November’s Top Clickbait Ad Scams

Jeremy Clarkson’s net worth is not worth a click

Whether or not you’re a Top Gear fan, chances are you’ve heard of tv host Jeremy Clarkson. We’re following a financial scam that relies on clickbait ads sponsored by advertiser XNW that urges readers to click and discover how wealthy Clarkson is and why he left Top Gear. 

Users are unaware that these ads are merely a gateway to a scam designed to rip them off.

The scammers behind the ad, direct users through a cloaking mechanism that keeps them undetected and exposes the scam to a very targeted group of users.

Users who aren’t deemed worthy of scamming are simply redirected to an article on entitled “UK’s Top 10 Highest Paid TV Stars” with a picture of Jeremy Clarkson. The connection between the ad and the landing page ensures that the users don’t suspect a thing.

Users who are chosen for the scam are redirected to a deceptive article on a site designed to look like MSN. The article covers a story about Clarkson investing £12 million into a new, automated trading platform called Bitcoin Motion. The only trouble is Bitcoin Motion is neither a new trading platform nor an authentic one.

Bitcoin Motion is another fake trading app designed to get your money and disappear. A quick internet search reveals that it has several “official sites” and “independent” reviews promising users that the app is safe and will make them rich overnight. All they have to do is deposit £250 or more. When users realize something is amiss, their money is long gone.

Do you know what else they realize? That they still have no clue about the net worth of Jeremy Clarkson.

Don’t ride this wave

We’re used to blocking ads prompting users to install malicious browser extensions, but what about malicious browsers themselves?

This campaign from Wave Browser prompts users to download and install a browser that provides a faster, cleaner browsing experience.

The landing page has all the right messaging related to downloading, installing, and setting Wave Browser as your default browser. However, search Google, and you’ll find that everyone on the internet is trying to find out how to get rid of Wave Browser.

Research reveals that this browser was developed by a group of search hijackers who collect users’ search and browsing data and store it on Chinese servers.

Even though many regards this browser as a Potentially Unwanted Program (PUP), the fraudsters behind it have somehow managed to register it on the Microsoft App Store, lending it validity. But make no mistake, this browser is malicious and extremely hard to get rid of once installed.

Since Wave Browser requires no admin rights to deposit and runs scheduled tasks to repopulate itself, simple app removal will not clear it. That’s why so many people are posting online looking for help getting rid of it permanently.

Online users should always think twice before clicking on ads prompting them to download free apps from the internet. As the saying goes, if something is free, you are the product.

Kelly Ripa is back

Kelly Ripa has graced America’s TV screens for what seems like forever. Her career began in the 80s, and she’s been hosting the Live morning show for over 20 years. Ripa’s celebrity status makes it natural for fashion and beauty brands to do anything to get her endorsement for their products.

From time to time, we uncover a misleading campaign that exploits Ripa’s personal brand and reputation to deceive users into buying beauty products online. Scammers often use clickbait ads implying that Ripa is leaving Live to lure users into their trap.

Take a good look at the text of the creative, and you’ll see that some of the letters are actually special characters and symbols. Scammers typically use this technique to evade Optical Character Recognition. 

Scammers continue to hide their activity by running client fingerprinting to decide in real time whether to expose users to the scam or not.

If they choose not to run the scam, users are directed to a dummy blog post about Kelly Ripa. A closer look at these sites reveals that they are cookie-cutter blog sites with a small number of posts all published on the same date.

Users deemed worthy of being scammed are redirected to a fake, deceptive article about how Kelly Ripa has decided to quit the Live show to promote her skin care product line. 

The story is entirely false and designed to lead users directly to an offer page selling a skin cream that has nothing to do with Kelly Ripa.This is not the first time a fake campaign involving Kelly Ripa’s supposed skin care product line has hit US publishers. Each time the scam is launched, it looks pretty much the same, only the dummy posts and blog domains are different, and the magic cream has a different name.  

These campaigns highlight the fine line between low-quality affiliation and misleading product offers. The deliberate and unauthorized use of Ripa’s personal brand is exploited to promote products while misleading users into thinking she has a connection to them.

Why are gas prices so high? They’re hiding a tech support scam!

The global squeeze on the energy supply has led to crippling shortages and surging costs. As consumers focus on gas prices, stock portfolios, and lowering their utility bills, headlines about gas prices draw extra attention. Scammers capitalize on this to lure users into tech support scams, serving a deceptivce clickbait ad to users across the US since early September.

Imitating Vox, a trusted news and media brand, scammers have allowlisted their way through Google’s AdX and AdSense to get to the front pages of trusted publishers. Hidden through ad cloaking, the ad redirects unsuspecting users to a Vox article on how to start running for fitness. Information on gas prices is nowhere to be found. Astute users may notice that the URL doesn’t even belong to Vox.

In fact, what the user sees is actually a cloned Vox page. You’ll only get to the actual Vox site if you click on the Vox logo. This allows scammers to remain hidden and gain the serving platform’s trust. The scam works –  Google has been serving it all over the US for over a week. Once users click on the ad about gas prices, they experience a screen takeover by what seems to be a  Windows Defender alert about a detected threat. The next thing they see is the dreaded message “Access to this PC has been blocked for security reasons.”

The scam prompts them to call a security support line as soon as possible. In reality,

users are facing a full screen HTML page showing them a fake Windows alert message. 

Most users don’t realize they just have to close their browser tab to get rid of the fake alert. They call the support line or click “allow,” which exposes them to ransomware attacks and malicious file downloads. Tech support scams like these are particularly ironic because they back users into a corner, making them believe their PC is infected. In their attempt to neutralize the threat, users end up infecting their computers themselves.

Blocking Clickbait Creative

Programmatic is often a black box; publishers have no idea which ads will appear on their sites ahead of time, often because the exchanges themselves don’t know which ads flow through their pipes. Keep your Ad Ops team up to date on new and evolving ad quality risks. From financial scams to brand infringement, ensure that your team is aware of the latest threats to your audience. Without complete control, publishers will continue to contend with scams and other unwanted ads that don’t meet their standards. For many publishers, monetization comes at the cost of quality, but it doesn’t have to be that way.

Alisha is a Technology Writer and Marketing Manager at GeoEdge. Her writing focuses on current events in the AdTech ecosystem and cyberattacks served through the digital advertising supply chain. You can find Alisha on LinkedIn to discuss brand building and happenings in AdTech.

Malvertising, the practice of sprinkling malicious code into legitimate-looking ads is growing more sophisticated. GeoEdge’s holistic ad quality solution has you covered.


450+ Publishers & Platforms