FTC Busts Lead-Gen Scam—But What About Pub/Platform Accomplices?

Product Marketing Lead Gavin Dunaway investigates potential for publishers and platforms to be held liable for scam ads

As malware in the digital ecosystem scaled frightening new heights in 2021, the explosion in scam ads truly stood out—particularly low-quality ads from shady lead-generation services. Many of these companies are data leeches that lure consumers into sharing personal information—from home addresses and phone numbers all the way to Social Security numbers and credit card details—and offer no transparency regarding to whom they sell or share the data.

The U.S. Federal Trade Commission has taken notice of this practice as well, and the agency is not pleased. Last week lead-generation firm ITMedia agreed to a $1.5 million settlement with the FTC for deceiving consumers about how it was leveraging shared sensitive data.

Big-Time Scammin’

ITMedia and affiliate companies operated at least 200 websites with names like ​​cashadvance.com and badcreditloans.com that advertised loans for financially vulnerable consumers. To evaluate loan qualification, applicants shared personal information including Social Security numbers, bank account numbers, and birthdates.

The FTC alleges that “84 percent of the loan applications collected through these websites since January 2016 were not sold to lenders, but instead disseminated to an array of marketers, debt relief and credit repair sellers, and companies that would resell consumers’ information without regard for how the information would be used.” In many instances, ITMedia wasn’t aware how buyers intended to use this personal information or even the physical location of the buyer. ITMedia even sold personal information to a group of predatory payday loan companies that were sued by the FTC in 2021.

Tip of the Scam Iceberg

The settlement restricts ITMedia’s ability to sell consumer information in the future, but there are plenty of other sketchy lead generation operations happy to take its place. And how do they get exposure to potential victims? They take advantage of bottom-barrel priced display inventory in the open programmatic marketplace.

Scams are a thriving business as the amount of scam creative detected grew 63% over the course of 2021 (see Figure 1), even increasing during malvertising’s typically sleepy Q4. Overall, scams represented nearly a quarter of all malicious incidents analyzed by The Media Trust.

Many bottom-feeding lead generation companies follow ITMedia’s modus operandi—use too good to be true claims to garner consumer data and then sell it to any and every data buyer. In 2021, The Media Trust detected a huge uptick in scam creative from mortgage-based lead generation companies seeking to cash in on super low interest rates, as well as home solar lead generators trying to exploit federal and state tax changes.

But lead-gen data-leeching is only a subset of the overall scam ecosystem. In 2021, we detected a variety of schemes aimed at a large cross-section of vulnerable consumers, including:

• Vitamin supplements falsely claiming to help manage diabetes;
• Fake fashion outlets that never delivered purchased clothes;
• Anti-aging products with exaggerated benefits;
• A plethora of dubious investment opportunities;
• And many, many, many more.

The Media Trust’s Digital Operations & Security team goes to great lengths researching potential scam advertisers—often they use similar types of creative, or even reuse the same stock images, with doctors and politicians at press conferences being perennial favorites. And many are plain ugly—badly designed with images that stick out because they turn your stomach. (See Figure 2.)

The Regs, They Are A-Changin’

The data privacy drumbeat is growing louder. Just a month ago, particularly a month after ad platform OpenX was fined $2 million by the agency for violating the Children’s Online Privacy Protection Act (COPPA). And now the FTC’s interest in a shady lead-generation company haphazardly selling sensitive consumer data should send shivers down spines.

On the other side of the Atlantic, the UK’s proposed Online Safety Bill aims to enhance advertising regulation due to public outcry over bogus bitcoin investment schemes with ads leveraging celebrity images. In play: Digital publishers and their ad tech partners could potentially be held liable for their roles in spreading scam advertising.

It’s advertisements that lead consumers right into the clutches of these scammers—so does that make publishers and ad platforms accomplices?

Most often, it’s advertisements that lead consumers right into the clutches of these scammers—so does that make publishers and ad platforms accomplices? Not even unwitting accomplices because both parties have the ability to reject scam ads at scale—through creative audits and on-page blocking.

But too often—and most definitely during a pandemic that has put a serious strain on ad revenue—ad platforms and publishers look the other way as the scam ad cash comes in. “Clicker beware” is a lousy mantra—you’re leaving consumers vulnerable to predators.

Ad Quality as a Long-term Strategy

User experience on the open web is at an all-time low, and publishers are unlikely to build engagement with audiences if they disrespect them with low-quality and obvious scam ads.

In the hyper-competitive AdTech space with ever-present consolidation, a reputation as a high-quality marketplace is fast becoming table stakes. SSPs are feeling the pressure from downstream to cut off DSPs serving low-quality scam ads.

Still, the threat of regulatory action may be the greatest motivator for excising scam ads. The regulatory environment is changing fast, and governments are far more concerned with consumer privacy and safety.

Do you want to be left holding the bag when the government doles out a 7-figure fine? Is that worth the pittance of revenue lift the scams likely bring in?