Decoding March’s Clickbait Advertising Landscape Fake Police Pop Up ‘Fines’ Users

In the past few months, the art of phishing has evolved into a complex and tricky game, making it harder to spot fraudsters’ malicious attempts. Recently, a widespread phishing scam has been plaguing users in various parts of the globe, including Australia, India, and Israel, with its deceptive tactics.

This malvertising attack begins with scammers running client-fingerprinting to verify the user is on a desktop and connecting from a residential IP address. When the malware attack is not active, users are redirected to innocent sites; BetWinner or MaxLife Insurance. However, if the user is one of the unlucky targets, their browser is automatically bombarded with pornographic pop-ups. The pop-ups are accompanied by a JavaScript alert that prompts the user with the message “You have attempted to leave this page. Are you sure?” If the user clicks the “Leave” button, they unknowingly signal the scammers that they are stressed and ready for the next phase of the attack.

The user’s screen is taken over by a message from the police, demanding payment of a fine by credit card within 12 hours due to repeated visits to pornographic sites. This message is designed to look like a ransomware attack, and many users may not realize that their browser is not actually locked but has simply been opened in full-screen mode. Unfortunately, some users may provide their credit card details in response to the message, which is what the scammers were after all along.

This phishing attack is particularly insidious because it preys on users’ stress and anxiety by bombarding them with pop-ups and then presenting a message that appears to be from the police. However, there are steps that users can take to protect themselves. First, users should always be cautious when browsing the internet and avoid clicking on suspicious links or pop-ups. It is also advisable to install and regularly update anti-virus software and to use strong passwords for all online accounts.

Additionally, users should be aware that legitimate law enforcement agencies do not typically demand payment of fines through pop-up messages or other online means. If you receive a message that appears to be from the police or other law enforcement agency demanding payment, you should be very cautious and verify the authenticity of the message before providing any personal or financial information.

Native Ads Used to Deceive Users with Antivirus Ad Scam

Social engineering is the shady art of conning unsuspecting users into falling prey to harmful schemes, such as installing malware that can wreak havoc. This technique can be achieved through various means, such as creating ads that resemble a legitimate part of a website or app, and presenting fake system warnings that trick users into thinking their device is infected.

Fake antivirus scam tactics

One example of social engineering is a fake antivirus scam, which uses native ads to appear like a system warning. Once the user clicks on the ad, they are redirected to a fake McAfee or Norton site that appears to scan their device for viruses. The page opens in full screen mode, and the back button is hijacked, leading the user to wherever the scammers want. The sound also activates, beeping every time the fake scan detects a virus.

The fake scanner detects multiple threats on the user’s device, prompting them to download antivirus software. This scam is so convincing that users are convinced they are exposed and will download whatever application they are told to

How to spot and avoid fake antivirus

The power of social engineering lies in the use of familiar and trusted brands, combined with the bells and whistles that create a sense of urgency and fear in the user. This makes them more likely to perform the actions the scammers want them to, leading to potentially disastrous consequences.

It is essential to be vigilant and cautious when encountering suspicious ads or warnings. Users should ensure they are on a legitimate website or app, look for signs of authenticity, and not download anything without verifying its source. By being aware of social engineering techniques, users can protect themselves from falling victim to these scams.

Localized Amazon Stock Ad Scam

As the world of cryptocurrency continues to evolve, scammers have employed deceitful tactics to lure users into investing their money in fake bitcoin trading apps. However, with the crypto market downturn, scammers have been forced to come up with new schemes. The latest scam is a worldwide ad campaign that uses an updated twist on the good old bitcoin-trading notion, incorporating Amazon stocks and women to attract potential victims.

The campaign relies heavily on localization as “attractiveness” is culturally relative. Therefore, the ads served in European countries, Asia, and the Middle East follow a specific pattern, but with localized variations. The landing page users are redirected to fake article about a young woman earning big bucks every month trading Amazon stocks from home.

As with previous scams, the landing page directs users to register for a fake trading app and invest a minimum of 250 dollars, which they will never see again. However, the localization level of this deceptive campaign is noteworthy. The woman’s name and image changes from one country to another, such as Nicole Williams from the UK, Maheen Ayad from the UAE, Fran Pho from Thailand, Christia John from Tanzania, and so on.

Last month, tens of localized versions of this campaign were detected and blocked. The scammers’ goal was to deceive users into risking their money with the same fake trading app. It is important to remain vigilant and informed about such scams to avoid falling victim to them.

Alisha is a Technology Writer and Marketing Manager at GeoEdge. Her writing focuses on current events in the AdTech ecosystem and cyberattacks served through the digital advertising supply chain. You can find Alisha on LinkedIn to discuss brand building and happenings in AdTech.

Malvertising, the practice of sprinkling malicious code into legitimate-looking ads is growing more sophisticated. GeoEdge’s holistic ad quality solution has you covered.


450+ Publishers & Platforms