Website owners serving ads through Google AdSense (opens in new tab) are falling victim to a new email-based extortion scheme.
Extortionists are threatening to flood websites with fake traffic, thereby triggering Google’s anti-fraud system, unless the victim surrenders $5,000 in bitcoin.
If the anti-fraud system detects high volumes of invalid traffic, the site owner’s Google AdSense account is automatically suspended, cutting off all ad revenue from bona fide traffic.
- Here's how the Equifax hackers avoided detection (opens in new tab)
- Here's our list of the best web hosting services (opens in new tab) of 2020
- Coronavirus malware returns with a vengeance (opens in new tab)
In an effort to safeguard its systems from manipulation, Google recently announced plans to bolster algorithms responsible for identifying invalid traffic before ads are served.
The company defines invalid traffic as “clicks or impressions generated by publishers clicking their own live ads,” which includes the use of automated clicking tools and traffic sources.
The scammers (opens in new tab) behind this new scheme are threatening to “flood [the AdSense user’s site] with huge amounts of direct bot-generated web traffic, with 100 percent bounce ratio and thousands of IPs in rotation.”
“Next an ad serving limit will be placed on [the user’s] publisher account and all the revenue will be refunded to advertisers,” the scammers go on to claim.
AdSense suspensions can take a significant amount of time to lift, even if applied to an account without cause. The extortion scheme operates on the assumption a one-time $5,000 pay off will prove cheaper overall than the loss of weeks worth of advertising revenue.
In an attempt to allay concerns, Google has emphasised the measures in place to protect AdSense users from scams such as this.
“We hear a lot about the potential sabotage. It’s extremely rare in practice, and we have built some safeguards to prevent sabotage,” the company said in a statement.
“We encourage publishers to disengage from any communication or further action with parties that signal they will drive invalid traffic to their web properties. If there are concerns about invalid traffic, they should communicate that to us,” it advised.
- Keep your precious data safe with the best antivirus software (opens in new tab) for 2020
Via KrebsOnSecurity (opens in new tab)