Warning: New AdWords phishing and the MySQL saga

Posted by Dave CollinsGoogle Ads

A number of companies have received a Dear John from Google, over their use of the term “mySQL” in their ads.

Google’s trademark policy is at best puzzling, and as pointed out in an earlier post, there appears to be a three-stage hierarchy:

Level 1 – companies who direct enough legal heat at Google to make them wince. Sunburnt but not charred. Try to use one of these keywords, and Google won’t let you save or upload them.

Level 2 – companies who contact Google over trademark infringements, and are prepared to jump through Google’s hoops. Google then pull the offending ads.

Level 3 – modern-parenting rules: let the parties involved sort it out on their own.

Today’s MySQL story is an odd one though. The bewildered offenders haven’t had some of the ads pulled. They’ve had all of them taken down. Usually when this sort of thing happens, Google disallow some of the ads but leave others.

It’s puzzling. I’m surprised that the world’s best company at searching and indexing the web can’t do the same within an AdWords account.

More puzzling still is the fact that this appears to have affected a large number of AdWords accounts, and Google appear to have proactively suspended all offending ads in all applicable accounts.

But that’s not all.

Being the obsessive thorough person that I am, I ran a quick search on AdWords mysql on Google, to see if I could find other people reporting the issue. The results displayed an interesting ad, shown below.

Ads that make you go hmmm

The first ad appears to be a phishing attempt. If you go to that site (I recommend you don’t) the page appears to be the regular Google login, but it’s not. It’s a Chinese website that looks like a phishing attempt for Google AdWords login details. The icing on the cake is that they are advertising through AdWords itself. Their ROI must make it worthwhile. Worrying in itself.

I would have thought that Google would be on the lookout for that sort of thing, but apparently not. If you’re going to phish for AdWords login details, the obvious place to do so would be in AdWords itself. I would expect Google to take good care of their advertisers, yet these ads are being shown in the UK and US, and probably in other countries too.

I did notify Google by phone 20 minutes ago, and credit where it’s due – the ads are now gone. It’s good to see that Google protect their advertisers as well as themselves.