Managed Services, Vars

Google Sues to Protect SMBs From Bard AI Scam

Google on Monday filed two federal lawsuits in the Northern District of California as “part of our ongoing legal strategy to protect consumers and small businesses, and establish needed legal precedents in emerging fields of innovation,” Google General Counsel Halimah DeLaine Prado wrote in a blog post.

In one suit, Google aims at fraudsters who have filed thousands of fake notices of copyright infringement against more than 100,000 websites. In another, Google is suing at least three people for using false ads for Bard, the company’s generative AI chatbot, to trick people into unknowingly downloading malware that gives the alleged scammers access to their social media accounts. The scam has been showing up in ads, pages and posts on Facebook, according to the lawsuit. The malware-linked ads seek to confuse Facebook users because Google itself has advertised its Bard product on Facebook, according to the lawsuit. 

The ads are false: Bard is a free web-based platform and isn’t available through download. An organized group of attackers is posting the official-looking ads using accounts and pages with fake names such as Google AI, AIGoogle.Plus, AIGoogle Bard FB and AIGoogleBard, according to Google. 

The lawsuit, which seeks to enjoin the scam and secure damages, is thought to be the first such lawsuit aimed at protecting users of a major tech company’s flagship AI product, DeLaine Prado said in an interview.

The Wall Street Journal reported that, once users click on the offer to download Bard, their devices were hit with malware that sent their social media credentials to the hackers. The hackers then used the information to take over their victims’ social media accounts and spread more malware-linked adsaccording to the lawsuit. 

It wasn’t clear what was ultimately motivating the alleged scheme, and Google, via the lawsuit, aims to obtain more information about how it operates. Google said that the intended victims include small businesses with Facebook business or advertiser accounts--this can include many managed service providers, who are often SMBs that use Facebook for business purposes

The exact number of victims of the alleged scam isn’t known. Google officials said they have filed about 300 takedown requests to have the ads removed. Facebook and others have generally been responsive to the takedown requests, according to Google. 

The alleged scheme appears to be related to a range of malware scams aimed at businesses that Facebook parent Meta Platforms has flagged in newsroom posts. For example, Meta said in a post in May that it had blocked more than 1,000 malicious URLs offering ChatGPT-based tools from being shared on its platforms. ChatGPT is another free artificial intelligence service. Many of those attacks originated in Vietnam, according to Meta.

Sharon Florentine

Sharon manages day-to-day content on ChannelE2E and serves as senior managing editor for CyberRisk Alliance’s Channel Brands. She also covers enterprise-class technology companies, strategic alliances and channel partner strategies. Sharon is a veteran tech journalist and editor with more than 25 years experience in the industry, and has previously held key editorial, content and leadership positions at Techstrong Group, CIO.com, Ziff Davis Enterprise and CRN.

You can skip this ad in 5 seconds