Secure your Google Ads account: Introduction (original) (raw)
Keeping your data safe is a top priority. While we work to keep your Google Ads account secure, you can also help protect your account.
We offer many options to help you reduce unauthorized access to your account. This article provides an overview of how we keep your account secure and how you can help protect your data.
Note: To ensure your Google Ads account remains protected over time, Google may periodically suggest tailored recommendations through email updates and notifications in your account.
Keep in mind that anyone with access to your Google Account can access your Google Ads account and look up your advertising data. To avoid unauthorized access, complete the steps below to protect your Google Account.
Protect your Google Account
Google takes certain measures to keep your data secure. Google will never send an unsolicited message asking you to provide your password or other sensitive information by email or through a link.
Sometimes businesses and hackers pretend to be associated with Google to try to trick people into providing more information than they should. Below are just some ways we ensure your data is protected and some useful tips to know when and how we reach out to you. More information can be found in the attached articles.
| HTTPS | Suspicious Emails | Suspicious Calls |
|---|---|---|
| HTTPS is a secure protocol that helps protect your information by encrypting data traveling between a web browser and a web server. Google Ads recommends (and in some cases, requires) that all URLs use the HTTPS protocol instead of HTTP to protect customers’ personal and financial information. | "@google.com” - Google will only contact you from an "@google.com” email domain. Google Partners - Google Partners are agencies, marketing professionals and online experts who have been certified by Google. Learn more about our third party affiliations and About the Google Partners program. Links - Before clicking any links in the email, right-click the link and select “Copy Link Address” or “Copy Link Location”. Then paste what you copied into a text document or text field to view what that URL actually says. Check if the URL is taking you somewhere other than a page on "google.com." This URL might be taking you to a non-Google webpage. You can find more details by checking if it's actually Google trying to reach you. | Ask the caller to send you an email. If the caller is a Google representative, the email they send will have "@google.com" as the "From" address and "Return-Path." If you're contacted by a third party, check if they're a Google Partner. Ask the caller to provide you with the names and clicks of your campaigns or ad groups. You can find more details by checking if it's actually Google trying to reach you. |
Options to protect your Google Ads account
Keeping your data safe is a top priority. Google takes a lot of steps to keep your Google Ads account secure, from helping you prevent unauthorized access to reducing human error. Take a look at the security features you can use to keep your accounts safe. You can find more details in the Google Ads Security Information Guide.
To avoid unauthorized access, you can activate some or all of the security features listed below. Detailed instructions on how to set up these features can be found in the attached articles:
| 2-Step Verification | “Confirm it’s you” | Allowed Email Domains | Manager Account Security Mandates |
|---|---|---|---|
| The Google 2-Step Verification is a simple way to protect an account against password theft. When you set up 2-Step Verification, you’ll sign into your account using a password and a second verification step. | These challenges are designed to help protect your account against cookie theft. When you complete sensitive actions, Google Ads may prompt you once in 24 hours to confirm your identity. This may include receiving a security code on your phone. | Allowed email domains in your security settings can ensure that users from outside your organization don’t get invited to access your Google Ads account. | A security mandate is a setting at the Manager Accounts (MCC) level that enforces security policies on all accounts within its hierarchy. This means that admins of large MCCs can easily: Require all users to have 2SV or Advanced Protection Constrain the email domains of users invited to their accounts. |
Best practices to protect your Google Ads account
It’s recommended that you regularly audit your account for the following:
- Review who has access to your Google Ads account
- Check for unauthorized changes
- Remove inactive users
- Grant the minimum access needed for each user
- Review related manager accounts
For more detailed information, check Secure your Google Ads account: Best Practices.
Account access concerns
- If you suspect that your account has been compromised, it's important to take immediate action. Follow these steps to secure your account:
- Run a malware scan on all devices you use to access your Google Ads account. Learn more about how to Protect yourself from malware.
- Change your Google Account password and any other accounts that use the same password. Learn more about how to Change your Google Ads sign-in information.
- Enable 2-Step Verification on both your Google Ads account and your Google Account. This will add an extra layer of security by requiring you to enter a code from your phone or another device when you sign in. Learn more about how to Secure your Google Ads account: 2-Step Verification.
These measures are crucial to protect your account from unauthorized access.
- If you suspect a fraudulent attempt to obtain your personal information, do not disclose any sensitive data. If you think your account is at risk, use the steps below to protect it:
- Let us know as soon as possible through our account security form.
- Follow our security tips to secure your account.
Report suspicious emails, calls, or webpages
After protecting yourself, let us know what happened so we can investigate it.
- Report an email or call: Use this form to connect with an Online Specialist.
- Report a webpage: Use this form to give us the URL of a suspicious webpage. If you received a link in an email, don't click the link to visit the webpage. Instead, right-click the link and select Copy Link Address or Copy Link Location. Then paste what you copied into the form.
- Report a third party: Use this form to let us know about an issue with a company that sells Google Ads services.
Related links
Security hub
- Secure your Google Ads account: Best Practices
- Secure your Google Ads account: The importance of HTTPS
- Secure your Google Ads account: Suspicious emails or calls claiming to be from Google Ads
Your security options
- Protect yourself from malware
- Change your Google Ads sign-in information
- Secure your Google Ads account: 2-Step Verification
- Secure your Google Ads account: Confirm it’s you
- Secure your Google Ads account: Allowed Email Domains
- Secure your Google Ads account: Manager Account Security Mandates
Was this helpful?
How can we improve it?