Bad ads keep popping up on famous and legitimate websites on the internet, enticing visitors to click on them, potentially leading them to both reputable and dubious products. Not only are they the gateways to misinformation, but also they are the biggest source of malware inhibiting hardware devices. Bad ads could be intentionally placed by crooks for earning money, sand to retrieve personal user data and assimilate malware. Sometimes intrusive ads keep popping up when a website is loaded until visitors click on them and get trapped.
Deciding what to be posted on a websites is not mostly in the hands of website owners. Famous tech companies, like Google, are responsible for placing ads on digital blogs and news magazines. They employ automated tools to place specific ads on targeted spaces on relevant websites; the system employs an automated bidding process by advertisers to place ads, which enables millions of advertisers to extend their range to millions of websites. The same process gets exploited by scammers to do insidious activities on the web.
How Does Programmatic Advertising Work?
Millions of advertisers want to place their ads on millions of websites, which is a tremendous task if each one of them has to do it individually by locating desirable websites for ads. The problem is solved by ‘programmatic advertising’, allowing advertisers to buy ads from demand-side platforms. On the other side, websites get paid by supply-side platforms for placing ads on their websites. It is now the responsibility of these automated platforms to decide which ad is relevant to which website.
Via ‘ad exchange’, supply-side platforms request bids from demand-side platforms to auction ads. Then demand-side platforms choose ads relevant to the website, having ads spaces, based on its browsing history. The winner of the auctions gets to place ads on ads spaces.
Many tech companies provide the aforementioned three services, most notable of them are Google Adsense, Adwords, Criteo, Pubmatic, Rubicon and AppNexus.
How Is This System Exploited?
All ad networks follow stringent content policy to restrict bad or illegal ads from showing up on websites. They prohibit the publishing of vulgar or offensive ads. But not ad networks are on the same level; some are less stringent than the others. For example, MGID and Content.ad have flexible content policies, showing a gateway to scammers to infiltrate through ads. Moreover, gray areas in content policy are the most vulnerable areas of ad networks. Scammers easily adapt to content policies through countermeasures and mingle with the majority. An example of this was observed in the 2020 US elections when fake political polls ran on the web, asking voters to submit their emails before voting. Once scammers have your emails, sending malware as a gift to you becomes too easy.
Malicious Native Ads
The prime example of Deceptive ads exhibits itself on native newspapers. Local ad networking companies along with newspapers intentionally run false ads on their digital newspapers to get more clicks. People fall prey to this more easily, for they mingle with their surroundings like a chameleon, difficult to be distinguished. They show up as sponsored newspaper articles, but factually lead to misleading information and malicious content.
Recognizing Bad Ads
Many hints help in recognizing bad ads. If you come across any of the following signs on reading an online advertisement, you may well be dealing with a a bad ad:
1) Poor Conversion Rates
Campaigns being run routinely do well or have an average performance. But if it performs too poorly, especially if the same campaign has a better record on other social media platforms, you might be seeing a fake ad.
2) IP Addresses
An IP address originating in a data center means that so-called-user has its origin in a server of a data center and that it is most probably not a human. So you are dealing with a fake campaign.
3) More Than Expected Visits to Website
Users do not tend to load the same website over and over and click on the same ad again and again. But if the same IP address is caught visiting the same website more than twice, you have a right to doubt the intention.
4) Domain Name
Make sure that the domain name that displayed ad links to is authentic, as scammers mostly choose domain names similar to authentic websites to disguise themselves. For example, an ebay advertisement must link to www.ebay.co.uk, not to ebay.c0.uik or ebay.comp.
Stringent content policies by ad networks and severe consequences for intentionally employing misleading ads can only abate the spread of bad ads. Gray areas acting as gateways must be filled in with new policies to hinder scammers from malicious activities.
Read next: Find Out What Sites Track Your Every Click, and What You Can Do To Stop Them