Financial scams have been on the rise at an alarming rate in recent years. In fact, it’s extremely likely you’ve seen them out on the web, whether or not you realized it at the time. The Federal Trade Commission (FTC) reported that financial scams increased by 70% in 2021, cheating U.S. consumers out of $5.8 billion. A record 2.8 million people filed fraud complaints with the FTC during that year.
How do bad actors get away with financial scams? And what can publishers do to stop this rise in crime? To answer these questions, we need to delve into clickbait financial advertising crimes, analyze weaknesses in the digital ad supply chain exploited by these bad actors, and explain how scammers manage to make their services appear legitimate.
What is a financial ad scam?
Financial and investment scams lead people to give money to criminals by offering them a variety of fake get-rich-quick schemes.
Unlike other types of cybercrime, financial scams drive people to pay the scammer directly, rather than through roundabout tactics like installing ransomware or selling personal data to another company. The misleading ads that promote financial fraud often describe exciting investment services, promise secret ways to penetrate new markets in other countries, or even claim to offer AI and machine learning tools that would give you an advantage in your investments. But in reality, they are simply cheating vulnerable people out of their hard-earned funds, stealing their life savings, and leaving them destitute — something no publisher wants to unwittingly be involved in.
How financial ad scams work
Since it’s hard to convince people to pay real money, criminals promoting fake financial products and services put a lot of effort into making the fraud look real.
Bad actors rely on the programmatic ecosystem to deliver clickbait ads to victims. To do that, they must first enter the ad supply chain. Campaigns run by advertisers who are new to an exchange are spot-checked to ensure they’re not up to anything nefarious. Therefore, criminals usually start with a warm-up stage, aiming to get their scam on the list of acceptable advertisers.
Figure 1: Innocuous ad creative for grass
Knowing that ad quality spot checks are waiting for them, bad actors first run innocuous campaigns — like this one, about services for getting rid of unwanted grass, that leads to an innocent landing page.
Few, if any, consumers click on these ads, but that’s not the point. The scammer’s goal is to ensure their advertiser ID and name are approved across all advertising delivery chains — because once it is, they can access the entire ad delivery chain. Then the warm-up phase ends, and the scammer switches tactics.
At this stage, fraudsters switch the approved ad creative with clickbait, often featuring a celebrity and promising a financial windfall to users who click on the ad for their service. Some clickbait ads promise to let users in on the secret to a celebrity’s financial success. Others feature a regular person, like a former soccer mom who now drives a Lamborghini after getting rich using their services. Unlike code-based scams, financial scams use social engineering tactics, and the user is lured into a trap with the promise of wealth.
Figure 2: Cryptocurrency Ad Creative
Today’s fraudsters invest significant efforts to conceal their ploys in a cloak of legitimacy. They mimic news websites from different countries in their landing pages, and launch fake websites for the “investment companies” behind clickbait ads. Some cybercriminals even create false LinkedIn profiles for the businesses’ “leadership” listed on their About Us page. Others create fake news websites that include “reviews” from people who have had fabulous success. They’ll even launch Google Ads search campaigns for cautious customers who take the time look up, “Is XYZ a legit investment business?” Anything to get their victims to believe the scam is real and buy into their investment scam or services.
Examples of financial scam ads
If there’s a news story about people getting rich quick or finding relief from a financial burden, fraudsters will use it to drive victims into their funnel and steal from them.
There are myriad versions of financial clickbait scams and malvertising, often targeting specific markets or countries. They are designed to reflect current trends, from cryptocurrency investment and NFT markets to the American Rescue Plan and the Student Loan Payment Pause.
Figure 3: Fiancial Ad Clickbait
Like all advertisers, scammers spend a great deal of time tailoring creatives to specific audiences. For example, campaigns aimed at Canadian targets feature Keanu Reeves, while those sent to Australians feature Mel Gibson. Targets worldwide are shown ads featuring Elon Musk.
Figure 4: Fiancial Ad Clickbait
Once a person clicks on the ad, they are taken to a landing page that mimics a legit news site, such as Forbes, BBC, The Daily Mirror, or another well-known publication in the user’s country. The fake news site’s URL will be very similar to the real publisher’s URL (forbesnews.com vs. forbes.com), further convincing users that the site is real and not a fraud.
The “site” features an article describing how a celebrity or ordinary person made huge profits from, for example, trading cryptocurrency and stocks, real estate investments, free loan services, or some other scheme in line with a current news story. It’s not uncommon to see “endorsements” by other investors who claim to have done very well with the investment tactic described.
How to detect financial scam ads
One of the best ways to detect bad ads is to detect the tactics criminal actors use to hide, such as cloaking, or to identify differences between real and fake websites.
Criminals know that many publishers have anti-malvertising detection systems to spot-check ad creatives and assess their legitimacy — and to succeed, they must circumvent these systems. To do so, scammers often use cloaking.
Cloaking lets criminal advertisers cherry-pick the users who see their deceptive ads, while attempting to evade anti-malvertising solutions. To make that distinction, fraud actors “fingerprint” all users before showing them a malicious landing page. Fingerprinting involves running a series of tests post-click to determine if the client really is who they claim to be.
For instance, fingerprinting checks whether the client is really an iPhone user, or merely a fraud detection engine emulating an iPhone. It checks if they are located in Canada, or are using a proxy VPN to hide their true location. The answers to these questions are recorded, so the scammer can choose whether to strike or hide the next time that user is seen.
Detecting cloaking is an important element in stopping this type of financial fraud and these scams. For example, you can start by detecting advertisements that utilize fingerprinting, since there is no reason for legit advertisers to use this tactic.
Another way is to pinpoint differences between fake websites and real ones. Fake websites are never exact replicas, which is how criminals protect themselves from copyright infringement lawsuits by the real publishers they’re mimicking. Therefore, tools like image and text analysis can pick up on the differences and flag the sites as fake.
How to block financial scam ads
The only way to keep your site safe is to use an advanced tool that can detect scam ads in real-time, block them before they are shown to the user, and replace them with safe ads.
Given the massive efforts and sophistication of bad advertisers, this task requires a combination of continually updated blocklists, AI analysis of text and images in the ad creative and landing pages, and pinpointing malicious tactics like fingerprinting. GeoEdge has the tools and knowledge to detect even the most sophisticated financial scams. Even under the guise of detailed legitimacy, GeoEdge stops scammers in their tracks, protecting your users and your reputation.
