Google is actively tackling a malicious tactic known as review bombing, where criminals post a deluge of fake one-star reviews on a business’s Google Maps profile. Following this initial digital attack, as described by Laurie Richardson, Google’s vice president of Trust & Safety, the scammers contact the business owner directly—often using third-party messaging apps—to demand payment. They threaten further harm to the business’s public rating and reputation if the fee is not paid, coercing merchants into meeting the extortion demand. The new dedicated form is Google’s mechanism for businesses to report these specific instances of review-based extortion.
Beyond review extortion, Google also highlighted several other prevalent scams currently circulating online. These include online job scams, where fraudsters use fake postings and recruiter profiles on fraudulent job boards to trick job seekers into providing sensitive data or downloading malware, such as Remote Access Trojans (RATs) or information stealers. Another growing threat is AI product impersonation scams, where bad actors capitalize on the popularity of artificial intelligence to promote and mimic genuine AI services. They use techniques like malvertising and hijacked social media accounts to trap victims into downloading malicious mobile and desktop apps, ‘fleeceware’ with hidden subscriptions, or bogus browser extensions.
The threat landscape also features malicious VPN apps and extensions. These applications are disguised as legitimate Virtual Private Network services and are often distributed using social engineering lures that exploit geopolitical events to target users seeking secure internet access. Once installed, these apps can deliver other damaging payloads, including information stealers, RATs, and banking malware, with the ultimate goal of stealing data and draining cryptocurrency wallets. Additionally, a particularly cruel scheme is the fraud recovery scam, where individuals who have already been scammed are targeted a second time. Fraudsters pose as asset recovery agents associated with trusted entities like law firms or government agencies—a threat the U.S. FBI also flagged in August 2025.
Finally, seasonal threats like holiday scams exploit major shopping and holiday periods. Threat actors use counterfeit offers on social media platforms to deceive unsuspecting shoppers, leading to financial fraud and data theft. To counter this wide array of schemes, users are advised to be highly vigilant. Key precautions include being wary of unexpected delivery texts or emails that demand a fee and exercising extreme caution when approached by anyone claiming they can recover lost funds. Users should also download apps exclusively from trusted sources and legitimate developers and be highly cautious when asked to provide sensitive personal information online.
These developments coincide with a report from Reuters detailing a similar fight against malicious activity on Meta’s platforms. The news agency’s findings suggest Meta earns billions annually from ad marketing scams and illegal products. Citing an internal December 2024 document, Reuters estimated that scam ads could account for up to 10.1% of Meta’s overall revenue, translating to approximately $16 billion. The report further stated that Meta allegedly allowed “high value accounts” to accumulate hundreds of strikes before being shut down, and even charged bad actors higher rates as a penalty for accruing more strikes, only banning advertisers if its systems were 95% certain they were committing fraud. Meta responded by calling the 10.1% estimate “rough and overly-inclusive” and noted that it has removed over 134 million pieces of scam ad content in 2025.
Reference:
