Yahoo Search Marketing Internal Fraud Case: Help & Future Prevention Tips
- SEO |
Heads up, and I've seen minor mentions / hints at this elsewhere, but no major threads...so if there are some, please point them out here and let's hook 'em up at least that way, please.
Our company's Yahoo Search Marketing account was hacked into internally (internally meaning at Yahoo, not from this end), no other way to say that that I know of, so feel free to correct me:
- -in fast action, someone took over the account, changed the email and password, locking us out (note: they had added their own PPC section of ads, but we had no time to dig in and see where the ads pointed, etc.)
Then they ran up our funds to roughly a couple thousand before we had time to log into Paypal and pull the plug in the Profile area and report the incident to their fraud dept (who handled it promptly, shutting down their funds in full and getting ours back.)
~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~
By running up our funds, I mean this:
We had a set budget per day. The person increased the budget to a super high limit, inserted their own campaign, and directed traffic there (we saw this once we logging in to see why Paypal receipts kept pouring into our email account confirming that more and more and more funds were added within a short period of just a few minutes (12 counts of fraud - taking funds from Paypal - to date showed up in a matter of minutes).
Once I personally logged in to see what was going in, someone already in there from the Yahoo side (unless there was indeed another party in there) changed the password and email, and I was logged out and could do nothing at all. Note while I was in there, charges were still processing via Paypal, so the thief was in there while I was, for sure. Initially I had time to change the budget back to where it was, but someone immediately changed the access info, refreshed and locked me out, then continued stealing more funds from Paypal for the illegal activity.
Hope all that sequence makes sense. Still too fresh and weird to take lengthy time to write up step by step....too chaotic right when you're trying to check out for the day, wow.
~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~
Note a tech checked our computers and there was no malaware, bugs or other negative hidden or active hijackers or anything all on our systems; and no other accounts were hacked into or anything.
After reviewing Yahoo Search Engine charges issues this weekend, I'm finding this is common. So my advice, as they do bring in traffic, is this:
1) Backup your campaigns into a Google Adwords account and / or in an Excel doc or some way. Because you'll want a fresh start - and promptly - after fraud activity, more than likely.
2) Once you load funds, disconnect your Paypal link up immediately by logging into Paypal, going to the Profile section and disabling the Payment for them.
3) Then when you need to add funds, manually add them via Paypal, which will again get that link active. So after you add the funds, log back into Paypal and do step #1 again.
4) Monitor the use of your funds at least monthly and report any fraud to Paypal and your financial institution (the one of your credit card or bank account) first. At this time, for any fraud issues, Yahoo phone numbers run you around so that you have to actually email a feedback address for "help" that I have no idea works, as we've heard nothing from them. So have patience and jump their hoops to figure out where to send your info AFTER you have contacted Paypal's fraud department and your bank's.
Any other tips that you can share would be appreciated by many people, would be my guess, after all this. So thanks in advance for any sharing!
Our company's Yahoo Search Marketing account was hacked into internally (internally meaning at Yahoo, not from this end), no other way to say that that I know of, so feel free to correct me:
- -in fast action, someone took over the account, changed the email and password, locking us out (note: they had added their own PPC section of ads, but we had no time to dig in and see where the ads pointed, etc.)
Then they ran up our funds to roughly a couple thousand before we had time to log into Paypal and pull the plug in the Profile area and report the incident to their fraud dept (who handled it promptly, shutting down their funds in full and getting ours back.)
~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~
By running up our funds, I mean this:
We had a set budget per day. The person increased the budget to a super high limit, inserted their own campaign, and directed traffic there (we saw this once we logging in to see why Paypal receipts kept pouring into our email account confirming that more and more and more funds were added within a short period of just a few minutes (12 counts of fraud - taking funds from Paypal - to date showed up in a matter of minutes).
Once I personally logged in to see what was going in, someone already in there from the Yahoo side (unless there was indeed another party in there) changed the password and email, and I was logged out and could do nothing at all. Note while I was in there, charges were still processing via Paypal, so the thief was in there while I was, for sure. Initially I had time to change the budget back to where it was, but someone immediately changed the access info, refreshed and locked me out, then continued stealing more funds from Paypal for the illegal activity.
Hope all that sequence makes sense. Still too fresh and weird to take lengthy time to write up step by step....too chaotic right when you're trying to check out for the day, wow.
~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~
Note a tech checked our computers and there was no malaware, bugs or other negative hidden or active hijackers or anything all on our systems; and no other accounts were hacked into or anything.
After reviewing Yahoo Search Engine charges issues this weekend, I'm finding this is common. So my advice, as they do bring in traffic, is this:
1) Backup your campaigns into a Google Adwords account and / or in an Excel doc or some way. Because you'll want a fresh start - and promptly - after fraud activity, more than likely.
2) Once you load funds, disconnect your Paypal link up immediately by logging into Paypal, going to the Profile section and disabling the Payment for them.
3) Then when you need to add funds, manually add them via Paypal, which will again get that link active. So after you add the funds, log back into Paypal and do step #1 again.
4) Monitor the use of your funds at least monthly and report any fraud to Paypal and your financial institution (the one of your credit card or bank account) first. At this time, for any fraud issues, Yahoo phone numbers run you around so that you have to actually email a feedback address for "help" that I have no idea works, as we've heard nothing from them. So have patience and jump their hoops to figure out where to send your info AFTER you have contacted Paypal's fraud department and your bank's.
Any other tips that you can share would be appreciated by many people, would be my guess, after all this. So thanks in advance for any sharing!
Tired Of RISKY SEO Hosting? This Option Is SAFE
WordPress Hosting
SEO Hero