Google announced Thursday that it will introduce a special form for businesses listed on Google Maps to report extortion by attackers who post inauthentic bad reviews on the platform and demand a ransom to remove negative comments.
This approach is designed to address a common practice known as review bombing, where online users intentionally post negative user reviews in an attempt to damage a product, service, or business.
“Bad actors are trying to circumvent our moderation systems and flood company profiles with fake one-star reviews,” said Laurie Richardson, vice president of trust and safety at Google. “After this initial attack, scammers contact business owners directly, often through third-party messaging apps, and request payment.”
The attackers have warned that if victims do not pay, further escalation may occur, leading to public reputation damage. These ploys are considered attempts to force merchants to pay extortion demands.
Google is also warning users about other types of scams that are currently prevalent.
Online recruitment scam. Scammers impersonate legitimate job sites and target job seekers with fake posts and recruiter profiles, tricking them into filling out fake application forms, providing sensitive data under the guise of video interviews, or downloading malware such as remote access Trojans (RATs) and information stealers. AI product impersonation fraud. They leverage the popularity of artificial intelligence (AI) tools to trap victims into downloading malicious mobile and desktop apps, “freeware” apps with hidden subscriptions, and fake browser extensions by impersonating and promoting popular AI services using malvertising, hijacked social media accounts, and trojanized open source repositories promising “free” or “exclusive” access. Malicious VPN apps and extensions. Threat actors use social engineering lures leveraging geopolitical events to distribute malicious applications across platforms disguised as legitimate VPN services to entrap victims seeking secure internet access. Once installed, these apps can act as a conduit for other payloads such as information thieves, RATs, and banking malware to steal data and drain funds from cryptocurrency wallets. Fraud collection fraud. They target individuals who have already been defrauded and re-defraud them by posing as asset recovery agents affiliated with trusted entities such as law firms or government agencies. It is worth noting that the US Federal Bureau of Investigation (FBI) issued a bulletin regarding this threat in August 2025. Seasonal vacation scam. Threat actors are taking advantage of the holiday and shopping period to trick unsuspecting shoppers with fake offers on social media platforms, leading to financial fraud and data theft.
To combat these schemes, users are advised to be wary of unexpected texts or emails requesting a fee, be wary if approached by someone claiming to be able to collect funds, only download apps from trusted sources or legitimate developers, and be wary if asked to enter sensitive personal information.
This development coincides with a Reuters report that revealed that Meta makes billions of dollars each year from advertising marketing fraud and illegal products on its platform. Citing an internal document from December 2024, the British news agency said fraudulent advertising could account for up to 10.1% of total revenue, or about $16 billion.
Reuters reported that Meta allowed “high-value accounts” to undergo “more than 500 strikes without being shut down by Meta,” adding that “small advertisers would have to be flagged for facilitating financial fraud at least eight times before Meta would block them.”
Additionally, the company is said to only ban advertisers when its automated systems predict that it is 95% certain that a fraudster is committing a violation, and to charge higher advertising fees as a penalty as attackers gain more strikes. On average, Meta is estimated to serve an estimated 15 billion “high-risk” fraudulent ads to users of its platform every day.
In response, Meta said the 10.1% estimate was too rough and comprehensive and said it had removed more than 134 million pieces of fraudulent advertising content by 2025.
Source link
