Skip to main content

New email scheme threatens to get websites kicked off Google AdSense unless they pay bitcoin

New email scheme threatens to get websites kicked off Google AdSense unless they pay bitcoin


The fake traffic could trigger Google’s anti-fraud protections

Share this story

A Google logo sits at the center of ominous concentric circles
Illustration by Alex Castro / The Verge

A new email scam threatens website owners with a flood of bot traffic to get their Google AdSense accounts suspended, Krebs on Security reports.

By directing a large amount of bot traffic to a company’s banner ads, the scammers could trigger Google’s automated anti-fraud protection, which flags traffic that looks like “automated clicking tools or traffic sources,” as well as any attempts by ad publishers to artificially inflate impressions by clicking their own ads. Under Google’s policies, such actions could result in an ad being restricted until the matter is resolved, meaning few or no clicks on the ad, and less revenue for the publisher.

The scammers in the newest scheme promise not to unleash their bots on the publisher’s ad if the publisher sends a payment of $5,000 bitcoin. Brian Krebs shared an example of an email one of his readers received:

Very soon the warning notice from above will appear at the dashboard of your AdSense account undoubtedly! This will happen due to the fact that we’re about to flood your site with huge amount of direct bot generated web traffic with 100% bounce ratio and thousands of IP’s in rotation — a nightmare for every AdSense publisher. More also we’ll adjust our sophisticated bots to open, in endless cycle with different time duration, every AdSense banner which runs on your site.

So by temporarily boosting the traffic to an ad, the scam could potentially kill the ad’s future performance. Google announced in August that in an effort to protect the quality of its ad networks, it was “enhancing its defenses” to identify invalid traffic. The measures could include restricting an ad from being served if automated activity is detected.

In response to the latest email scam, Google told Krebs it looks like a threat of sabotage that the company considers “extremely rare in practice,” adding that it has safeguards built in to its enforcement mechanisms to prevent such schemes from succeeding.

AdSense publishers can contact Google to report any invalid ad clicks, and should contact its help center if they think they’ve been the victim of sabotage.