Many Google Adwords users experience account hacking by scammers, as a result of which funds on the balance sheet “disappear”, bank card data fall into the wrong hands, or accounts are used for arbitrage.
For example, you did a great job — set up contextual advertising, did optimization, got customers and first sales. As a result, all efforts are wasted, since access to the account is closed, and valuable information and funds on the balance are assigned to hackers.
To avoid situations of this kind, you need to ensure the security of your Google Ads account, and you will learn how this is possible later.
Who can hack your ad account?
Crackers want to get accounts not only for the sake of money in the account, but also for other, more profitable purposes. For example, “good booty” can be developments in campaign settings that you spent a lot of precious time on, or other valuable work that dishonest arbitrators then use.
People who can be divided into several types may be interested in your accounts.
Scammers
After gaining access, they change the associated email address, after which the real owner will not be able to enter the personal account. Further actions are usually as follows:
get money from selling a hacked account;
make money on arbitrage using your account;
Start advertising your company at someone else’s expense.
If you’ve been hacked on other Google services, you should start worrying. An attacker may be interested in your promoted YouTube channel, and after hacking get access to the Google Ads advertising account. You only need a username and password from any Google service.
Some PPC specialists use very dishonest ways. All you have to do is provide the login and password of the account from which the advertisement is being conducted, and you will lose access to it. It is enough for the contractor to link an account to the Client Center and he will be able to dispose of it as he wants.
There are different situations. A specialist can cooperate with you from the very beginning for one goal – to gain confidence and hack your account. Or you are not satisfied with the work done by the contractor, and he appropriates the campaigns that he will use in the projects of other customers.
Attention! We recommend ordering advertising from trusted agencies and performers. But in any case, it is better to secure your account, although fraud by such companies is unlikely.
Competing Organizations
It is also impossible to exclude unscrupulous competitors, it may be in their interests to hack the advertising account of a successful organization for the following purposes:
use other people’s insights and other developments in advertising your project;
use a hacked account with an optimized campaign to promote your business.
Usually, such cases involve the hand of a hacker, or dishonest specialists, pouring into the confidence of the victim of a hack.
What security issues can I encounter with my Google Ads account?
Let’s list the main options:
Password guessing. A popular way to hack not only Google Ads accounts, but also most Internet services. It doesn’t take a lot of brains to learn this kind of hacking – password guessing programs roam freely on the Internet, along with instructions for use, despite their illegality.
Phishing. If the previous hacking method is not successful, the attackers resort to another actual option. Attractive emails with links leading to a fake site are sent to the victim’s email, where you will need to log into your account. The information goes to the attackers and you are denied access.
Viruses and keyloggers. This method is usually resorted to at the very end, when the victim does not follow the links sent or generally ignores such spam. Then the hackers send “safe”-looking files, in the form of a text document or a file for installing software. They have applications built into them that read keystrokes, or reveal all saved passwords in an Internet browser.
A game of trust. The scammer pretends to be an experienced contextual advertising specialist and asks for login information. At the same time, he will be able to block your access to all Google services, because they require a single login and password. Particularly arrogant scammers may require an advance payment for the service, but most do not dare to take such risks.
Important! To increase the security of your Google Ads account, it is better to ignore suspicious emails.
Why is it dangerous to lose access to your ad account?
If your account is hacked and your access is denied, it can lead to big trouble:
loss of an advertising account with effective campaigns and important insights;
appropriation by hackers of unspent funds on the balance;
If you completely lose access, you will have to start promoting the company from scratch.
Let’s proceed to the most important part of the article, after studying which you can avoid the listed consequences or reduce their risk.
How to protect your Google Ads account from being hacked?
If you properly set up account security, you will significantly reduce the likelihood of losing access. First, we will talk about the main methods that are mandatory, and then we will talk about advanced ones.
