A new email-based extortion campaign is reportedly threatening to flood websites with bot-generated fake traffic so that Google’s anti-fraud mechanisms block their AdSense advertising service accounts.
According to security researcher Brian Krebs, the extortionists are telling email recipients that they will soon see a message from Google warning them that the number of ads they can show will be limited as a result of suspicious bot traffic. The note said the fake traffic has a “100% bounce ratio and thousands of IPs in rotation — a nightmare for every AdSense publisher.”
“More also we’ll adjust our sophisticated bots to open, in endless cycle with different time duration, every AdSense banner which runs on your site.” the extortion email continues. “As a result your daily RPC revenue will be increased, but AdSense traffic assessment algorithms will detect very fast such a web traffic pattern as fraudulent.”
This will lead Google’s AdSense serve to suspend the account, the adversaries explain — adding that once the temporary ban is lifted they will attack again, perhaps resulting in a permanent ban.
Krebs, who was tipped off about the campaign by a reader, reports that the cybercriminals are asking for $5,000 in bitcoin payments to withhold the attack.
It is not clear if the extortionists actually have such capabilities, the report continues.
Krebs says he reached out to Google, which reportedly said in a statement that it has “detection mechanisms in place to proactively detect potential sabotage and take it into account in our enforcement systems.” Google also said it has a help center on its website and a form for web site publishers who are concerned they may be the victim of sabotage.