First things first, let me stress that neither The Search Agency nor I personally have ever or would ever make any use of the loophole described in this post. This is deeply unethical stuff that you’d have to be wearing a huge and exceptionally dark black hat to consider. We don’t do it and clearly neither should you. The terrifying thing, though, is that you could…
When you last set up an AdWords account, remember all the hoops you had to jump through to prove to Google that you were the owner or authorized agent for the domain you wanted to use?
No? Me neither, and here’s why: despite the fact that Google has a trademark policy to prevent you from using your competitors brand names, there are no measures in place to stop you from running AdWords campaigns using their domain. It’s not been possible for some time to run ads which feature a display URL with a different domain to the landing page, but as long as you’re happy for the ads to point to your competitor’s site, you can run those ads to your heart’s content.
That doesn’t matter, you may think, no company’s going to be stupid enough to pay for their competitors advertising. What possible benefit could there be in that? This is Google’s argument, and on the surface it seems to make sense.
But the fact is, given a little thought, there’s plenty of scope for serious damage that an unethical competitor (or just a rogue individual) could inflict upon a business. Did you ever see a really compelling ad for one of your competitors and wish you could make it less effective? Or make it reach fewer people? With AdWords, frighteningly, you can.
Just create your own unappealing ads using their domain and bid to outcompete their real ads. Since Google will only allow one ad to show for any one domain on a results page, you can effectively replace your competitors own ads with ones that are as unappealing, unattractive or brazenly offensive as you like. How about these?
Need A Car?
No Good With Werds?
XYZ Software 2.0
Imagine the fun you could have! Still, amusing as it might be to sling mud at your competitors in this way, it’s none too subtle, and those ‘per click’ costs might rack up from user curiosity alone. A much more troublesome risk of this loophole is it being exploited in a way that’s less detectable to the user performing a search.
Since it’s possible for sneaky companies to buy advertising for their competitors alongside their own, why not make the two ads directly comparable, but with the ‘real’ ad significantly more attractive, like this:
XYZ Only $100
XYZ Only $150
For users it’s a no-brainer, so clicks to the competitor ad will be virtually non-existent, and that means bids can be set ludicrously high to combat the effect of low CTR on Quality Score. In fact, while you’re at it, why stop at one competitor? Since there’s nothing to stop you creating ads for any domain you like, you could pull the same trick with every one of your competitors on AdWords, managing bids so that your real ad lives in position one and all your fake competitor ads have bids just high enough to keep the real competitors off the page. Voila, the vast majority of Adwords clicks on these pages will come straight to your real site.
Of course, there’d be difficulties: the CPC you’d achieve on your real ad would be necessarily high, and the smattering of clicks on your fake competitor ads would likely be extortionate. In fact, the whole production would likely cost a good bit of money and a lot of clever AdWords management time, but for what amounts to complete ownership of the sponsored links on your preferred search terms, it’s not impossible some companies may consider that a price worth paying.
Google’s position is simple: if there’s a brand issue in the ad copy (not including the display URL) they’ll get involved to a limited extent, but the display URL or anything even as flagrant as the above example is an advertiser-to-advertiser issue. In short, it’s a problem for your lawyers, not Google’s.
So, while it’s likely that this kind of aggressive hijacking would lead to serious legal trouble for the perpetrator, this would probably come too late for the company whose product launch, event or other promotion has been buried by it; and, in the murky world of cybercrime it’s likely that someone wanting to inflict such an attack could probably find a clever way to keep the paper trail away from their door.
Maybe this kind of elaborate scam is unrealistic, but the fact is there’s nothing that actually makes it impossible. And as long as Google requires no authentication of domain ownership before running ads, the threat of someone exploiting this loophole at the expense of your business is very real, even if it’s just an angry customer or disgruntled ex-employee who’s willing to pay to air their grievances in a very, very public place.
Have you ever been a victim of this loophole, or even used it yourself? Or can you think of some even more diabolical possibilities this opens up? Let me know… and try not to have nightmares.
- Google Made Me Do It — Is Interflora vs. M&S Missing the Point? - May 29, 2013
- I Don’t Wax, So Groupon Wanes – How Groupon Got Targeting Wrong and Lost $11 Billion - November 19, 2012
- AdWords +New +Matchtype - May 24, 2010
- AdWords’ Scariest Loophole - January 25, 2010
- What Does Google’s Supersized Search Box Suggest to You? - September 10, 2009