Google AdWords Phishing Attempts

by Andrew Miller on 11/15/11

What’s easier than making money the hard way? Stealing it.

That seems to be the motivation behind a Google AdWords phishing attempt a client received this morning. Luckily he had the keen eye to avoid the trap and forward the email to me for further review.

Step 1: The Phishing Lure

Here’s the email he received. Is says his account is no longer running and that his ads need to be reviewed before being re-activated.

Looks legit, right? Even the reply-to address is the normal AdWords notification email account. Who wouldn’t log in to re-activate their ads?

AdWords Phishing Email

AdWords Phishing Email - Click to Enlarge

Step 2: Set the Hook

After clicking the link, an unsuspecting advertiser could be tricked into filling in their AdWords username and password on this screen.

AdWords Phishing Login Page

AdWords Phishing Login Page - Click to Enlarge

 

Again, it looks legitimate. More experienced AdWords users will immediately recognize this as a old version of the login page. The new version is below as a reference.

AdWords Login Screen

The Real AdWords Login Screen - Click to Enlarge

Step 3: Be The One That Got Away

There are numerous clues that the site may not be legitimate and should be avoided:

  1. The click-through URL on the email goes to “google-ist.com” instead of “google.com“. This should be a dead-giveaway.
  2. The landing page is not hosted on a secure site. All official Google login pages are secured on https pages.
  3. The email seems overly dire and not worded in the typical “Googley” fashion: “Please note: If you do not verify the status of your Adwords account and notify us if your ads do not appear online we can not help you and your ads will stay offline for the next few days.”
  4. The landing page is a copy of an old version and does not resemble the current AdWords login page.
  5. The whois information for this domain is not registered to Google. It’s probably fake info anyway, but it’s definitely not Google.
  6. Clicking the link in a modern browser pops up a phishing warning. Not all browsers do this, but it is extremely helpful and usually accurate.
Phishing Warning

Phishing Warning - Click to Enlarge

Prevention > Cure

What would happen if the phisher did snag your AdWords login and password? They can log in to your account and drive massive amounts of traffic to their sites at your expense. That’s the best case scenario. Worst case, they can access your entire Google account, personal info, email accounts, social networks, Google Docs, and any other sensitive info you have stored in Google’s cloud.
If your account was compromised and you noticed a charge to your account, log in and change your password immediately! Your only recourse is to contact AdWords and explain how you got hacked. If you do receive a phishing email but did not fall victim, report it to AdWords here.
It’s much easier (and less expensive) to think carefully about each link you click and every login form you submit. Rehearse your mental checklist to keep your guard up.
I hope you haven’t fallen victim to this scam. It must be somewhat successful because various iterations have been circulating for years.

Alternatives to SEO Rank Checkers

by Andrew Miller on 10/19/11

How do I know if my search rankings reports are accurate? You don’t. Move on.
A friend pinged me this morning asking about alternatives to using the SEOMoz Pro rank checking tool. The reported results were not the same as they were seeing when manually searching.

Even when logged out of Google and with a clear cache and no cookies, Google is still personalizing search results for each user based on the search history of each IP address and your geographic location.

This question is increasingly common for people reporting rankings to their SEO clients. As mentioned before, I am NOT IN FAVOR of relying solely on search rankings. There are plenty of other, more meaningful metrics.

Here’s my response, which I felt was worth sharing:

For consistency reasons (and time constraints), I’ve stopped using rankings as an indicator of SEO results.

When I do look at them, I use SEOMoz Pro and WebPosition (webposition.com). There’s no way around the IP-level personalization that I’ve found that still simulates real-life search patterns.

Using 2 data sources gets you a couple different data points. They hardly ever match, so I look at trends over several months and not particular data points from an exact moment in time.

Try reporting on organic, non-branded keyword visits and the number/type of unique landing pages from that traffic segment. If you have conversion data, all the better. Rankings are meaningless unless you are actually attracting qualified traffic and generating sales/leads/whatever. The landing pages reports show how much of your content is exposed in search engines, and where you might be missing opportunities to attract new visitors by focusing on some internal pages or sections.

It’s a lot more work, but I’ve found that clients appreciate tangible results in addition to (or instead of) showing rankings. Anything that keeps the SEM industry more accountable and transparent is a good thing, in my mind.

Ready For Less Useful SEO Traffic Metrics?

October 18, 2011
Thumbnail image for Ready For Less Useful SEO Traffic Metrics?

Google’s big on privacy these days. It’s no surprise, considering the blowback they’ve received on Google Buzz and their impending antitrust investigations. Even so, I was a very surprised to hear Google announce that they are going to stop reporting which keywords drove traffic to sites in Google Analytics if the searcher A) is logged [...]

Read the full article →

Slides From VCU BrandCenter Presentation

October 15, 2011

I always love getting over to the VCU BrandCenter to talk to the students about search engine marketing. The students are active, engaged, and endlessly curious. They got more detail than they bargained for when they started asking deep questions about Quality Score and Google’s impending “big brother” reputation, but it makes for a fun [...]

Read the full article →

Jason Joins The Team

October 13, 2011

I’m happy to announce the newest addition to the Your Search Advisor team! Jason Sexton joins as a Search Engine Marketing Analyst to assist with client campaign management, reporting and analysis, and strategic development of clients’ PPC advertising initiatives. In short, Jason makes us more efficient and effective. Jason is a recent graduate from Virginia [...]

Read the full article →