Google Gets Hit With Phishing Scam

Google AdWords is a new marketing method that is a hot commodity among bloggers, online retailers, and...dentity thieves? That’s right. Earlier this year identity thieves infiltrated the popular marketing tool offered by Google.

Usually, in normal circumstances, retailers create an online account with Google and they design their own ads. Then they select key words that people might search for if they were looking for the same or a similar product. When people search for those key words the retailer’s ad will pop up on the Google search engine page. If the person surfing the internet clicks on the ad, then the retailer pays for it. This is what is known as the “pay per click” method of marketing. It’s old fashioned lead generation in a new form.

Retailers love it because they can set their own budgets. Once they’ve met their quota for the month Google won’t run their ad again during that cycle. It sounds like a good system, and it is as long as an identity thief hasn’t infiltrated the system.

Several months ago, Google AdWords became the most recent corporation to have identity thieves hijack its identity in an attempt to steal the identities of countless trusting customers. Much like PayPal, eBay and Bank of America, Google AdWords has now fallen victim to a detailed phishing plot.

Over a period of several weeks, Google AdWords members began receiving emails from what appeared to be Google AdWords claiming that they needed to login and verify their account information or their accounts would be terminated within days. Not wanting to lose their standing in the system, or the potential marketing for their businesses, countless people followed the link and went to a website that looked almost exactly like the real Google AdWords site, and they divulged their account numbers and passwords to identity thieves. Some people even unknowingly gave their bank account information away.

What happened next is interesting. Although reports remain unclear about whether or not victims saw their bank accounts dwindle or countless fraudulent charges made to their accounts, one thing is certain: their AdWords accounts were tampered with so that they would net great gains to the identity thieves.

In a matter of minutes, identity thieves were able to hack into countless accounts and reset the threshold for the maximum dollar amount a person was willing to spend on marketing, and reconfigure the key words so the traffic was being driven to websites belonging to identity thieves rather than those belonging to the original owners of the accounts. For most of the summer identity theft ran rampant through Google AdWords. Panicked customers began flooding Google customer service with messages once they realized that maximum dollar amounts that had once been set at $100 skyrocketed to the $7,000 range.

The episode was a costly one for Google who wound up repaying the money that was fraudulently charged to customers while the identity thieves still remain at large. Perhaps the only bright side in all of this is that identity thieves now view Google as a target worth hitting. In today’s world that only means one thing: Google has arrived.

What is Phishing and How You Can Protect Yourself

Although the attack on Google is a relatively new thing, phishing isn’t a new practice. Surprisingly though, as the crime evolves, thousands of people still fall victim to it on a regular basis. If you are an email user, you will almost certainly become a target of a phishing scheme in the future if you haven’t already.

Phishing occurs when identity thieves pose as a legitimate company, bank or other institution where you might hold an account. They set up an official looking email that will redirect you to another official looking website if you click the links contained in the email. Phishing emails usually employ the use of scare tactics that make the receivers think their accounts are in danger of being closed or that their security has already been breached. The goal of these emails is to get people to log on to what they think is a legitimate website and divulge all of their personal information: user names, passwords, bank account information and in some cases birthdates and mother’s maiden name. Instead of giving this information to legitimate sources these people are unknowingly giving their information right to identity thieves.

Because identity thieves are able to move so quickly, even victims who realize what they have done only moments after they have done it have seen their bank accounts take significant hits in a matter of minutes.

But there are ways you can safeguard yourself against phishing emails. Following the three steps below will help you greatly reduce your chances of becoming a victim of this type of identity fraud.

1. Never follow a link to a website that asks for your personal information. If you receive an email from an institution you have an account with and you think it might be legitimate, don’t follow the link provide. Instead, close your email account and log on to your account via the internet the way you always do to see if anything seems out of the ordinary. If there is a problem with your account you should be able to fix it that way—with full confidence that you aren’t giving your information away to identity thieves.

2. Contact your bank and other institutions you do business with and ask about their policy regarding contacting customers about their accounts. Before you even receive an email asking you to verify your account information, it would be a good idea to check the websites of (or call) any institutions you hold accounts with to review their policies about contacting account holders about their accounts. Many organizations will never ask customers to verify personal information via email, or if they do they don’t provide an internal link and instead encourage you to log onto your account the way you always do. Most companies are aware of phishing schemes and don’t want their customers to be taken advantage of.

3. Forward any fraudulent emails to a company’s fraud department. If you receive a suspicious email that appears to be from PayPal you can forward it to spoof@paypal.com so that their fraud team can investigate it and attempt to track down the imposters. Many other companies have similar systems in place. Inquire (via the website or phone) with the company you have appeared to receive an email from and do your part to put an end to phishing schemes.
Phishing is a huge problem and is one of the most common forms of online identity theft. Make sure you don’t fall victim to such a scheme and that you are fully equipped to protect yourself and those you love from becoming identity theft victims today.