• Cyber Jack

Don’t Get Catfished by Targeted Ad Campaigns

This guest article was provided exclusively by Vladimir Fomenkoso, founder and director, Infatica


Digital advertising is vital to modern business operations – and it’s booming. Worldwide, experts predict digital ad spending to reach over $375 billion by 2021 and criminals want to take a cut of that cash flow. With COVID-19 squashing budgets and pushing whole workforces remote, businesses are vulnerable to security breaches and scams that can do serious damage to their bottom lines.


The targeted advertising industry is a prime target for fraud, and if you’re a marketer working under a slashed budget in 2020, you know that every dollar counts. Here’s how fraud drains your budget, what to look for, and what you can do to boost your security, protect your ads and avoid getting catfished by targeted ad campaigns.


HOW IT DRAINS YOUR BUDGET

Ignoring ad fraud poses a direct financial risk to your company. eMarketer has reported that annual loss estimates attributed to digital advertising scams fall within a staggering range of $6.5 billion to $19 billion.


Non-compliant ads account for a range of tactics in the ad fraudster’s playbook. In some cases, scammers might offer placements on reputable sites with good web traffic, and instead place those ads on an alternate site – or nowhere at all. In other cases, fraudsters will place the ad and redirect users to malicious web pages.


Fraudsters also target ad spots with malware, replacing existing ads online with alternate banners and leaving advertisers to unknowingly continue paying for those faulty placements. In both cases, even users in the target audience who prove willing to click the ad and browse the advertised products instead fall victim to malware or additional scams.


Click fraud is a threat typically employed by your competitors. This approach targets the popular pay-per-click model, wherein advertisers pay for the number of user clicks an ad receives. By bombarding ads with artificial engagements, fraudsters increase the price per click and drain your budget as quickly as possible to prevent new leads.


Scammers may also use cookie stuffing to target your affiliate relationships. Cookies embedded in a browser reflect whether a user has arrived at your website through one of your affiliates’ pages. When a server detects such a cookie, the affiliate receives a fee from you.


Fraudsters intercept these fees by placing a barrage of pop-ups, scripts, toolbars, or images onto the page to stuff the user’s browser of a user with artificial cookies. When a user visits your website, your system will attribute that lead to one of your affiliates and deliver that fee to the scammer, effectively fooling the system and causing you to pay that fraudster directly.


WHAT TO LOOK FOR

Unless you know how to verify your clicks and placements, it’s nearly impossible to detect fraudulent activity before your digital ad statistics begin to reflect suspicious data. Despite advertisers’ efforts in learning to spot these red flags, fraudsters continue to advance their tactics and circumvent detection.


When purchasing ads directly from the publisher, it’s important that you thoroughly verify the source. Fraudsters selling non-compliant ads often craft domain names that look remarkably similar to those of well-respected publishers. Compare the domain name to that of the trusted publisher to avoid phishing scams and ensure your money is well-spent.


To detect click fraud, regularly verify the IP address, click timestamp, action timestamp, and user-agent. Fraudulent clicks will typically come from the same IP address. The same goes for verifying the user-agent; if the same user-agent appears repeatedly – or not at all – click fraud is likely. You’ll note that fraudulent clicks will not be followed by typical consumer user activity.


Similarly, you can spot cookie stuffing by routinely checking tracked ad conversion rates and website site redirects. When these red flags appear in your data, it’s best to pause the campaign to preserve your budget and prevent further losses.


Verifying the traffic of the source website is key to protecting your placements from scammers reporting fake traffic. Before purchasing an ad from a media site reporting 100K weekly visitors, you can check the traffic of the source site against the views on each page – plugins like SimilarWeb are free resources and easy to install. If individual pages reflect only a few hundred views, you’re right to suspect fraud.


BOOST SECURITY TO PROTECT YOUR ADS AND YOUR IT SYSTEMS

You can be proactive with your security to preserve valuable funds, and protect your business from mal actors who may seek to target your business amid the current economic tumult. Stick to trustworthy networks, be cautious of outside vendors, and use proxies to check on your ads and encrypt your corporate structures.


Proxy servers can be used in effective strategies to protect your business against advertising scams, ensuring your budget is well-spent and improving IT security in the COVID-19 environment. Often, proxies are used as a sort of mediator between a website or online service and its clients.


You can use proxies to verify your digital ads and ensure they’re successfully reaching your target audience. Routing traffic through a proxy makes it possible to verify localized ads, allowing you to view the way an ad appears in other countries to determine whether your banner appears as intended and links to the correct pages. Verification vendors also rely on proxies to detect ad fraud, to track and flag unusual data spikes that may be indicative of common scam tactics.


Because a proxy server allows users to hide their true location and IP address, they can be used more broadly to secure corporate infrastructures. Proxies reroute the typical communication of site requests to end servers, preventing criminals from deducing any information about how the network is built or where its weaknesses lie. They hide the corporate infrastructure.


Especially relevant to security and fraud risks associated with current lockdown measures, proxies can also be used residentially to protect a distributed workforce. Companies can use rotated residential proxies to boost the security of their networks and websites. Rendering it impossible for malicious actors to gather information about the real corporate network, proxies cause fraudulent inquiries to be answered by servers tied to multiple countries and regions.


###

  • LinkedIn

©2020 by Enterprise Security Tech