Use strong passwords
The most typical and important security rule on the Internet, which, for some reason, most people do not take seriously. Let’s list the basics:
It is necessary to create complex passwords that are not tied to the date of birth, name, do not use the simplest combinations, for example, “qwerty”.
It is better to increase the difficulty of the match by using a large number of characters (10 or more).
Keep your password varied by using numbers, all kinds of symbols and letters in different cases.
Connect the password manager
If you have created a complex and difficult to remember password, it is better to enable autosave, which is present in all popular browsers. This way you will not forget your access data, but increase the risk of hackers hacking the password keeper.
For important data, you can use password managers that are more secure than standard browser autosaves. Please note that such programs or extensions may be paid or have limited features in the free version.
Enable two-factor authentication
An attacker can get the password from the advertising account using a keylogger or in another way, however, if two-factor authentication is enabled, this will not lead to success.
For authorization, you will need a code from an SMS message, confirmation using a call or through an application on your phone. Only advanced hackers can bypass such protection, and still with great difficulty.
To enable two-factor authentication, you need to go to your account settings: go to the standard Google search page, then click on the services icon (square with nine dots) in the upper right corner and click “Account”:
Next, open “Security” and in the second block, click “Two-step authentication”. The system will ask you to enter a password:
Click on “Get Started”, then you need to verify yourself as the owner of the account – log in to it. Enter your phone number and choose how to receive confirmation for two-factor authentication – via SMS or voice call. Then you will need to enter the code from the message that will come to your phone. It remains to click on “Enable” and additional protection is activated!
If you have already logged into your account via your phone, then after clicking on “Start”, the system will prompt you to select a device to which confirmation will be sent. After that, you will need to specify a phone number for a backup login for situations when there is no access to devices.
Click on “Send” and indicate the code received by the selected method (SMS or call). The process of activating two-step authentication will not take much time – 7-8 minutes maximum, especially with such detailed instructions.
Specify ways to verify your identity in your account
If your account is hacked by scammers or you forget your credentials, confirmation by SMS or via additional e-mail will help. This feature can be enabled during registration, but viewing and editing this data is always possible.
Go to the already familiar “Security” block in the settings, find “Identity verification methods” – here you can see the attached phone number and email:
To change this data, you need to click on the line and type the password for the account.
Install antivirus on all devices
Installing an antivirus is mandatory in order to protect your Google Ads account. Such programs detect and remove virus files that can recognize passwords and pass them on to attackers. Instructions for installing certain antiviruses can be found on the Internet.
Do not share your personal account password
It’s best not to risk your personal data by giving it to ad setters with a vague reputation. It will be safer to open access for their accounts.
To do this, go to your Adwords account and click on “Tools and settings”, then go to the access and security settings:
The screen will display information about users with public access. Click on the plus sign to add your artist.
You will need to enter it in Gmail and issue one of the accesses with certain capabilities. Click on the send invitation button, then the performer will receive a confirmation email notification:
Back up your ad account settings
If you can’t regain access to your account, you can create a new one and apply all saved settings to it:
To do this, use the Google Ads Editor program. After entering the application, select the “Account” section, then click on the button to export the entire account. All campaigns and other information will be saved on the PC, but you will need to back up frequently to keep the most recent data.
What should I do if my Google Ads account has been hacked?
All of these techniques will significantly reduce the likelihood of losing access. But it will not be possible to 100% insure yourself against hacking.
If you lose your account, try to regain access, to do this, follow the following algorithm:
Data from the Adwords account can be stolen simultaneously with the main Google account and completely block access to it. If the last password, phone number and additional e-mail remain in memory, use the form and enter all the data in it.
Send a hack notification to Google. To do this, you need to fill out a form with many fields, in which you specify the email to enter the account, the client ID, and also describe what happened to the account.
Contact Google support and announce the hack. You will need to spend a lot of time and fill out a large questionnaire with a postal address, client ID and contacts.
After regaining access to protect your Google Ads account, you can set up 2-step verification again.
