Fake Google Ads Account Suspension Phishing
Targeted phishing emails claim a Google Ads account has been suspended for policy violations and direct advertisers to a fake Google sign-in that steals credentials and billing information.
Part of: Fake Suspended Account Appeal Scams
Last reviewed: 7 June 2026
Google Ads powers the advertising strategies of millions of businesses, and a genuine suspension can halt a company's entire digital marketing overnight. The financial stakes — lost revenue, wasted budgets, and interrupted campaigns — make advertisers highly motivated to resolve a suspension quickly. Scammers exploit this urgency with convincing fake suspension notices targeting Google Ads account managers.
These attacks are often targeted: attackers identify individuals who manage Google Ads accounts (often visible on LinkedIn as 'PPC Manager' or 'Digital Marketing Manager') and craft messages referencing realistic policy violations such as 'unapproved content', 'circumventing systems', or 'billing discrepancies'.
Beyond stealing credentials, a compromised Google Ads account allows attackers to run fraudulent ad campaigns charged to the victim's billing method, potentially causing thousands in fraudulent spend before access is restored.
How this scam works on the Google brand
Genuine Google Ads suspension notices are sent from @google.com addresses and direct advertisers to ads.google.com/aw/overview to review the issue. Advertisers can also see the suspension status and reason within the Google Ads interface itself when logged in. Google does not ask advertisers to sign in on an external page to file an appeal.
Fake suspension notices replicate the Google Ads notification email design, often referencing a specific policy category and a fictitious case reference number. The 'Appeal Now' button links to a domain such as google-ads-support[.]com or ads-google-verify[.]co, which presents a polished replica of the Google sign-in page.
After credential capture, some phishing flows continue to a fake 'billing verification' step requesting credit card details. A stolen combination of Google Ads credentials and payment card information enables both account hijacking and direct financial fraud.
Common red flags
- Suspension email is not from a @google.com sender address
- The appeal link leads to a domain other than ads.google.com or google.com
- The Google Ads interface shows no suspension when you log in directly
- The appeal process requires entering your Google password on an external page
- The notice references an unusually specific policy violation but provides no link to the specific ad or campaign affected
- A billing verification step requests your full credit card number as part of the appeal
How to protect yourself
- Log in directly to ads.google.com to check your account status — a genuine suspension is visible there
- Access all Google Ads support through the Help Centre within ads.google.com
- Enable two-factor authentication on the Google account used for Google Ads management
- Review billing and payment settings in Google Ads settings only via ads.google.com
- Set up alerts in Google Ads to receive notifications about policy reviews via your trusted Google account email
How to report it
- Report the phishing email via Gmail's 'Report phishing' menu or forward to [email protected]
- Contact Google Ads Support through the in-account Help Centre at ads.google.com
- Report to the FTC at reportfraud.ftc.gov (US) or Action Fraud actionfraud.police.uk (UK)
- If fraudulent ad spend was incurred, contact Google Ads billing support immediately to dispute charges
Frequently asked questions
What does a real Google Ads suspension look like?
When a Google Ads account or campaign is suspended, the advertiser sees a notification within the Google Ads interface at ads.google.com, along with the specific policy reason. Google may also send an email from a @google.com address with a link back to the Ads interface — not to an external page.
What can an attacker do with my Google Ads credentials?
An attacker with your Google Ads credentials can run ad campaigns charged to your payment method, potentially spending thousands of pounds or dollars. They can also access your customer audience lists, remarketing data, and conversion tracking — all sensitive business assets.
How do I secure my Google Ads account against phishing?
Use a dedicated Google account for Google Ads management rather than a personal account. Enable two-factor authentication with a hardware key for that account. Restrict Google Ads access to only the people who need it through the account's User Access settings, and review those settings regularly.