Web extortion scam threatens to flag sites to Google as spam

Websites serving ads through Google AdSense are at risk

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Website owners serving ads throughGoogle AdSenseare falling victim to a new email-based extortion scheme.

Extortionists are threatening to flood websites with fake traffic, thereby triggeringGoogle’s anti-fraud system, unless the victim surrenders $5,000 in bitcoin.

If the anti-fraud system detects high volumes of invalid traffic, the site owner’s Google AdSense account is automatically suspended, cutting off all ad revenue from bona fide traffic.

Extortion scam

In an effort to safeguard its systems from manipulation, Google recently announced plans to bolster algorithms responsible for identifying invalid traffic before ads are served.

The company defines invalid traffic as “clicks or impressions generated by publishers clicking their own live ads,” which includes the use of automated clicking tools and traffic sources.

Thescammersbehind this new scheme are threatening to “flood [the AdSense user’s site] with huge amounts of direct bot-generated web traffic, with 100 percent bounce ratio and thousands of IPs in rotation.”

“Next an ad serving limit will be placed on [the user’s] publisher account and all the revenue will be refunded to advertisers,” the scammers go on to claim.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

AdSense suspensions can take a significant amount of time to lift, even if applied to an account without cause. The extortion scheme operates on the assumption a one-time $5,000 pay off will prove cheaper overall than the loss of weeks worth of advertising revenue.

In an attempt to allay concerns, Google has emphasised the measures in place to protect AdSense users from scams such as this.

“We hear a lot about the potential sabotage. It’s extremely rare in practice, and we have built some safeguards to prevent sabotage,” the company said in a statement.

“We encourage publishers to disengage from any communication or further action with parties that signal they will drive invalid traffic to their web properties. If there are concerns about invalid traffic, they should communicate that to us,” it advised.

ViaKrebsOnSecurity

Joel Khalili is the News and Features Editor at TechRadar Pro, covering cybersecurity, data privacy, cloud, AI, blockchain, internet infrastructure, 5G, data storage and computing. He’s responsible for curating our news content, as well as commissioning and producing features on the technologies that are transforming the way the world does business.

Phishing attacks surge in 2024 as cybercriminals adopt AI tools and multi-channel tactics

This new phishing strategy utilizes GitHub comments to distribute malware

Smeg Combi Steam Oven review: a multi-functional countertop oven that looks stunning and cooks well