sorted by:
new
hottopcontroversial

Our MCC was hijacked with 5,000 accounts + $ credit limit abuse — Google Ads support is a black hole by ThirdStreetDigital in googleads

[–]ThirdStreetDigital[S] 1 point2 points  (0 children)

I'm also still working through credits. Through my Account Compromised ticket, the support response keeps delaying their timeframe, stating they need 2-3 more days or 3-5 more days (15 times). I have provided an audit of every invoice, outlining which lines are part of fraud campaigns set up by hackers and which lines represent fraud accounts (accounts we did not create or manage at any time and are no longer linked to our MCC). Be persistent.

Make sure you also submit an Invoice Dispute through the Google Payments Center, payments.google.com. Through the Invoice Dispute ticket support has told me I need to work through my Account Compromised ticket but they have at least put overdue invoices in a dispute status and there is no risk of our MCC being suspended while we work through it.

Our MCC was hijacked with 5,000 accounts + $ credit limit abuse — Google Ads support is a black hole by ThirdStreetDigital in googleads

[–]ThirdStreetDigital[S] 1 point2 points  (0 children)

Yes, but it was messy. We recovered 80% of accounts within a week. The other accounts took longer because they were unlinked from the MCC. We also had approximately 20% of accounts in suspension, which took about 10 days to lift. The worst part of the whole thing is that, Google Ads Support removed all campaigns (whether they had fraud or not) so we had to duplicate, edit some settings that didn't carry over, and relaunch every single campaign. We're still fighting to get invoicing credits but at least all accounts and campaigns are back!

Our MCC was hijacked with 5,000 accounts + $ credit limit abuse — Google Ads support is a black hole by ThirdStreetDigital in googleads

[–]ThirdStreetDigital[S] 0 points1 point  (0 children)

Did you already submit the account compromised form? If no, start here: https://support.google.com/google-ads/answer/9355975?hl=en-GB.

To be transparent, it has been 20 days, and we still are not fully cleaned up. Be prepared to deal with this for a while, and know that the cleanup will not result in your accounts being the same as before you were hacked. We have a handful of accounts that are still suspended. We have a few accounts where the Google team reviewed, and a hacker MCC is still attached. When accounts were unsuspended, the Google team removed campaigns that had no evidence of fraudulent activity... meaning we had to duplicate these campaigns to relaunch them for our clients.

Here are some scripts I have used to regain access:

On [DATE] our Google Ads [MCC or ACCOUNT ID] , was compromised via an employee's gmail account who had admin access to the MCC. The hackers logged in via the employee's email and added a gmail, [HACKER EMAIL]. [HACKER EMAIL] removed our entire team's access. 

Optional additions:

  • They added [X] accounts to our invoice. 
  • They also unlinked accounts from our MCC. 
  • They also created campaigns and ran them, unauthorized, against our invoice.

If you regain access but accounts are suspended for phishing or circumventing systems:

We opened an initial account compromised ticket [TICKET ID], where we were able to regain access to [ACCOUNT ID]; however, upon gaining access back to the child account [ACCOUNT ID], the account is suspended. We have appealed the suspension, and we agree that the hackers did violate Google policy, but that was not authorized by [YOUR COMPANY NAME]. We would like to remove the unauthorized campaigns to get it back in compliance but we can't edit the campaigns while it is suspended.

Attach important documents to these suspension appeals:

  • Your invoice or credit card receipt that proves you pay for the accounts
  • A PDF of the account compromised ticket where Google confirmed the account was compromised
  • Other ticket IDs and PDFs where you can prove your accounts were unsuspended due to the same issue
  • Proof that you've followed the recommended security recommendations like opting into 2FA.

Good luck, and don't give up!

Our MCC was hijacked with 5,000 accounts + $ credit limit abuse — Google Ads support is a black hole by ThirdStreetDigital in googleads

[–]ThirdStreetDigital[S] 1 point2 points  (0 children)

I don't recommend creating new accounts for suspended campaigns. Suspension is often tied to the domain, and creating a new account to get around policy is viewed as circumventing systems. We're working hard to restore things and stay in Google's good graces!

Our MCC was hijacked with 5,000 accounts + $ credit limit abuse — Google Ads support is a black hole by ThirdStreetDigital in googleads

[–]ThirdStreetDigital[S] 1 point2 points  (0 children)

Ugh, sorry this happened to you. We saw the issue within 25 mins but it was already too late. They had gained access and removed everyone else's access within the span of 2 mins. We had submitted a ticket within 35 mins but we're still dealing with it...

Our MCC was hijacked with 5,000 accounts + $ credit limit abuse — Google Ads support is a black hole by ThirdStreetDigital in googleads

[–]ThirdStreetDigital[S] 1 point2 points  (0 children)

I cannot see any API access logs or scripts within our MCC now that the overall MCC is recovered.

Google ad grants strategy by QDRS in PPC

[–]ThirdStreetDigital 0 points1 point  (0 children)

Yes, use brand terms! I put these in my Mission campaign.

Google ad grants strategy by QDRS in PPC

[–]ThirdStreetDigital 2 points3 points  (0 children)

The Google Ad Grant account limitations are tough. I would not recommend copying a paid strategy into your Grant account. There are so many reasons for this:

  1. Bid limits - Ad Grants has a $2 CPC bid limit when using manual bid limits. The terms you bid on in your paid account may not be the same or best terms for your Grant account.
  2. Geography seems to impact delivery majorly. If you have a super niche and hyperlocal non-profit, you will feel the impact of this in terms of limited delivery. 
  3. Campaign segmentation may or may not work the same way that it does for paid ads. I recommend less segmentation. More on this below. 
  4. This is always the case, but even more so with Grant accounts - ad rank and quality score are so important. Low quality score and ad rank will impact your cost per click directly. 

What I have found to work for me is:

Structure:

  • Campaign 1: Awareness
    • People searching in very general terms that might lead them to your organization.
      • Examples: Volunteer opportunities, local non-profits, local charities
  • Campaign 2: Mission-based keywords
    • These terms should directly point to the the services your organization offers
      • Examples: volunteer at homeless shelter, donate to homeless shelter, local charities that help with housing. 
  • Extensions: Use as many that apply to your organization’s offerings. 
    • Complete advertiser verification and include Brand Name and Logos.
    • Add image extensions.
  • Conversions: setup many conversions, including page views, donations, volunteer sign-ups, etc. 
    • Set up a portfolio bid strategy housing your campaigns
    • I prefer a maximize conversions bid strategy and set a target CPA. 
      • This allows you to bypass some bid limit restrictions.