Catch me if you can: Malvertising thrives in high-volume, low-CPM environment

Catch me if you can: Malvertising thrives in high-volume, low-CPM environment
featured image

This article originally appeared in Digital Content Next on May 6, 2020

It’s scary out there. Next quarter’s 34% projected contraction for the U.S. economy doesn’t bode well for our industry. The effects of scrutinized marketing budgets and throttled—if not eliminated—advertising spend are already rippling throughout the digital advertising ecosystem. While engagement is on the rise (great), publishers are hindered from capitalizing on this boon due to not only brand safety concerns but also a surge in malvertising and scam ads. Clearly, getting a handle on these bad ads and isolating the serving partner is critical to future growth.

Bad ads threaten publisher recovery

The unfortunate byproduct of today’s troubled economy is the downside pressure exerted on ad spend, which depresses CPMs, effectively lowering the barrier to entry for bad actors. The reality of the situation is apparent; the average number of incidents in a 24-hour period actively managed by The Media Trust’s 24×7 Digital Security & Operations team is up an average 22% since Mid-March—even more alarming, the volume can reach 35% greater than usual.

The composition of the malware threats is changing, too. The rapid increase in personal data scams erodes the long-standing dominance of fake installs and uploads. (Figure 1) COVID-19 or Coronavirus-related scams drive the category. In parallel, while still a relatively small percentage, brand fraud/hijack ads are something to track especially when put into the context of a significantly larger malvertising environment.

Comparison of malware threats from March to April
Figure 1: Comparison of malware threats from March to April

Malvertisers are taking advantage of the current environment to steal user data and propagate misinformation around products and services by making it difficult to discern legitimate advertisements from scams. Increased sensitivity to keyword blocking further challenges publishers and their approach to legitimate advertising campaigns. It’s important to remember that an advertiser’s opportunistic campaign, or poor creative, doesn’t mean it’s a scam.  (Figure 2)

Which are the COVID-19 scams?
Figure 2: Which are the scams?    (Hint: 1 & 4)

Which poses the question: What is a scam ad?

Slippery slope between a scam and malware

Scam ads contain creative and/or domains that purposefully attempt to mislead and/or extort consumers for financial gain. Criteria for evaluating a scam could be subjective; however, experience provides guidance for activity that could potentially harm publisher reputations and revenue. (For these reasons, our malware taxonomy includes a scam/fraud type).

That said, there’s a high correlation between Coronavirus-related ad campaigns and scams. In fact, analysis of thousands of these campaigns confirms that approx. 60% of these sketchy campaigns do contain scam content. (Don’t worry, these overt scams are reported to federal authorities to supplement their investigations.) But, it’s a nuanced challenge that requires a thoughtful approach by Ad/Rev Ops teams.

Scam or not to scam: Is that the question?

Various initiatives aim to shut down fraudsters—especially in the US and UK—but with thousands of ads and associated domains cropping up on a weekly basis, the scope is large. And, we continue to see abnormally high amounts of web-based attacks. Coronavirus-related ads run the gamut from normal medical equipment supplies to outright predatory shams. 

The challenge is simultaneously removing the subjectivity from the process so publishers can serve brand-appropriate content and keep their revenue channels open, at scale. And, flexibility must exist as one’s poorly-designed creative is another’s prohibited bad ad.

To assess your approach to scam ads you need to:

  1. Determine the acceptable, foundational experience (UX) for your audience
  2. Review the percentage of Coronavirus ads trafficking through your environment
  3. Calculate revenue impacts for both campaign termination versus limited/restricted runs
  4. Develop policy and communicate to upstream partners. Policy should cover threshold for Coronavirus ads, examples in increasing restriction: 
    • Allowed, no special treatment
    • Allowed-bounded, block scams 
    • Limited, only allow ads from designated partners
    • Restricted, no Coronavirus or COVID-19 referenced ads
  5. Monitor and enforce policy compliance via ad quality and security tools
  6. Identify poorly performing vendors and remove from your ecosystem

Knowing your partners makes it easier to catch, isolate and stop bad actors from taking advantage of your users. With an eye to maintaining a positive user experience, premium publishers will block campaigns classified as Scam/Fraud. Disabling the ability to defraud consumers is a critical step to building a healthier—and more rewarding—digital ecosystem. 

In the immortal words of Frank Abagnale, Jr. “Stop chasing me!”. But, Detective Carl Hanratty can’t stop, “It’s my job.”