Login is restricted to DCN Publisher Members. If you are a DCN Member and don't have an account, register here.

Digital Content Next logo


InContext / An inside look at the business of digital content

Catch me if you can: Malvertising thrives in high-volume, low-CPM environment

May 6, 2020 | By John Ilacqua, Head of Publisher Strategy – The Media Trust@TheMediaTrust

It’s scary out there. Next quarter’s 34% projected contraction for the U.S. economy doesn’t bode well for our industry. The effects of scrutinized marketing budgets and throttled—if not eliminated—advertising spend are already rippling throughout the digital advertising ecosystem. While engagement is on the rise (great), publishers are hindered from capitalizing on this boon due not only to brand safety concerns but also a surge in malvertising and scam ads. Clearly, getting a handle on these bad ads and isolating the serving partner is critical to future growth.

Bad ads threaten publisher recovery

The unfortunate byproduct of today’s troubled economy is the downside pressure exerted on ad spend, which depresses CPMs, effectively lowering the barrier to entry for bad actors. The reality of the situation is apparent; the average number of incidents in a 24-hour period actively managed by The Media Trust’s 24×7 Digital Security & Operations team is up an average 22% month-over-month (April vs. March)—even more alarming when viewed year-over-year, with volumes 35% greater than usual (April ’20 vs ’19).

The composition of the malware threats is also changing. The rapid increase in personal data scams erodes the long-standing dominance of fake installs and uploads.Covid-19 or coronavirus-related scams drive the category. In parallel, while still a relatively small percentage, brand fraud/hijack ads are something to track especially when put into the context of a significantly larger malvertising environment.

Malvertisers are taking advantage of the current environment to steal user data and propagate misinformation around products and services by making it difficult to discern legitimate advertisements from scams. Increased sensitivity to keyword blocking further challenges publishers and their approach to legitimate advertising campaigns. It’s important to remember that an advertiser’s opportunistic campaign, or poor creative, doesn’t mean it’s a scam.

Which are the scams? *

Which poses the question: What is a scam ad?

Slippery slope between a scam and malware

Scam ads contain creative and/or domains that purposefully attempt to mislead and/or extort consumers for financial gain. Criteria for evaluating a scam could be subjective. However, experience provides guidance for activity that could potentially harm publisher reputations and revenue. (For these reasons, our malware taxonomy includes a scam/fraud type).

That said, there is a high correlation between coronavirus-related ad campaigns and scams. In fact, analysis of thousands of these campaigns confirms that approximately 60% of these sketchy campaigns do contain scam content. (Don’t worry, these overt scans are reported to federal authorities to supplement their investigations.) However, it’s a nuanced challenge that requires a thoughtful approach by Ad/Rev Ops teams.

Scam or no scam: Is that the question?

Various initiatives aim to shut down fraudsters—especially in the US and UK. But with thousands of ads and associated domains cropping up on a weekly basis, the scope is large. And, we continue to see abnormally high amounts of web-based attacks. Coronavirus-related ads run the gamut from normal medical equipment supplies to outright predatory shams.

The challenge is simultaneously removing the subjectivity from the process so publishers can serve brand-appropriate content and keep their revenue channels open, at scale. And, flexibility must exist as one’s poorly-designed creative is another’s prohibited bad ad.

To assess your approach to scam ads you need to:

  1. Determine the acceptable, foundational experience (UX) for your audience
  2. Review the percentage of Coronavirus ads trafficking through your environment
  3. Calculate revenue impacts for both campaign termination versus limited/restricted runs
  4. Develop policy and communicate to upstream partners. Policy should cover threshold for Coronavirus ads, examples in increasing restriction:
    1. Allowed, no special treatment
    2. Allowed-bounded, block scams
    3. Limited, only allow ads from designated partners
    4. Restricted, no coronavirus or COVID-19 referenced ads
  5. Monitor and enforce policy compliance via ad quality and security tools
  6. Identify poorly performing vendors and remove from your ecosystem

Knowing your partners makes it easier to catch, isolate and stop bad actors from taking advantage of your users. With an eye to maintaining a positive user experience, premium publishers will block campaigns classified as scam/fraud. Disabling the ability to defraud consumers is a critical step to building a healthier—and more rewarding—digital ecosystem.

In the immortal words of Frank Abagnale, Jr. “Stop chasing me!”. But, like Detective Carl Hanratty, we can’t stop: “It’s my job.”

*(Answer: 1 & 4)

Liked this article?

Subscribe to the InContext newsletter to get insights like this delivered to your inbox every week.