How to Block Malware Threats in Native Ads

Native advertising has only become more popular with advertisers — and profitable for publishers — over recent years. Its adherents praise its high engagement, and its role in providing quality user experience throughout the entire page. That enthusiasm brings a serious payoff to publishers: Between 2016 and 2019, US native ad spend rocketed up from $16.68 billion in 2019 to $43.9 billion in 2019, and it’s expected to increase another 21% YOY (vs. 2020) to $57 billion by the end of 2021.

But as with any form of digital advertising, native comes with its security risks. The web’s bad actors will always gravitate toward where the engagement is. Let’s explore native’s particular security issues — and how to address them properly, to keep users trusting, engaging with and monetizing your site.


What Is Native Advertising?

Native advertising is advertising that is intended to blend in with the design and branding of the publisher’s page. The premise predates digital and goes back to newspaper/magazine “advertorials” and product placement in TV and movies.  In a way, native’s concept is a counterpoint to the premise that digital advertising should be “disruptive.” One of the core premises of native is that it actually captures more of the consumer’s attention because it doesn’t disrupt the user experience. 


What Native Looks Like on the Page

The IAB recognizes three native categories: in-feed or in-content, content recommendation ads, and branded or native content. Paid search, promoted listings, custom native, and in-ad with native elements (outside the feed) are subcategories within the three. 

Here’s what that looks like in practice:

  • In-feed/in-content. The ad sits within the article, between articles in a scrolling environment, between social posts, or among product search or search engine results.
  • Content recommendation ads/widgets. The ad sits within a set of images and headlines linking to other content on the same site or elsewhere around the web. 
  • Branded/native content. The ad links to an article or video — sometimes on the publisher’s site — paid for by an advertiser. The content may be created by the publisher’s staff, or by an advertiser or advertiser’s partner.

There are also different ways in which native ads are hosted — on closed platforms (the promoted content is on the publisher’s own site), open platforms (the content is promoted around the web, and sits on a third-party site) or hybrids of the two.

Whenever a publisher gives a third party access to its own pages, there’s a security risk. Even the most exclusive native ad platforms have been infiltrated by bad actors, and the high level of engagement around native ads can gain makes them tempting to scammers and malvertisers.


Advertisers Love Native. So Do Malvertisers

The growth of digital native advertising has been driven by a number of factors, including the rise of programmatic native platforms. Another factor is the idea that users have become “banner-blind,” and advertisers have sought a more engaging alternative. 

That said, native has its detractors: Because it’s supposed to blend seamlessly into the environment along with content, its critics argue it leads users to believe the ads are part of the publisher’s content. Native’s supporters argue users today are sophisticated enough to recognize a native ad is an ad. Publishers and advertisers need to walk a fine line. Deep engagement doesn’t happen without the user’s trust. 

There’s a general understanding that native earns higher CTRs than traditional display, but assessments of just how high vary greatly. They’ve been cited as getting anywhere from 150% to over 1000% more click-throughs than traditional. That high CTR allows publishers to price native inventory at a premium. It also puts native in the crosshairs of malvertisers and scammers.


Don’t Let Users Be Deceived by Clickbait Content 

The scammers and fraudsters in digital today have adopted both technological and psychological tactics. They use cloaking to hide their real identity from basic ad creative scanners along the supply chain, by showing innocuous creative and a counterfeit URL until the ad renders in front of a human user and swaps in malicious creative.

Commonly, that malicious creative is deceptive — fake celebrity news, a fake celebrity product endorsement, a “miracle” product, and so on. Rather than launching an auto-redirect or other attack through the ad unit, the “fake ad” entices the user to click. On the landing page, the user finds a phishing attack, a bitcoin scam, a form to order a fraudulent product, or a prompt to download malware. Morphixx, a notable cloaking campaign in native in 2020, was a cryptocurrency scam, and crypto scams are rampant today, with bitcoin being a hot investment trend.


Publishers Are Liable for Everything on the Page 

Publishers are accountable to their users for all content on their sites — page content and ad content. To the user, everything on the page is part of an overall experience brought to them by the publisher.

Furthermore, publishers should act as though they are also legally accountable. Recent regulatory changes in the US, and political pressure on social platforms to take legal responsibility for all content they host, may be used to argue publishers are as liable for third-party content on their sites as those third parties are. Also, celebrity images used without permission in clickbait-style ads could easily be considered intellectual property infringement.  

Quality advertisers need brand-safe environments for their campaigns. Publishers need to expect advertisers will pull spend if they find their ads are adjacent to deceptive ads, on a site where users feel their own trust is compromised.

Publishers must become familiar with FTC guidelines for disclosures around native ads. This is another fine line to walk: Native is valued by advertisers because it fits in with the flow of content. So any disclosures need to be clear, without also taking the user out of the moment.  The FTC calls for native ads to be disclosed in “clear and unambiguous language,” close to the ad, in a legible font. Putting a shaded border around the ad is recommended. IAB guidelines are similar.

The FTC’s recommended disclosure language includes “Sponsored” or “Advertisement,” and advises against more ambiguous terms like “Promoted.” Some brands choose to include their logos alongside text disclosures.


Take Action to Maintain Ad Quality in Native

Publishers hosting native ads always need to assess what ad quality measures they’re able to manage in-house and which they should put in the hands of a reliable, highly reputable ad quality partner. Consider these measures today, and determine what resources you have to put them in action:

  • Develop clear internal guidelines for ad quality in native, and hold native ad content to the same standard you hold your own content.
  • Identify stakeholders across your business’s teams, and establish their roles in maintaining those guidelines and standards.
  • Consult and follow the FTC’s and IAB’s guidelines for disclosures. 
  • Take advantage of QA automation to identify and block inappropriate native creative and code that indicates a cloaking attack
  • Create a process to review native ads manually, but efficiently. The publisher is the best authority on whether native ad content feels consistent with page content.
  • Work with native ad partners and security/quality partners to better align ad content with page content. 


Automated and Manual Review Go Together

Automated and manual ad quality methods should be applied in tandem with each other for the best effect. Any automated ad quality solution must be able to identify and block suspicious or inappropriate creative in real-time — before it reaches the page, and must be able to detect cloaking attacks. 

Publishers should look to an ad quality partner who can automate granular ad content categorization, to avoid losing revenue from aggressively blocking broad categories of ads, and to make the manual review process more efficient. Efficiency is important in manual review — it’s a necessary step, considering the sensitivity required to successfully address ad quality in native, but it should not prevent ad ops teams from putting their best skills to work for the publisher’s business. AdWatch from GeoEdge provides a clear dashboard view of all ads on the site, with the option to select and remove any remaining inappropriate ads.


Manage Malicious Native Ads with GeoEdge

Take action today to maintain ad quality in your native advertising inventory — building long-term relationships with users, satisfying your advertisers’ brand safety needs, and reaping the benefits of native CPMsGeoEdge’s malvertising protection provides coverage across all ad formats, including Native— offering publishers complete control over their sites’ on-page user experience and beyond. 

Reach out to GeoEdge to learn how real-time monitoring blocking of ad quality and security threats can bring you toward those goals and keep your team focused on your business goals. 


Alisha is a Technology Writer and Marketing Manager at GeoEdge. Her writing focuses on current events in the AdTech ecosystem and cyberattacks served through the digital advertising supply chain. You can find Alisha on LinkedIn to discuss brand building and happenings in AdTech.

Malvertising, the practice of sprinkling malicious code into legitimate-looking ads is growing more sophisticated. GeoEdge’s holistic ad quality solution has you covered.


450+ Publishers & Platforms