Google AdSense users are being targeted by a cyber-extortion campaign. According to a new blog post from Brian Krebs’ KrebsOnSecurity, Krebs was notified of the scheme via a reader who preferred to remain anonymous. The scheme leverages Google’s protections against abusing AdSense with false traffic to gain larger payments. In the notice, the scammers threaten to flood an AdSense user’s ads with fake traffic unless they pay the equivalent of $5,000 in bitcoin.
The full message used by the cyber-extortionists reads as follows:
Very soon the warning notice from above will appear at the dashboard of your AdSense account undoubtedly! This will happen due to the fact that we’re about to flood your site with huge amount of direct bot generated web traffic with 100% bounce ratio and thousands of IP’s in rotation — a nightmare for every AdSense publisher. More also we’ll adjust our sophisticated bots to open, in endless cycle with different time duration, every AdSense banner which runs on your site...
Next an ad serving limit will be placed on your publisher account and all the revenue will be refunded to advertisers. This means that the main source of profit for your site will be temporarily suspended. It will take some time, usually a month, for the AdSense to lift your ad ban, but if this happens we will have all the resources needed to flood your site again with bad quality web traffic which will lead to second AdSense ban that could be permanent!"
Google has acknowledged the scheme and states that they have various protections in place to prevent bot attacks against AdSense websites. Specifically, the company has the ability to filter fraudulent or malicious traffic before it even reaches the websites being targeted.
Nevertheless, the fact is that cyber-extortion hinges on fear, not rationality. Any social engineering attack, in the history of their use, hinges on core human emotions where irrational fears often make victims do irrational things — like paying a ransom for what is really a nonexistent threat. While there is no current evidence to suggest that the Google AdSense cyber-extortion scheme has claimed any victims, this is subject to change. Fear is a powerful tool used by criminals of all types. In fact, it is oftentimes the most powerful tool.
Hopefully, any Google AdSense users threatened by the cyber-extortionists will know about Google’s built-in protections or, at the very least, read about the scheme as it makes the rounds in the news. Knowing your enemy is half the battle.
Featured image: Flickr/ CreditDebitPro.com