How Publishers Can Prevent Misleading Product Advertisements

The programmatic ecosystem has experienced an influx of clickbait ads following a drop in CPMs at the start of the year. The reduced barrier to entry has attracted a major flow of fraudsters to the market.

GeoEdge’s Q1 Report investigates the prevalence and source of post-click clickbait attacks targeting mobile users in North America and the UK. The report focuses on misleading product offers and financial scam ads that flow through programmatic channels during Q1 of 2023. The findings indicate that these attacks are rampant, with a staggering 87% of all clickbait ads traced back to only two SSPs. The results of this study provide insights into the evolving landscape of online malicious tactics and underscore the urgent need for stronger measures to protect users against such attacks.

How easy is it to serve fake product advertisements on premium sites? We tracked clickbait ads along the programmatic supply chain. Here’s what we uncovered:

Why programmatic channels are clogged with clickbait

Programmatic channels have been overwhelmed with misleading product offerings due to evolving fraudster tactics as well as the ease of entry to the market. Due to inadequate safeguards, publishers’ sites have been exploited as a means to scam online audiences.

Based on our March 2023 survey of global Digital Media and Ad Ops professionals, 70% of respondents believed that ad security incidents occur at a rate of 1/1,000. However, the situation is more severe with incidents occurring at:

  • US: 1/170
  • UK: 1/140
  • Canada: 1/200
  • Germany: 1/300
  • Japan: 1/1000

GeoEdge security research revealed that scammers have expanded their operations and shifted tactics to primarily post-click attacks. Danger lurks in today’s post-click experience as users are lured in by a myriad of promises, only to be duped through social engineering. Post-click attacks use deceptive creatives to induce user clicks through manipulation and psychological engineering.

Scammers changed tactics around 2020, shifting from using auto-redirects to lure users to malicious domains, to using clickbait to entice users to intentionally navigate to known malicious destinations.

Mobile users are particularly vulnerable to scammers who launch post-click attacks disguised as product offers. GeoEdge security data reveals that 65% of post-click attacks target mobile devices, with desktops bearing 30% and tablets making up the remaining 5%.

Misleading product offers emerge as the primary tool for fraud

Publishers have been under the assault of clickbait ads over the past three months. Misleading product offers and financial scams lead the way as the most common attacks.

The top five malicious incidents within the first 3 months of 2023 have been misleading product offers, financial scams, malicious browsers and add-ons, forced notifications, and auto-redirects

  • Misleading products lure users with clickbait ads for nonexistent or counterfeit products, preying on users’ hopes and fears.
  • Fake software updates exploit social engineering tactics with familiar logos and icons that trick users into downloading and installing disguised malicious programs.
  • Financial scams misuse recognized celebrities and shocking headlines to lure users into clicking on ads. These ads redirect them to deceptive landing pages promoting fake financial services or financial instruments.
  • Malicious browser extensions and add-ons offer users incentives to install them, and then collect details about users’ online activity and personal information
  • Auto redirects hide code within the ad pixels, transporting users to various schemes.

How do misleading product offers enter the programmatic supply chain?

Typically, malicious actors buy a license on a DSP. They then carry out a warm-up phase, in which they pretend to be legitimate advertisers. They upload code that calls for a legitimate ad leading to a genuine website, free of malicious code. Most DSPs have a probation period for new advertisers, during which they review campaigns to determine their legitimacy. Malicious actors avoid deploying any attacks during this time to be approved for continued advertising by the DSP. Once they’re under the radar, fraudsters change the code in the background using a tactic known as cloaking, which hides the scam.

Cloaked scams rely on client-side fingerprinting to identify specific users who are vulnerable to being scammed. Cloaking lets scammers evade ad policies that prohibit diet scams, trademark-infringing products, and malware. Users are directed to a deceitful landing page where the scam takes place. Users who do not meet the targeted parameters or non-human environments never see the deceptive landing page.

Ensuring protection from misleading product offers

In the fight against harmful and misleading ads, publishers must take proactive measures to protect their users. One such step is partnering with SSPs who prioritize ad quality through accurate ad categorization and blocking.

GeoEdge analyzed ad quality ranking and malicious ad trends over the last 90 days by tracking impressions from the top 9 global SSPs. There were significant performance disparities among the leading SSPs, with some showing acute levels of high-risk creatives.

SSP Ad Quality Takeaways:

  • 87% of all scam ads came from only 2 SSPs [SSP1+SSP6]
  • The worst performing SSP delivered malicious ads at 1.36% of the rate of the best performing SSP.
  • The overall average percentage of malicious ads among the top 9 global SSPs was 0.54%.

In today’s rapidly evolving advertising landscape, relying solely on SSP protection is not enough. To take control of ad quality and user security, publishers must be armed with real-time on-page prevention solutions. The right tools analyze the actual content and code of ads and landing pages, rather than relying on advertiser declarations, to categorize and block bad ads. Real-time solutions provide the highest level of protection for users, ensuring that misleading product advertisements never make it through the filters.

About GeoEdge

GeoEdge’s advanced security solutions ensure high ad quality and verify that sites offer a clean, safe and engaging user experience, so publishers can focus on their business success.Publishers around the world rely on GeoEdge to stop malicious and low-quality ads from reaching their audience. GeoEdge allows publishers to maximize their ad revenue without quality concerns, protect their brand reputation and increase their user loyalty. GeoEdge guards digital businesses against unwanted, malicious, offensive and inappropriate ads — without sacrificing revenue.

GeoEdge is the trusted cyber security and ad quality partner for publishers and platforms in the digital advertising industry. With more than a decade of experience, we’ve built solutions to prevent tomorrow’s threats, today.‎

Malvertising, the practice of sprinkling malicious code into legitimate-looking ads is growing more sophisticated. GeoEdge’s holistic ad quality solution has you covered.


450+ Publishers & Platforms