"Neither I nor anyone on my team can access it, or any of our accounts. We received emails of an unknown administrative user being added. This person then linked their own MCC to many of our accounts. That's all we know. We have 2FA enabled on all accounts. No idea how this happened. Is there anyone who has dealt with this and can help?"
"See the email address? Looks like access is sent from Google, but it's not If your team had asked for access from someone who was reaching out to you to audit their account, and they sent you something like this, when you click "accept," it goes to the "continue page" that looks ecatctly like google's, but has a different URL - you click continue and then it asks you to log in to your google account"
Entire Google Ads MCC accounts can be hijacked overnight by unknown administrative users who link their own MCC to many client accounts. Victims often report two-factor authentication enabled yet still losing access. The suspected attack vector is phishing that mimics legitimate Google access emails and leads to a fake login page with a different URL, prompting re-entry of credentials. Attackers then gain control by receiving those credentials and linking their MCC. These incidents have recurred, attackers are becoming more sophisticated, and the immediate impact is loss of access to ad accounts and campaigns.
Read at Search Engine Roundtable
Unable to calculate read time
Collection
[
|
...
]