It’s been twenty-six years since the first banner ad ran on HotWired.com, and during that time, the digital advertising ecosystem has been revolutionized by the advent of programmatic technology. Initially, most publishers sought out programmatic to enhance revenue, but it hasn’t always been a smooth road. That’s because users naturally associate ads with the websites that display them. With the meteoric rise of bad and inappropriate ads, programmatic advertising is becoming a significant tricky for many publishers to hack. New protection is needed to reign scammers in and prevent them from creating a bad experience for users and harming publishers’ reputations.
What is bad advertising?
A bad ad disrupts the user experience on web pages or mobile devices. In some cases, it’s an ad that contains offensive or inappropriate content. At the far end of the spectrum, it can even be an ad with malicious code that hijacks users’ browsers and redirects them to questionable landing pages.
Even one bad ad can damage a publisher’s relationship with their users, so publishers must block bad ad creative that comes through their Google Adsense account and through any other ad exchange or ad platforms. However, publishers must replace blocked ads automatically so they don’t lose revenue. The problem is that publisher tools like Google Ad Manager don’t have the ad-blocking controls that they need. This leaves publishers without an effective solution to prevent users from seeing unwanted or inappropriate ads.
Types of bad ads
Before we get into what publishers can do about bad ads, it’s crucial to understand what makes an ad bad or deceptive. In general, bad advertisements fall into three broad categories.
- There is no correlation between the ad creative and the content of the landing page or site it leads to.
- The ad leads to a landing page that is related to the ad creative but promotes fraudulent products, misinformation, salacious content, etc. Increasingly publishers and advertisers are encountering deceptive ads that spread fake news and present information that is false or inaccurate.
- The ad tricks users into thinking they are going to read about a celebrity or a product but leads to phishing scams, Trojan horses, links to download malware, and other tactics meant to harm the user and support criminal enterprises.
Why are you seeing bad ads?
Bad ads enter the ecosystem at various points along the supply chain. They can enter users’ devices in direct-sold campaigns or via programmatic channels, as inventory from exchanges or networks.
Curious how much it costs to be a cybercriminal?
There’s a common misconception that higher CPMs act as a barrier to criminals who aim to deploy harmful code or launch scams through ad slots. But sophisticated cybercriminals are more than willing to pay high CPMs. And they don’t always have to—a fraudulent advertiser is often able to meet nefarious goals and disrupt the user experience at a lower cost. When CPMs fall, scammers can access inventory that under normal circumstances, would sell to a deep-pocketed premium advertiser. So, by extension, low CPMs basically present an invitation to scammers, fraudsters, and hackers.
Low fill also opens the door to security risks for business reasons. When they can’t sell all of their inventory to reputable advertisers, publishers are eager to fill ad slots and earn revenue, even if the advertiser is not familiar to them. Once bad actors gain entry to publisher inventory through legitimate demand channels, they’re able to go toe-to-toe in a programmatic auction with quality advertisers.
Available tools aren’t doing the trick
Bad ads of all types are slipping through the programmatic net and through the tools offered by Google including Google Ad Manager. In the programmatic market, it’s easy for scammers to disguise themselves as legitimate buyers, and a single vulnerable ad slot on a website or in an article presents an opportunity for an attack, launched directly on the user and their device. And whenever one scammer is identified and blocked, another will emerge to take advantage of the same vulnerabilities.
So, while the third-party ad-serving system is necessary to fill ad inventory and generate greater revenue, it often leads to user and brand harm. While there may be a short-term revenue gain from low-quality ads, the Coalition for Better Ad’s research shows that, in the long run, bad ads have high costs because they lead users to abandon a site or want to block all ads using ad blockers. Ultimately, a publisher’s credibility relies on its record for delivering value and relevance, which is true for the ads on the page as well as an article or other type of content.
Unfortunately too often publishers find out about bad ad issues too late, often by browsing the site themselves or by frustrated users notifying them personally, trashing them on social media, or downrating them in the app store.
Are publishers liable for scam ads?
Regulators often see publishers as the legally responsible party for everything that happens on their site, including ads they host on it.
The liability includes any landing pages their sites link out to, for example, landing pages linked to via the ads they host. Yet, there is no single law that defines what security measures all publishers in the world are required to implement to protect website visitors from inappropriate ads, or even a standard definition of what a bad ad is.
