Practical Ecommerce

Pay-per-click Spyware and Other Scams

If you thought click fraud was bad, consider this: your Google AdWords, Yahoo! Search Marketing ads and Microsoft adCenter accounts are new targets for spyware applications, hackers and scam artists.

If thieves obtain access to your pay-per-click account, they are in complete control of your pay-per-click activity and could place ads on their behalf but charge your account for them.

Two likely fraud options

Unauthorized users are likely to do one of two things. First, the users could bury their own keywords and ads deep in your account without changing anything else, such as settings and budgets. The idea is to run ads quietly so the account owner doesn’t know he’s paying for somebody else’s clicks.

Second, the users could go through a one-night rendezvous by dumping all sorts of high-cost keywords into your account and adjusting budgets to hundreds of thousands of dollars per day. The idea is to get as many ridiculously expensive clicks (even $90 a click or more) as possible on your credit card.

Regardless of the option your hacker would prefer, you could end up paying thousands of dollars for somebody else’s clicks. To determine if you are a victim of this type of fraud: — Run keyword reports weekly and look beyond the first page (many advertisers tend to ignore keywords that are not in their top 50 list). — Look for keywords that shouldn’t be there. Also, run ad reports to figure out if you have any unfamiliar ads. — Keep track of your normal ad spend and always be suspicious if there is a spike in costs. — Check on your accounts frequently.

Steps to prevent stolen passwords

Here’s what you need to do to prevent your passwords from being stolen: — Set up free image protection in your Yahoo! Search Marketing login page (Yahoo! is the first one to recognize the seriousness of the issue). — Change your passwords each month. — Install and run spyware detection and anti-virus software, such as Google Pack, which has both for free. — Do not react to emails asking you to update passwords or verify something in your pay-per-click account.

If you have fallen victim to the fraud, contact your pay-per-click support team immediately. If you do not employ an outside agency, contact the search engines directly.

Alternatively, change all passwords in your pay-per-click accounts and pause all campaigns. Once the issue has been reported, it’s out of your hands. Search engines will conduct an internal investigation and will contact you to resolve the situation. Be sure to stay on top of all requests from the engine’s support teams and promptly respond to all messages. After all, it’s your fault somebody hijacked your pay-per-click account.

Greg Laptevsky

Bio   •   RSS Feed


Sign up for our email newsletter

  1. Legacy User March 4, 2008 Reply

    Thank you Greg, for informing us of this activity of PPC spyware, and scams. All Online Entrepreneurs needs to read this, and take better precautions on their PPC activity. Thanks again Greg, keep us informed on any more information pertaining to this matter.

    — *Darrick*

  2. Legacy User March 4, 2008 Reply

    Protecting your PPC campaign is gradually becoming a must, especially that most of the time we don't even know when our ads create good leads or generating fraudulent activities. Well, so much for the ad-words or Yahoo's Search Marketining programs and their promises in increasing your ROI. However, you can put control in your hands and have a better transparency of your campaign by monitoring your PPC’s through fraud-protection software that allows you to manage and catch the leak before it hits your bottom line. Such audit oriented software and services can be acquired from company such as Hoping that the fraud won’t touch your pay per click accounts, because your network said it will be safe, is like having a front door to your house but not installing the security.

    — *Dan*

  3. Legacy User March 5, 2008 Reply

    It seems that i just recently encountered a problem with this. I clicked into yahoo search engine to find my website and to my surprise i saw that after the 1st 3 ad clicked directlly to my site, however, the next 4 or 5 ads had my domain name, however it led to someone else's site entirely. not relating to my site. Much more than this i saw that one ad listed my complete name, address, and phone number.

    I copied the html code for the site and (All sources contacting them about the error. It took me 2 days now to finally be able to send a message asking them to remove me from their site. I still do not know if this is the correct place to contact.
    Maybe you can help me identify this problem?

    — *Donnette Bennett*

  4. Legacy User March 5, 2008 Reply

    I would strongly recommend that you contact Yahoo! Search Marketing team to resolve this issue. It sounds like you would need to edit things within your Yahoo! SM account. Here's the number (along with other support #s):

    o Google AdWords: 1-866-246-6453
    o Yahoo! Search Marketing: 1-866-924-6676
    o Microsoft adCenter: 1-800-518-5689

    Hope this helps.


    — *Greg*

  5. Legacy User March 12, 2008 Reply

    Ouch!!! I am a little afraid of PPC right now. Is it really possible? Please, would like more info.

    — *Posicionar Sitio*

  6. Legacy User April 3, 2008 Reply

    So much fraud nowadays! You do pay per click and you end being being clicked by fraudsters. I think I will stick to free advertising like text ads and articles submission. No money for pay per click.

    — *Chan Kong Loon*

  7. Legacy User April 8, 2008 Reply

    Thanks, Greg, information on Pay per click spyware, and scams. Useful information for advertisers. Tracking ad spends and Check on adwords accounts frequently. Run keyword reports weekly

    — *henrry134*