AdSense Nightmare
Krebs, a former Washington Post reporter, published portions of a ransom note provided to him by a reader of his Krebs on Security blog. In it, the extortionist warns the reader, who operates several websites, that he soon would be receiving ominous messages about his AdSense status.
"This will happen due to the fact that we're about to flood your site with huge amount of direct bot generated web traffic with 100% bounce ratio and thousands of IP's in rotation -- a nightmare for every AdSense publisher," the note declares.
"More also," it continues, "we'll adjust our sophisticated bots to open, in endless cycle with different time duration, every AdSense banner which runs on your site."
Although the reader was skeptical of the threat, Krebs noted that when he checked his AdSense traffic statistics, they showed invalid traffic to his sites increased substantially month-over-month.
A Krebs reader writing in the comments section of the blog explained why suspension of an AdSense account would be a nightmare: "It's actually a very effective threat, as anyone who's ever worked with Adsense will have noticed it's more or less impossible to contact anyone at Google about problems with this," wrote Dave.
"They'll contact you to sell you more stuff, but if you try and contact them you get lost in a maze of web pages pointing to more web pages, none of which contain any way to contact them. Given that there's no means of recovery, I can see that the victims would take paying up as the easier option," he continued.
"That's exactly what we did with a billing error," Dave added. "It was so hard to try and get it resolved that we just paid Google to make it go away."
Classic Sabotage Threat
The case sounds like a classic threat of sabotage, where an actor attempts to trigger an enforcement action against a publisher by sending invalid traffic to their inventory, Google said in a statement provided to TechNewsWorld by spokesperson Suzanne Blackburn.
"We hear a lot about the potential for sabotage, it's extremely rare in practice, and we have built some safeguards in place to prevent sabotage from succeeding," the company maintained. "For example, we have detection mechanisms in place to proactively detect potential sabotage and take it into account in our enforcement systems."
Google noted that it has a help center on its website with tips for AdSense publishers and a contact form for publishers to use if they believe they are the victims of sabotage.
"We encourage publishers to disengage from any communication or further action with parties that signal that they will drive invalid traffic to their web properties," Google advised.
"If there are concerns about invalid traffic, they should communicate that to us, and our Ad Traffic Quality team will monitor and evaluate their accounts as needed," it said. "We have extensive tools and processes to protect against invalid traffic across our products. In fact, most invalid traffic is filtered from our system before our advertisers and publishers are ever impacted."
Framing the Good Guys
Google has the resources to address this problem if it wants to, observed Sky Cassidy, CEO of MountainTop Data, a Canoga Park, California-based provider of data services to B2B marketers.
Google has a way to identify fake clicks, he explained, although in the past, the person cultivating those clicks usually was the AdSense account holder.
"They would be trying to generate more money with the fake clicks," Cassidy told TechNewsWorld.
The scheme described by Krebs is a novel one, he continued, because the schemers are trying to frame AdSense users and make it appear they're using their account for fraud.
"In the past, the schemers were probably being hired by AdSense account holders to commit ad fraud. Once Google shut that down, they decided to do it to people and make them pay to not do it," Cassidy speculated. "They're taking their tools, pointing them at legitimate people, and making them look like the bad guys."
Before Google cuts off an AdSense account for abuse, the company should determine the source of the abuse, and not assume the account holder is at fault, he suggested.
"If an AdSense user is attacked and gets an extortion email, they should be able to forward the email to Google and say, 'This isn't me,'" Cassidy said. "It's going to take a little more work on Google's end, but luckily they've got billions of dollars so they can do it."
0 Comments