Scammers use Fake Bard AI Ads to Steal Data From Businesses; Here's how Google is Tackling Them

Google goes on the offensive against scammers

As scams grow more sophisticated and fraudsters continue to come up with innovative tactics, tech giant Google has launched legal proceedings to protect consumers and small businesses from the increasing threat of cybercrime. The company has filed two federal lawsuits in the Northern District of California, showcasing its commitment to setting legal precedents in tech and sending a clear message to fraudsters. According to Google General Counsel Halimah DeLaine Prado, these legal actions are integral to their strategy to safeguard users and businesses.

Fake copyright infringement notices

In the first lawsuit, Google is targeting fraudsters who have inundated the internet with thousands of counterfeit notices of copyright infringement. These deceptive claims have affected more than 100,000 websites, putting businesses, especially small and medium-sized enterprises (SMBs), at risk. To safeguard them, Google itself has stepped in through legal corridors.

Bard AI chatbot used in malware scheme

The second lawsuit involves at least three individuals accused of employing false advertisements related to Bard, Google's generative AI chatbot, as ChatGPT has triggered a frenzy among users about Bard as well. These malicious ads trick unsuspecting and curious users into downloading malware that compromises their devices and provides hackers access to their social media accounts. The scammers go to great lengths to confuse users, exploiting the fact that Google itself has promoted Bard on Facebook. However, Bard is a web-based platform and is not available for download, making the ads patently false.

Malware scheme exposed on Facebook

The malware-linked ads have surfaced prominently on Facebook, utilizing official-sounding accounts and pages with names such as Google AI, AIGoogle.Plus, AIGoogle Bard FB, and AIGoogleBard. The lawsuit seeks to enjoin the scam and claim damages, marking a significant legal move to protect users of a major tech company's flagship AI product.

Modus operandi

Reports from The Wall Street Journal indicate that once users click on the deceptive offer to download Bard, their devices become infected with malware. This malware subsequently transmits the victims' social media credentials to the hackers, allowing them to take control of the compromised accounts. The attackers then exploit these accounts to disseminate more malware-linked ads, perpetuating a cycle of deception.

Scope and motivation of the scam

While the exact number of victims remains unknown, Google has taken swift action, filing approximately 300 takedown requests to remove the fraudulent ads. Small businesses with Facebook business or advertiser accounts are among the intended victims, highlighting the potential impact on SMBs reliant on Facebook for business purposes. Google's lawsuit also seeks more information on the scam since the motive remains unclear.

Connection to wider malware scams

The Bard AI scam appears to be part of a broader trend of malware schemes targeting businesses on social media platforms. Meta Platforms, Facebook's parent company, has previously flagged similar scams, blocking over 1,000 malicious URLs and offering tools based on ChatGPT. Many of these attacks originated in Vietnam, according to Meta, highlighting the global nature of the cyber threat landscape.