I woke up to a horrible surprize this morning, an email from Google Adward saying a payment for £6k+ has been declined on my credit card, thank god!
I quickly went to my adwords account to find that someone has over the last 3 days spend £9k+!! So please check your own account and change the password immediately.
I dont know how they got in or what google will do about, i dont even know whether i have to foot the bill or not, if I do that will be my career in affiliate marketing over!
I emailed google about an hour ago but have yet to hear back from them.
I get emails like this regularly, make sure the link in the email goes to google and not some other site trying to get your details.
ye make sure its not a fake email, as if it is, you'll have given your details to them.
So go to google adwords website by typing it in yourself and then check,
I'll go grab the number for adwords give them a ring.
0845 358 0038 i think,
Yes, in terms of fake e-mails, the ones purporting to be Google AdWords have been amongst the most convincing, so do check the url on mouseover to ensure you aren't being taken to a fake site.
Rgds
No, it is not a fake email, i logged in and the money has been spent!!!!!
Have they actually logged into your account and added their own adverts?
If so, it should be easy enough to trace.
Follow the ad, get the tracking id and notify whoever runs the program.
They should be able to follow it up.
Easiest way to not get phised then funked over is to NEVER click a url in any email realting to Google, yahoo, msn etc.. or at least always hover over and double check before clicking.
in theory you should be able to get a credit card chargeback and leave google to go chasing the offending mofo's .. but in actuallity who knows what will happen however it sounds like google might play ball, at least on the US side of things Google AdWords Account Hacked: False Ads & False Charges and then adwords own adwordspro dude says here fraudulent charges to my card. - Billing & Payments | Google Groups that " I would like to assure you all that that you will not be responsible for charges accrued in 'fraudulent' campaigns that you did not create. So I hope you will rest easy on that point."
Hi Shane,
Thanks a lot for the links, it has put my mind to rest!
Just to me clear it was not the victim of a phishing attack, i dont click on links from "official" compaies, just in case. Also I have run a series of spyware, adware and virus checkers and can't find any issues on my computer. I have a personal PC which no one has access to. Finally, i dont use Wifi. So i thought all in all i was pretty secure.
I can only assume that the hackers have either got into google's systems somewhere, or they are guessing passwords (mine was just a single word which is in the dictionary). So i recommend to everyone with an adwords account to change your password today to some with letters and numbers, plus upper and lower case.
I am sorry to say that this thread contains a couple of serious errors:
> Easiest way to not get phised (sic) then funked over is to NEVER click a url in any email realting to Google, yahoo, msn etc.. or at least always hover over and double check before clicking.
>So go to google adwords website by typing it in yourself and then check
I discovered last week that there is an outstanding unpatched flaw in the DNS system that particularly affects Windows PC's (including Vista) which would make the above precautions totally ineffective.
This DNS hack is not new, it has already appeared in at least one virus. It could lead to an explosion in phishing, spoofing and fraud, but Microsoft haven't got round to dealing with it yet.
The hack is entirely invisible to a user and isn't picked up by most Internet Security products either. It means that you could type in Google accurately and still be sent to a fake website.
As there don't seem to be any quick solutions to the hack yet I am not going to explain where the fault lies until there is a patch available. Please don't PM me asking for details. If you know what it is, or can work it out, please don't publish it here; there is still money in my bank account I would prefer not to have looted.
I have been in touch with the people who should be keeping an eye on these sort of things and provided proof of concept, they have promised to take a fresh look at it. Let's hope for an early resolution.
Sorry to be so cryptic, I hope you can all appreciate why.
Your actually a bit behind, this became known about months ago, although was hushed up while vendors updated their software - including microsoft.This DNS hack is not new, it has already appeared in at least one virus. It could lead to an explosion in phishing, spoofing and fraud, but Microsoft haven't got round to dealing with it yet.
Once the products in question were fixed, it was made public.
It wasn't actually a security hole, it was something that hadn't been thought of when the DNS system was devised.
Most systems are patched now, including Windows if you've kept up to date with update.
It wasn't the easiest to exploit anyway, and wouldn't of been used for general phishing. It was a more a proof of concept than anything else.
