Your Google Ads Account Was Hacked, Now What?

Your Google Ads Account Was Hacked, Now What?

Trapica Content Team

Marketing Guides
5 min read
May 3, 2021

It doesn’t matter what website we use; we trust that the security of the site will be enough to keep us safe. Whether it’s Facebook or Google Ads, we log in everyday with the idea of getting hacked never entering our minds. Unfortunately, many people are hacked daily. Although we don’t like to think about it, businesses on Google Ads are often compromised when someone with high-level access is hacked.

While some will be reading this in a panic because their account has been hacked, others will be reading as a precautionary measure; we have valuable insights for both in this guide. First things first, what do you do if your Google Ads account was hacked?

Steps to Take After a Hacking

Before anything else, we should note that Google has strong precautions in place for when this happens. There is a chance your Google Ads account will be suspended if they suspect the account has been compromised. As soon as this happens, your account is disabled and your campaigns will halt temporarily. This limits potential damage.

Of course, if this happens, you won’t have access to any Google products. This means that nobody on your team will have access to Gmail, YouTube or any other Google product linked with the Ads account.

Whether your account is suspended or not, you must follow the next steps to keep your account secure and reduce harm to your business. By following Google’s advice, you’ll be up and running again in no time.

  • Step 1 - Enter the account recovery process for your Google account.
  • Step 2 - Head over to the Help Center and fill out the form for compromised Google Ads accounts. There’s no need to panic if your account hasn’t been suspended yet because this is the first question Google will ask. From here, enter your contact name, account login email ID, contact email and Google Ads Customer ID. You’ll then answer a couple of other yes/no questions and have an opportunity to upload a screenshot.
  • Step 3 - Next, contact the dedicated account manager (if you have one).
  • Step 4 - The account recovery process will begin. As a side note, we highly recommend activating the two-step verification login.

Once you’ve completed these steps, Google will quickly create a plan and investigate the case. After scanning your account, it will remove any unauthorized activity; this could be changing the settings of your existing campaign, or even entirely new campaigns that you didn’t authorize. Either way, Google will stop anything you didn't do personally.

When the checks are complete and Google is satisfied with your account status, you can begin reactivation. The two-step verification set up is a matter of clearing up any confusion regarding payments that took place. After reporting the compromise, you should receive a detailed report of the investigation.  

Unauthorized Costs

Hackers don’t often break into an account just to check analytics, so all unauthorized costs will be noted. If you find any, Google will usually reimburse the money in one of two ways. When filling the compromise report form, you can choose which of the two you prefer.

The first option is a credit adjustment, which essentially means that you’ll have credit for any future spending. The money won’t return to a bank account, but any future advertising spend will be taken from this pot of money. When it runs out, the payment model will revert back to normal.

The second option is a full refund, which is more common when costs are accrued but not yet charged. Google will write these off and the reactivation of your account should take between one and two weeks.

Please get in touch with Google if you have any questions or concerns regarding your account after reactivation. If Google isn’t aware of issues, it can’t work towards a solution. We’ve found that the Google team is skilled at helping both marketers and businesses when an account is compromised.

Checking Your Account

In this section, we want to speak to those who are reading this as a precaution (or who have been hacked previously and want to improve their account security). If you don’t have access to your account, you still need to recover it. The account recovery system is for when your account is deleted, you can’t sign in or your information has been changed or edited.

Checking Activity

Once you have access, the first step is to check all activity on your account. This is useful for those who have been compromised as well as those who just want to learn how to keep their account secure. Click Security on your Google account, and then Review Security Events (which is on a panel called Recent Security Events). If you see some activity that you don’t recognize, select ‘No, it wasn’t me.’ Google will then take you through a process to secure your account.

Checking Devices

Starting on your account again, choose Security and then Manage Devices (this time we’re on the Your Devices panel). Just as we did with the activity, look through the devices that have accessed your account. As a business Ads account, you should check mobile phones, tablets, laptops and any other devices associated with your team members. Get the team together and choose the ‘Don’t recognize a device?’ option whenever it’s appropriate.

Photo by Ariel on Unsplash

Improving Security

At this stage, you should return to some form of normalcy. At this point, it’s important to secure your account and make sure that it’s protected for years to come. It’s impossible to eliminate the threat of hackers and scammers, but we can increase how difficult it is for them to gain access. See our helpful tips below:

Communicate with Your Bank

It’s important to keep our banking details safe on Google. Talk to your bank and ensure that nobody has sent instructions contrary to what you have chosen yourself. In the past, we’ve seen hackers open accounts and transfer money without the account owner’s knowledge.

Use Two-Step Verification

Two-step verification is an underused and underrated security feature that most use to set up a password login on their phone. Even if hackers steal your password, they won’t have your phone so will be unable to type in the passcode.

Use a Secure Browser

Biased in favor of their own browser, Google will recommend you use Chrome. We can’t argue with them because Google has the best security measures for its own products. Since Chrome is designed to be used with Google products, you should be able to keep your account safer than ever.

Another advantage of choosing Google’s browser is Password Alert, which will notify you if you’re entering your password into a web page imitating Google. This way, you can back out before losing your password to another website.

Use Anti-Virus Software

Next, make sure you have anti-virus software running on your computer. Just because your account is now secure and reactivated doesn’t mean your computer is safe. When in doubt, reset to factory settings and consider reinstalling the operating system for a fresh start—back up your files first.

Pay Attention to Every Product

While we’re discussing a hacked Google Ads account in this guide, you should improve security across every Google platform you use. There are important security measures for Google Drive, Gmail, Chrome, Location, Photos and more. For example, you can uninstall extensions on Chrome and remove any forwarding rules not set up by your team.

Have You Been Hacked?

This is an important question, and identifying an incident can reduce stress for millions of people. On Google, you might notice the following:

  • Different security settings (including recovery phone number or email)
  • Unauthorized financial or device activity
  • Notifications about a new sign-in that you didn’t sanction
  • No new emails on Gmail (when you previously received several per day)
  • Reports from friends and business acquaintances of spam emails from your address

If your Google Ads account has been hacked, follow our advice to get back on track. Take measures to keep your account secure and prevent it from happening again.

OhNoo by Trapica

Worried about hackers accessing your account? Instead of reacting to being hacked, you can proactively protect your ad accounts. OhNoo by Trapica is a security layer for your ad account that keeps it safe from hackers and even common mistakes. Learn more at www.ohnoo.io.

Protect your ad account, gain audience insights, and automate and optimize your Google ad campaigns with Trapica's Marketing Suite

Marketing Guides
5 min read
May 3, 2021