Secure your Google Ads account: Introduction

Keeping your data safe is a top priority. While we take a lot of steps to keep your Google Ads account secure, there are a few more ways you can control that will help you protect your account.

We offer a variety of options to help you reduce unauthorized access to your account. This article will provide you with an overview of what we do to keep your account secure and what you can do to help protect your data.

Note: To ensure your Google Ads account remains protected over time, Google may periodically suggest tailored recommendations through email updates and notifications in your account.

Keep in mind that anyone with access to your Google Account can access your Google Ads account and look up your advertising data. To avoid unauthorized access, complete the steps below to protect your Google Account.

Protect your Google Account

Google takes certain measures to keep your data secure. Google will never send an unsolicited message asking you to provide your password or other sensitive information by email or through a link.

Sometimes businesses and hackers pretend to be associated with Google to try to trick people into providing more information than they should. Below are just some ways we ensure your data is protected and some useful tips to know when and how we reach out to you. More information can be found in the attached articles.

HTTPS

Suspicious Emails

Suspicious Calls

HTTPS is a secure protocol that helps protect your information by encrypting data traveling between a web browser and a web server. Google Ads recommends (and in some cases, requires) that all URLs use the HTTPS protocol instead of HTTP to protect customers’ personal and financial information.

"@google.com” - Google will only contact you from an "@google.com” email domain.

Google Partners - Google Partners are agencies, marketing professionals and online experts who have been certified by Google. Learn more about our third party affiliations and about our Google Partners here.

Links - Before clicking any links in the email, right-click the link and select Copy Link Address or Copy Link Location. Then paste what you copied into a text document or text field to view what that URL actually says.

Check If the URL is taking you somewhere other than a page on "google.com," this URL might be taking you to a non-Google webpage.

More details can be found in the linked article.

Ask the caller to send you an email.

If the caller is a Google representative, the email they send will have "@google.com" as the "From" address and "Return-Path." If you're contacted by a third party, check if they are a Google Partner.

Ask the caller to provide you with the names and clicks of your campaigns or ad groups.

More details can be found in the linked article.

Options to protect your Google Ads account

Keeping your data safe is a top priority. Google takes a lot of steps to keep your Google Ads account secure, from helping you prevent unauthorized access to reducing human error. Read below for an overview of some security features you can utilize to keep your accounts secure. You can learn more in this Google Ads Security Information Guide.

To avoid unauthorized access, you can activate some or all of the security features listed below. Detailed instructions on how to set up these features can be found in the attached articles:

2-Step Verification

Confirm it’s you

Allowed Email Domains

Manager Account Security Mandates

The Google 2-Step Verification is a simple way to protect an account against password theft. When you set up 2-Step Verification, you’ll sign into your account using a password and a second verification step.

These challenges are designed to help protect your account against cookie theft. When you try to complete sensitive actions, Google Ads may prompt you once in 24 hours to confirm your identity by completing a challenge such as receiving a security code on your phone.

Allowed email domains in your security settings, can ensure that users from outside your organization don’t get invited to access your Google Ads account.

A security mandate is a setting at the MCC level that enforces security policies on all accounts within its hierarchy. This means that admins of large MCCs can easily:

  1. Require all users to have 2SV or Advanced Protection
  2. Constrain the email domains of users invited to their accounts.

Best practices to protect your Google Ads account

It’s recommended that you regularly audit your account for the following:

  • Review who has access to your Google Ads account
  • Check for unauthorized changes
  • Remove inactive users
  • Grant the minimum access needed for each user
  • Review related manager accounts

For more detailed information, check our Secure your Google Ads account: Best Practices article.

Account access concerns

If you think you've been contacted by someone who's trying to trick you into sharing your password, credit card numbers, or other sensitive information, don't give out your information. If you think your account is at risk, use the steps below to protect it.

  1. Let us know as soon as possible through our account security form. My account was compromised.
  2. Follow our security tips to secure your account.

Report suspicious emails, calls, or webpages

After protecting yourself, let us know what happened so we can investigate it.

  • Report an email or call: Use this form to connect with an Online Specialist.
  • Report a webpage: Use this form to give us the URL of a suspicious webpage. If you received a link in an email, don't click the link to visit the webpage. Instead, right-click the link and select Copy Link Address or Copy Link Location. Then paste what you copied into the form.
  • Report a third party: Use this form to let us know about an issue with a company that sells Google Ads services.

Related links

Security hub

Your security options

Was this helpful?

How can we improve it?
Search
Clear search
Close search
Google apps
Main menu
13845112619219750589
true
Search Help Center
true
true
true
true
true
73067
false
false
false