Out of intereset and being nosey what was it they were advertising?
Allsorts - weather, adware, some chinese stuff i cant understand, virus checkers, and lots of other words i cant remember.Google has now locked the account so i cant see anymore.
>>Your actually a bit behind, this became known about months ago, although was hushed up while vendors updated their software - including microsoft.
Sorry but I wasn't referring to the Dan Kaminsky DNS hack which was mentioned in much of the press recently, this is a entirely separate Windows DNS hack. Details on the Kaminsky hack are here:
Dan Kaminsky Discovers Fundamental Issue In DNS: Massive Multivendor Patch Released | securosis.com
I have tested the Windows flaw I was referring to with the following fully patched operating systems, browsers and security products, and not one of them picked it up or gave any security warnings:
OS:
Windows Vista
Windows XP (all previous windows will also be vulnerable)
Linux (vulnerable but more difficult to exploit)
Browsers:
IE7 7.0.6001.18000
Firefox 3.0.1
Security Products:
Windows Defender
Mcafee Internet Security
AVG
Zonealarm (for XP and Vista)
This vulnerability is still out there and unpatched <del>months</del> years after it was first exploited in the wild.
I've never had any issues with Opera browser Opera browser: Home page, IMO only the extensions of firefox put it just in front for our kind of work but I still use opera instead, if the opera developers got their asses into gear and produced web marketing orientated extensions then it'd be awesome .. instead of just purely superior and hack attack free .. well virtuallyOriginally Posted by Do No Evil
>>if the opera developers got their asses into gear and produced web marketing orientated extensions then it'd be awesome .. instead of just purely superior and hack attack free .. well virtually
I just installed Opera. I was reassured by the splash screen that says: "Opera 9.5 includes improved Fraud Protection which is now enabled by default. Fraud Protection detects and warns you about fraudulent Web sites automatically."
Unfortunately it didn't detect this hack or the fake website that I have set up for test purposes.
I have spoken to those people that should be keeping an eye on these problems this morning, and the general opinion was that because the flaw lies in Windows it is a user issue - i.e. you should know about it and you shouldn't rely on security software to tell you there's a problem.
I have also discovered that the exploit has already been in used in over 1100 viruses, so malware writers are already well aware of it.
In that case I am going to explain here how the exploit works so that you can take measures to protect yourself.
I have setup a domain name which will appear in three different places on the internet at once (though it could be thousands of places). The site is crepes.co.uk. It could just as easily be Natwest.com or HSBC.com or Paypal.com
Please go to crepes.co.uk - it's a parked domain name full of adverts. Then close your browser.
Now open Notepad or a text editor on your PC using an account with admin rights in XP or as an administrator in Vista (rightclick the editor icon, choose run as an administrator)
Open this file:
C:\windows\system32\drivers\etc\hosts
and save a backup copy C:\windows\system32\drivers\etc\hosts.bak
reopen the original file:
C:\windows\system32\drivers\etc\hosts
then add:
212.227.57.44 crepes.co.uk
and save the file.
Open a browser of your choice and go to crepes.co.uk. You should be able to see that the hack has completely circumvented the worldwide DNS System and gone directly to a fake website with the text:"This is the first fake crepes.co.uk at 212.227.57.44". You may need to force refresh your browser.
When you have visited that site, close your browser and then change the amendment in your hosts file to read:
87.106.136.57 crepes.co.uk
then reopen your browser and go to
crepes.co.uk
You should see the third variant. You may need to refresh, but you should see the second fake site with the text: "This is the second fake crepes.co.uk at 87.106.136.57".
Now imagine that you are sitting in an internet cafe and someone has being editing the hosts file on that machine.....
I removed the www from the domain name above to get round A4U forum formatting, but the hack works the same with www.domain.com
And here are the details of those 1100+ virus variations that have already made use of this simple hack:
Search Advisory, Vulnerability, and Virus Database - Secunia
If you have security software or a browser that picks up these changes and gives a warning, please post it here.
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
LinkBack URL
About LinkBacks
Reply With Quote
| Msn: My Username @ hotmail.co.uk
Bookmarks