Squid Game scam: Netflix’s smash hit brings out the beast in bad actors to deceive consumers and siphon personal data
Nothing like a holiday and cultural phenomenon to bring out consumer-targeting scams. Frequently found on long-tail websites, scams bet on the fact that these websites and their AdTech partners prioritize revenue over a wholesome, high quality user experience.
When ads for Squid Game, the violent Korean Netflix hit, start to appear on premium U.S. publishers it’s a different story. Squid Game is a bloody, violent program that makes Hunger Games look quaint—a scenario that warrants caution for ad-supported sites lest they be accused of celebrating violence. Not only did some of these ads infringe on publisher brand safety standards, but also a few outright scams emerged to siphon user data. This activity can be risky, so these publishers chose to block the ads entirely.
When a children’s game turns ugly
It’s no surprise that entrepreneurial businesses took notice of the mega-hit show and began to capitalize on it in time for Halloween. On the face of it, the low quality ads pitching Squid Game apparel and costumes appear benign. However, deeper analysis by our Digital Security & Operations team confirmed a few campaigns with malicious intent.
In a sample campaign first detected on October 12, the creative features a designed hoodie with promotional pricing. [Figure 1]. Our team reviews all aspects of a campaign: creative, tags and landing pages. (Actual clickthrough to the landing page also captures triggers associated with the redirect action—much more telling than just reviewing landing page URLs).
In this instance, the landing page is where things get interesting.
Figure 1: Creative image and landing page for Squid Game scam incident
First registered on October 10 and then updated the next day, the website contains multiple red flags to its authenticity including:
- Domain owner is masked: it is not listed in the registrar nor declared in the privacy policy or term and conditions, and there are no contact details as found in legitimate ecommerce operations
- Promotion of likely counterfeit goods: showcased Squid Game apparel items include heavily-discounted Nike shoes that typically retail for $150, not $37.50. [Figure 2]
- Dubious business claims: purport to have been in business for 10 years, but the domain is only a few weeks old and there’s no way to verify the owner’s commercial history
- Excessive data collection: privacy policy references the use of third-party vendors who may collect your data; beyond typical purchase information (e.g., name, address, billing information, product selections, etc.) the site may collect referral URL, IP address, browser, device, and page views
- Poor construction: site is rife with awkward language such as “We provide fast transport to more than A hundred countries” and “In the unlikely celebration of manufacturing faults”
Figure 2: Google search for Nike Air Max 270 Men’s shoes featured on the scam site.
The associated creative and domains are labeled as scam/fraud because they use false claims to promote products or services and/or solicit PII from consumers for dubious purposes. In fact, scams like these have quickly become a hot malvertising trend in 2021.
Media Filter makes it easy to stop the scam
News and children-oriented websites are sensitive to this kind of content, and their AdTech partners know this. They can easily block these ads for the interim by turning on the “scam/fraud” option in Media Filter, our proprietary creative blocking solution. For more surgical precision, add the offending creative and domain to the custom blocklist.
This campaign originally stemmed from four different AdTech providers. Our Digital Security & Operations team successfully turned it off for the two largest AdTech companies that have well-known, premium publisher clients. For now, the remaining two providers do not plan to remove the campaign from their platforms—a decision that will likely change depending on how many publishers choose to block the campaign and deprive them of revenue.
For those that don’t want to play the “Squid Game scam” game and risk consumer ire, go ahead and block it.
