scam artists.

If thieves obtain access to your pay-per-click account, they are in complete control of your pay-per-click activity and could place ads on their behalf but charge your account for them.

Two likely fraud options

Unauthorized users are likely to do one of two things. First, the users could bury their own keywords and ads deep in your account without changing anything else, such as settings and budgets. The idea is to run ads quietly so the account owner doesn’t know he’s paying for somebody else’s clicks.

Second, the users could go through a one-night rendezvous by dumping all sorts of high-cost keywords into your account and adjusting budgets to hundreds of thousands of dollars per day. The idea is to get as many ridiculously expensive clicks (even $90 a click or more) as possible on your credit card.

Regardless of the option your hacker would prefer, you could end up paying thousands of dollars for somebody else’s clicks. To determine if you are a victim of this type of fraud: — Run keyword reports weekly and look beyond the first page (many advertisers tend to ignore keywords that are not in their top 50 list). — Look for keywords that shouldn’t be there. Also, run ad reports to figure out if you have any unfamiliar ads. — Keep track of your normal ad spend and always be suspicious if there is a spike in costs. — Check on your accounts frequently.

Steps to prevent stolen passwords

Here’s what you need to do to prevent your passwords from being stolen: — Set up free image protection in your Yahoo! Search Marketing login page (Yahoo! is the first one to recognize the seriousness of the issue). — Change your passwords each month. — Install and run spyware detection and anti-virus software, such as Google Pack, which has both for free. — Do not react to emails asking you to update passwords or verify something in your pay-per-click account.

If you have fallen victim to the fraud, contact your pay-per-click support team immediately. If you do not employ an outside agency, contact the search engines directly.

Alternatively, change all passwords in your pay-per-click accounts and pause all campaigns. Once the issue has been reported, it’s out of your hands. Search engines will conduct an internal investigation and will contact you to resolve the situation. Be sure to stay on top of all requests from the engine’s support teams and promptly respond to all messages. After all, it’s your fault somebody hijacked your pay-per-click account.