Cybercriminals utilize a variety of tools to steal your information, your money and your secrets.
Now, they’re holding your company’s digital marketing ransom and demanding bitcoin, according to cybersecurity researcher and journalist Brian Krebbs.
KrebsOnSecurity reported that a new email-based extortion scheme is targeting website owners serving banner ads through Google’s AdSense program.
The criminals threaten to flood the publisher’s ads with junk traffic to get Google to suspend the user’s account for suspicious traffic unless they send $5,000 in bitcoin in three days, Krebs reported.
Earlier in February, someone sent Krebs the message they received warning about the attack. It warned of a flood of “direct bot-generated web traffic with 100% bounce ratio and thousands of IP’s in rotation — a nightmare for every AdSense publisher.”
“More also we’ll adjust our sophisticated bots to open, in endless cycle with different time duration, every AdSense banner which runs on your site,” the attackers said in an email.
Google will pick that up and place an ad serving limit on the account, and any revenue generated by the spam traffic will be refunded.
“Shortly said this means that the mean source of profit for your website will be temporarily suspended,” the attackers say in the email.
After about a month, the AdSense ban will be lifted, but the attackers say they can just do it again and cause a permanent ban.
More from Krebs:
The reader who shared this email said while he considered the message likely to be a baseless threat, a review of his recent AdSense traffic statistics showed that detections in his “AdSense invalid traffic report” from the past month had increased substantially.
The reader, who asked not to be identified in this story, also pointed to articles about a recent AdSense crackdown in which Google announced it was enhancing its defenses by improving the systems that identify potentially invalid traffic or high risk activities before ads are served.
Google defines invalid traffic as “clicks or impressions generated by publishers clicking their own live ads,” as well as “automated clicking tools or traffic sources.”
“Pretty concerning, thought it seems this group is only saying they’re planning their attack,” the reader wrote.
Krebs said Google sent a statement about its safeguards in palce to prevent this sabotage from succeeding. It can be detected and taken into account when bans are enforced.
“We have a help center on our website with tips for AdSense publishers on sabotage,” the statement continues. “There’s also a form we provide for publishers to contact us if they believe they are the victims of sabotage. We encourage publishers to disengage from any communication or further action with parties that signal that they will drive invalid traffic to their web properties. If there are concerns about invalid traffic, they should communicate that to us, and our Ad Traffic Quality team will monitor and evaluate their accounts as needed.”