Column: Taking Candy from a Baby

“Try AdWords for Free” was the invitation from Google as the company sought new users to its advertising programme. The invite was so solid that it wasn’t long before “Free” really was paying my bills.

Admittedly, it’s perhaps not Google’s intention that a growing legion of web savvy online marketers and canny entrepreneurs wouldn’t pay for any adverts – ever – and take the literal meaning of “free” to its extreme.

Yet for 18 months that’s exactly what I did. I got free advertising to the tune of $100,000 on Google and never paid a dime for it. My clients loved it.

While sounding like the sort of ploy promoted by flaky get-rich-quick types; and you’d be forgiven for thinking so, for a time Google really did hand out ‘cash’.

My clients were in the taxi, fast-food delivery and travel sectors – each operated in the Direct Response channel – DR Search visitors are easiest to convert: they click text ad links, visit then order with little “dwell time”. DR traffic is a numbers game of requiring a ratchet like Google to up visit levels and drive sales.

The Sting
Clients paid me a percentage of the value of the vouchers. For example if I gleaned $1000 worth of adverts on their behalf, they paid me $500 – $700. In this respect, Google’s goodwill was washed to produce real money – either to me as a fee, or from the business conducted by the client.

Laundering Google’s own money back into AdWords coupon-by-coupon, site-by-site for search clicks was fair game. I used over 150 sites, 1000 plus email addresses and aimed for various web activities – page view, download, referral, lead generation and sale – on the back of the traffic.

I recorded each element of the sting in order to cover my tracks and to work out where I might have gone wrong should Google ban any of my websites from Adwords. I logged everything: domain hosting info, Server IPs, set up date/time, email address, account name and address, Wi-Fi IP address used at set up, deployment type (e.g. auto via Google software or manual) and voucher source.

Occasionally I’d be busted and a domain banned from Google Adwords. For disqualifications I used classic phishing tactics and befriended the customer service agents by talking about Cricket, Bollywood and throwing in a few Hindi sentences translated by Google – thankfully, I guessed their location and with minor chivalry could reinstate my domains.

Free to the extreme
Getting credit from Google was not difficult. The sting went like this: get a voucher (usually of $50, $75 or $100 value), register a new Adwords account, upload a pre-set Adwords campaign of keywords and adverts, submit the credit then sit back and capitalise.

The vouchers were distributed on and offline – they were everywhere: in magazines, sent by email, available through Google’s own Adwords promotion pages or in everyday life such as snapping a photograph of the 16-digit code printed on credit card like inserts within tech magazines – it wasn’t like I was stealing the magazine from the shop! And with $75 codes my shopping could be offset.

A more systemic approach existed online via a special “marketers” only programme called Google Engage.

Through the pretence of being an ad agency capable of bringing in new clients to AdWords, the company dished out $1500 worth of ad credit to distribute to businesses via Google’s Engage programme.

Aside from Google Engage were legions of voucher sellers – from Chinese students on VPNs to organised ‘reseller’ businesses or middle-men ready to deliver ebooks on how to get free adverts or sell a voucher. EBay presented no shortage of opportunity either.

Presumably, Google hoped for between an industry standard 5% and Spotify level 7.5% free to real-money client conversion rate. But in many cases no new clients were enticed. It was not hard to pass the application criteria, with repeat applications, the available balance soon multiplied $1500 to $3000, $6000, and beyond – unlike the rest of the economy, getting credit at the Bank of Google was a doddle.

It was cat and mouse: Google versus my smokescreen.

In fact, everything about the con involved giving Google the run around to avoid detection. I rotated the websites, used many IP Addresses and never deployed the same source of voucher code in direct succession. Randomisation was the key.

For instance, I would never set up a new account with identical keywords to a previous one. And by resetting my router, or using free web proxies, or venturing to a local Starbucks where I’d sully their IP with my dalliance into obfuscation. Google with all their server capacity and 60,000 staff remained powerless to thwart thousands of people enjoying pro bono AdWords.

Setting up Google
There was a limit of one voucher per site. However it was possible to circumvent the system by using multiple websites on long-rotation, (and for some reason so long as it wasn’t used in quick succession), a site could be used over and over to rack up thousands of dollars’ worth of clicks.

There had to be randomisation, so the very first step was to get a bunch of domains (for little as a cent) at one of the many domain registrars using near “freemium” level pricing. The next step involved hosting websites on the domains at any of a multitude of free hosting companies.

Google AdWords promotional vouchers required a unique email for registration. However, by linking up with Twitter spammers to purchase 500 Twitter accounts and emails for $20 the set up time dropped to a few minutes. I mean imagine the boredom of registering email addresses, then AdWords accounts.

On a technical front there were even methods to export a CSV file (a type of Microsoft Excel format) using Google’s proprietary AdWords Editor. Once exported the same file was re-imported to a new account. The technicalities involved were minor and an account took a moment to upload.

Bank of Google
With around ten sites per day, each laundering $50-100 of Bank of Google credit per account, the traffic from text Ads rolled in. Clients were obliviously happy and Google took the hit.

Unlike Bing or Yahoo who required prepayment using a verifiable credit card and contact details to start advertising, Google verified nothing and ran adverts off the bat. The main thing was to use a real name (something that matched the electoral register), a bona fide street address and live telephone numbers and keeping IP etc. unique.

By the time, the company reigned in the wide scale abuse one of the biggest free-for-alls had already happened. Millions of dollars’ worth ($100,000+ in my case) of free search clicks had vanished.

There were times when selling coupons was the only way to offload a stock of credit. Then comically Google introduced a reward scheme for the high achievers – those who signed up (or sold!) over 20 new accounts would receive real money credit for merchandise in the Google Store.

Soon after launch, the reward scheme gifted me $2000 credit to use in the company merchandise shop, by way of thanks for the crowd-sourced Biz Dev.

My home was packed full of Google branded merch: expensive leather Zatchel bags, T-Shirts, Hoodies, Hats, Stationary, Gizmos, Electronic equipment….6 very large DHL delivered boxes of swag. It was a ridiculous gesture and hard won!

So if burrowing down a rabbit hole, through a trap door, out the back then round the houses sounds like a great way to earn a living online just remember ‘if it’s too good to be true, it probably is’, given the loophole soon closed and with it any opportunity.

But for a time, alongside a cast of thousands, Google paid me to snipe their money and as usual all they wanted in return was data – after all it wants to be free!

Rhoda Crocket
Rhoda Crocket is Netopia’s undercover hacking and spamming expert. The name is fake (like with any spammer), but Netopia knows her real identity.