Google on Thursday said it's rolling out a dedicated form to allow businesses listed on Google Maps to report extortion attempts made by threat actors who post inauthentic bad reviews on the platform and demand ransoms to remove the negative comments.
The approach is designed to tackle a common practice called review bombing, where online users intentionally post negative user reviews in an attempt to harm a product, a service, or a business.
"Bad actors try to circumvent our moderation systems and flood a business's profile with fake one-star reviews," Laurie Richardson, vice president of Trust & Safety at Google, said. "Following this initial attack, the scammers directly contact the business owner, often through third-party messaging apps, to demand payment."
The threat actors warn of further escalation should the victim fail to pay the fee, risking potential damage to their public rating and reputation. These ploys are seen as an attempt to coerce merchants into paying the extortion demand.
Google has also warned users of other kinds of scams that are prevalent today -
- Online job scams, where fraudsters impersonate legitimate job boards to target people looking for employment using fake postings and recruiter profiles to trick them into providing sensitive data under the pretext of filling fake application forms and video interviews, or downloading malware like remote access trojans (RATs) or information stealers.
- AI product impersonation scams, which involve capitalizing on the popularity surrounding artificial intelligence (AI) tools to impersonate and promote popular AI services using malvertising, hijacked social media accounts, and trojanized open-source repositories that promise "free" or "exclusive" access in order to trap victims into downloading malicious mobile and desktop apps, "fleeceware" apps with hidden subscriptions, and bogus browser extensions.
- Malicious VPN apps and extensions, where threat actors distribute malicious applications disguised as legitimate VPN services across platforms using social engineering lures that leverage geopolitical events to ensnare victims who are seeking secure internet access. Once installed, these apps can act as a conduit for other payloads like information stealers, RATs, and banking malware that can steal data and drain funds from cryptocurrency wallets.
- Fraud recovery scams, which involve targeting individuals who have already been scammed by posing as asset recovery agents associated with trusted entities like law firms and government agencies, only to scam them a second time. It's worth noting that the U.S. Federal Bureau of Investigation (FBI) issued a bulletin about this threat back in August 2025.
- Seasonal holiday scams, where threat actors exploit major holiday and shopping periods to deceive unsuspecting shoppers with counterfeit offers on social media platforms that lead to financial fraud and data theft.
To counter these schemes, users are advised to be wary of unexpected delivery texts or emails that demand a fee, exercise caution when approached by people who claim they can recover funds, download apps only from trusted sources and legitimate developers, and be vigilant when asked to fill out sensitive personal information.
The development coincides with a report from Reuters, which found that Meta is making billions of dollars every year from ad marketing scams and illegal products on its platform. Citing an internal December 2024 document, the British news agency said the scam ads could account for as much as 10.1% of its overall revenue, or approximately $16 billion.
Meta allowed "high value accounts" to "accrue more than 500 strikes without Meta shutting them down," Reuters reported, adding "a small advertiser would have to get flagged for promoting financial fraud at least eight times before Meta blocked it."
In addition, the company is said to have charged bad actors higher rates more to run ads as a penalty, as they accrued more strikes, only banning advertisers if its automated systems predict they are 95% certain to be committing fraud. On average, Meta is estimated to have served its platforms' users an estimated 15 billion "higher risk" scam advertisements every day.
In response, Meta said the 10.1% estimate was rough and overly-inclusive, and that it has removed more than 134 million pieces of scam ad content so far in 2025.