In some countries like the UK, the publisher is responsible for blocking scams on their sites. In other countries, ads with certain types of content are forbidden. For example, in India, ads for gambling are not allowed on any website, in Germany ads for alcohol are forbidden, and in the US, legislation like COPPA childhood protection forbids various types of offensive content from appearing on any site.
The FTC enforces truth-in-advertising laws, and further legal issues around IP infringement arise when the content, including ad creative, contains the image of a public figure who has not granted the right to use their likeness for this purpose. Misleading or inappropriate ads frequently use images of celebrities or other public figures without permission in an attempt to give their ads the appearance of legitimacy or authority.
Pros of bad advertisement blocking for publishers
When you block bad ads, you offer your users a better experience—reducing bounce rates, increasing website traffic and driving subscriptions.
When publishers don’t block bad ads, users get frustrated and install ad blockers—software that prevents both good and inappropriate ads from appearing. When this happens, publishers lose ad revenue from legitimate advertisers.
Cons of inefficient ad blocking for publishers
The obvious con when you block ads is lost ad revenue for the publisher.
Without the right blocking tools, you can end up wasting time looking for the proverbial needle in the haystack, lose income, and still find that a bad advertiser has gotten through—it’s impossible to block them all.
How to block bad ads?
The best way to avoid bad ads is to identify them before they are served to users on a publisher’s site.
No one is immune to bad ads, however, technology can help maintain ad quality and identify bad ads before they are served through the programmatic net. That means going beyond basic Google tools and implementing these steps:
For direct campaigns:
1. Scan all creative assets and landing pages from different geographic locations and use different target parameters before uploading them to your ad server.
2. Perform daily checks for compliance breaches in your advertising assets that have been previously approved. Continue this during the entire run in your inventory.
For third-party campaigns:
1. Constantly scan all live campaigns in real time—both creative assets and landing pages for ads that are served within your inventory.
2. Ensure that your ad verification and security service will notify you in real time when malware or other malicious activities are detected within your inventory.
How to block malicious ads
Malicious advertisers utilize a variety of techniques to get around various security mechanisms. Therefore, in order to prevent visitors from seeing inappropriate ads or ads with malicious content, make sure you have a tool that is capable of detecting cloaking activity, post-click behavior, and landing page analysis.
Block ad phishing and scams
There are 10 kinds of clickbait scams and publishers need a solution that can identify all of them.
- Forced browser notifications
- Malicious extensions and add-ons
- Fake anti-virus and cleaners
- Fake software updates
- Suspicious VPN
- Fake gift card scam
- Tech support scam
- Financial scam
- Brand infringement
- Misleading product offers
Blocking offensive ads
People define offensive ads differently, but in many cases, they include ads with sexually explicit or violent content.
Due to the nuance, it isn’t enough to block URLs that appear on a blocklist. Publishers need a tool that can detect offensive content in both the ad and landing page according to definitions provided by the publisher. It’s important that the tool utilize image recognition, machine learning, text analysis, and more to make sure that all offensive ads are blocked before they are seen by users.
How to block disgusting ads
This is a subjective category because what one person thinks is acceptable may be disgusting to someone else. That’s why it needs to be up to the publisher to decide if they want to block the ad or not. Therefore, they need a tool where they can see all ad content and decide what is disgusting and what is not, as well as a search mechanism where they can search according to specific brands and verticals and block ads according to specific types of text and images. In addition, it’s a good idea to have a mechanism where users can give publishers feedback, report problems, and immediately block bad ads.
Facing bad ads now
If you have bad ads showing on your site right now, the first step toward gaining control over ad behavior, ad content, and blocking malvertising is to identify their source by monitoring which advertisers are the root of the problem.
Publishers can take a more proactive stance in weeding out bad actors by notifying SSPs about low-quality, offensive, or fraudulent ads and urging them to find the source and solve the problem. Delivering constant, accurate information about those ads to SSPs will enable them to block fraudsters.
The fundamental question publishers have to ask themselves is whether their team’s resources are sufficient to deal with bad ads alone or if they need external support to stop bad ads from infiltrating their site.
Escaping Digital Quicksand With GeoEdge
GeoEdge blocks campaigns with malicious and bad ads at the per-impression level, so that the user is never exposed to malicious ads. It automatically replaces blocked ads with clean and safe ads, to ensure that publishers generate revenue from every impression on their site.
With GeoEdge’s detection and real-time blocking of malicious and low-quality ads, you can be confident knowing your users are always protected against non-compliance, malware (malvertising), inappropriate content, data leakage, operational, and performance issues.
