KrebsOnSecurity today brought to light a bitcoin ransom scam that threatens publishers and websites using AdSense advertising. Google for its part underplayed the threat by noting “safeguards in place to prevent sabotage from succeeding.”
According to the security blog, some websites leveraging Google’s AdSense network to place banner ads have recently received an extortion attempt over email. The malicious party threatens to flood a site with artificial, bot-generated views to trigger Google’s anti-fraud measures that are designed to make sure clicks on ads — which pay publishers — are authentic.
Enough fake traffic will see a website suspended by Google and the scammers threaten to repeat until a publisher is banned entirely from using AdSense. The group responsible demands $5,000 delivered in bitcoin to not proceed with the AdSense attack.
KrebsOnSecurity only cites one report of this AdSense bitcoin scam, but the affected party did encounter “substantially” increased views in Google’s “AdSense invalid traffic report.” However, it’s unclear how widespread this threat is.
In a comment, Google says despite “hear[ing] a lot about the potential for sabotage, it’s extremely rare in practice.” The company advises customers to “disengage from any communication or further action with parties that signal that they will drive invalid traffic to their web properties,” and notes some of the safeguards in place:
- “We have detection mechanisms in place to proactively detect potential sabotage and take it into account in our enforcement systems.”
- The company says invalid traffic is often filtered before advertisers and publishers are impacted.
- A form for sabotage victims to contact Google and work with the Ad Traffic Quality team.
FTC: We use income earning auto affiliate links. More.