Houston, We Have a Problem: Malvertising Is a Threat to Our Livelihood

This past November, the Trustworthy Accountability Group (TAG) released its annual fraud benchmark report for the US, which was researched and written by The 614 Group on behalf of TAG.

If you’re a brand or publisher, the news is good: the amount of fraud in campaigns that ran through TAG Certified Channels is less than 1%. 

Two things in the report stand out. 

First, TAG notes the importance of industry-wide cooperation in tackling fraud. Writes TAG, “The digital advertising industry has long acknowledged that the fight against fraud requires a concerted effort, with all market participants working together to ensure traffic quality and brand safety.” Read: industry cooperation leads to safety.

The second is a warning the industry would be wise to heed. 

While we can pat ourselves on the back for sparing advertisers and publishers from the threat of ad fraud, the consumer still suffers considerable risk and financial losses. “The research reveals an urgent need for education to protect both consumers and businesses from criminal activity in the supply chain. Failing to address this need could open the industry to a loss of consumer trust and an existential economic threat.”

Let’s unpack this a bit. 

Everyday consumers, particularly older Americans, are lured into social engineering scams via clickbait ads promising the secrets of investing, malicious redirects warning that their computers have been hacked, or some other scam.

I read about such victims weekly in the police blotter in my local paper here in rural Vermont. In my village, one senior reported losing $4,000 by responding to a (malware-free) bitcoin ad, and another had to close her checking account because the scammers were helping themselves to her funds. 

And friends told me they finally reformatted their father’s hard drive to get the scammers off his computer. He too clicked on a clickbait ad and talked to scammers who persuaded him to install AnyDesk on his computer.

With a loss of $4,000, my neighbor got off easy. Industry studies show that people over age 60 who fall victim to online scams lose, on average, $9,100.

Of course, it’s not just older people who are victims. In 2021, the FTC received 2.8 million fraud reports from Americans of all ages. In the first half of 2022, consumers lost $3.56 billion in online fraud, many of which began with a clickbait ad. 

Resorting to Ad Blockers as Protection Against Malvertising and Malware

For many, an easy way to prevent malvertising scams and malware infections is to install an ad blocker. Back in September 2021, a letter from Senator Ron Wyden to the Office of Management and Budget revealed that the U.S. intelligence community, including the CIA, NSA, and parts of the FBI, use ad blocking as a way to “protect federal networks from foreign spies and criminals who misuse online advertising for hacking and surveillance.” Senator Wyden requested the OMG to mandate all federal agencies require ad blocking as a matter of policy.

In 2022, the U.S. Department of Homeland Security warned that malvertising is a “significant vector for exploiting networks” because it “bypasses built-in browser settings designed to protect against pop-ups and website redirects.” Its recommendation to non-federal organizations? Install ad blockers on their corporate systems

This recommendation can have dire consequences for the $600 billion global digital ad industry. Per the TAG 2022 Fraud Benchmark Report, “adoption of this recommendation would result in serious losses in advertising opportunities and revenue – and quite possibly the end of free or low-cost content online and in apps largely funded by advertising today.”

Ad blocking isn’t a solution to malvertising, of course. Still, it’s easy to see why so many see ad blockers as a solution to malvertising, especially when the problem worsens yearly. A growing number of consumers generally feel unsafe surfing the web.

Needed: An Industry-Wide Approach to Protecting Consumers

The industry should come together to tackle this problem. First, consumers are an important part of the advertising ecosystem and deserve protection. Here are some ways that the industry can help them and protect a critical industry in the process.

  1. Develop a feedback loop for consumers to report malvertising crimes. For the most part, consumers have no way of reporting to publishers when malvertising appears on their sites. They can send an email to a general mailbox. Still, reporting specific ads is complex, making it difficult for publishers to investigate particular instances or track where those bad ads came from. 
  2. Publishers and ad exchanges need to install detection and mitigation software to detect the most sophisticated types of malvertising and malware, such as cloaking. Today’s scammers are pretty good at bypassing ad scanning and identifying the scenarios where they can ply their trade undetected. Publishers and ad exchanges also need to detect bait-and-switch ads, meaning instances where the copy and ad creative say one thing, but the landing page the ad leads to say another.
  3. Include browser protections for vulnerable populations. People over 65 are the biggest cohort of fraud victims. Google, Apple, and Firefox should consider creating “senior settings” akin to parental settings of browsers and phones, which adult children and grandchildren can activate to protect loved ones. These settings should detect categories of ads — such as those promising financial tips offered by celebrities or the landing page leads to clickbait news stories — and block them.
  4. Finally, the industry should consider leading a massive PSA campaign to educate the population of all forms of fraud delivered via digital ads, along with tips on how people can protect themselves. In many cases, simply Googling the company behind a fraudulent ad isn’t sufficient, as fraudsters will create fake news sites with testimonials promising that the company is legitimate. Some even create fake LinkedIn profiles for the fake site’s editorial board (I know because I’ve seen them). It can be challenging for average consumers to do their due diligence. We need to create a higher level of Internet literacy among all people who go online for work or fun.

Protecting the consumer is everyone’s concern. After all, the entire purpose of advertising is to affect their behavior in some manner. If they or their friends get burned too often, they’ll stop trusting ads.