5 Things to Do If Your Google Ads Account is Hacked

What happens if you wake up one day and login to learn your Google Ads account has been hacked? A hacked Ads account can mean you're budget has been used on useless terms, potential brand damage, or even website security issues for you to solve.

In this guide, we'll teach you the top five steps to recover your hacked Google Ads account and secure your campaigns. So, let's get right to it.

Step 1: Secure Your Google Account

The most important thing to do is to secure your Google account first. Once hackers get in, they can change settings, steal sensitive information, or drain your ad spend budget, so let's make sure they can't log back into your account.

1. Change Your Password

2. This is the most critical step. Make sure your new password is strong with a mix of letters, numbers, and symbols. Try to avoid using a password that can be easily guessed or solved with a brute force method, so don't use something that's easily guessable information, like a name or a word that's found in the dictionary. We recommend using a strong password generator to ensure the new password cannot be easily solved.

3. Enable Two-Factor Authentication (2FA)

4. 2FA is one of the best ways to prevent future unauthorized access to your Google account. With 2FA enabled, anyone who is trying to log in will need to enter a one-time additional passcode that is sent to your phone or email. It’s an extra simple step that adds an additional layer of security to your account.

5.  

6. To enable 2FA navigation to Admin > Access and Security > Verification during sign-in.

7. Restrict the Account to Allowed Domains

8. Make the accounts that can log into your Google account limited to only the domains that should have access to it. This means that if Jerry@example.com is the only person who should be logging into the account, then you would limit the account to the allowed domains of example.com. An email from any other domain will not be allowed into your account.

9. To configure Allowed Domains, go to Admin > Access and Security > Allowed domains and click "Add Domain" to add a new one.

10. Check for Unusual Activity and the Users Who Accessed the Account Recently

11. You can see a list of users and which ones would have accessed the account recently by navigating the Admin and then clicking on the Users section. In there, review the 'Last signed-in date' for each user. As a precautionary measure, consider revoking access to any suspicious accounts by clicking the 'Remove access' button in the rightmost column of the table.

How do I prevent future hacks on my Google Ads account?

We recommend using strong passwords and enabling two-factor authentication (2FA). We also strongly recommend that you regularly monitor your account activity. While Google has industry-standard security, by adding extra layers of security like 2FA, you can reduce the risk of unauthorized access in the future.

Step 2: Check Account Activity and Billing

Now that you’ve secured your Google account it’s time to get into your Google Ads account and check for any unusual activity. Hackers may have changed your campaigns, ad spend, or billing details.

1. Review Account Activity for Unauthorized Changes

2. Once you get back in, go through the account activity to see if any changes were made. Look at the campaign settings, ad spending, and payment history to see if there are any discrepancies or unauthorized charges.

3. Check Billing Information and Payment Methods

4. Check your billing information to see if it’s been changed. Hackers may have changed your payment methods to send funds to their own accounts. If you see any suspicious charges, take note and contact your bank or credit card company immediately.

5. Contact Your Bank or Credit Card Company

6. If you see fraudulent charges, contact your bank or credit card company right away. They can block further transactions and may even open an investigation into the unauthorized payments.

Will I get my money back if I am charged fraudulently?

In most cases, yes, Google will give you a refund for any fraudulent charges after they investigate the issue.

Step 3: Contact Google

When your Google Ads account is hacked, you need to contact Google Ads support as soon as possible. Google has teams dedicated to suspending unauthorized campaigns and investigating the hack.

1. How to Contact Google Ads Support

2. Google Ads has several support channels, chat, email and phone. Choose the one that’s best for you and explain the situation. Give as much information as possible, any changes or transactions in your account you don’t recognize.

3. What to Expect from Google

4. Google’s support team will help you secure your account and may even suspend suspicious campaigns or ad groups. They can also investigate the issue and walk you through the steps to get your account back to security.

5. Request a Refund for Fraudulent Charges

6. If you see unauthorized charges, request a refund from Google. They may investigate the fraud and, in some cases, will give you a refund for the money lost during the hack.

What if I can’t get through to Google Ads Support?

If you can’t get through to Google Ads support through the chat or phone, try submitting a detailed request via email. You can also check their help center for more options.

Step 4: Audit Your Campaigns and Ads

Once you’ve secured your account and contacted Google support, the next step is to audit your campaigns. Hackers may have changed your campaigns, keywords or even ad copy to send traffic to malicious sites or waste your ad spend.

1. Review Active Campaigns and Keywords

2. Go through all your active campaigns and keywords. If you see any you don’t recognize pause them immediately. Check if the targeting or ad schedule has been changed.

3. Check Ad Copy and Landing Pages for Changes

4. Hackers may have changed your ad copy or redirected your traffic to malicious sites. Check the ad copy is as you left it and the URLs to make sure they’re sending traffic to the right landing pages.

Step 5: Ongoing Monitoring and Security

Once you’ve fixed the immediate issues, you need to implement long-term monitoring and security practices to prevent future hacks.

1. Monitor Account Activity Regularly

2. Even after you’ve secured your account, make it a habit to monitor your Google Ads activity regularly. Check campaign settings, billing, and ad spending to catch any anomalies early. We recommend using the Brandverity PPC Search Monitoring tool to help make this process easier

3. Check Access Permissions for Other Users

4. If you have other users in your Google Ads account, make sure their permissions are correct. Only trusted people should be able to make changes to your campaigns.

5. Educate Your Team on Security Best Practices

6. If you have employees or contractors managing your Google Ads account, make sure they know the latest security best practices. Teach them about password management, 2FA, and how to spot phishing.

How often should I check my Google Ads account for security?

We recommend checking your account at least once a month, especially after any major changes or updates to your campaigns.

By following these 5 steps, you can get your Google Ads account campaigns back in control and secure your account for good.

Here's a quick recap of what we covered above.

First, secure your Google account by changing passwords and enabling 2FA. Then, check your account activity and billing and contact your bank for any unauthorized transactions. Contact Google Ads support to get them to suspend malicious campaigns and request a refund for any portion of your budget that was used. Finally, audit your campaigns, monitor activity regularly, and educate your team to prevent future hacks.