The past few years have become known as the “Post-Truth Era”. Experts have written countless articles about this vague term, but we know it’s a tangible reality.
The precise borders that once distinguished malicious advertising from low-quality ads have blurred to the point where it’s hard to say where one ends, and the other begins. Scammers who once relied on malicious code to force users into their traps have turned to clickbait scams and fake news to deceive users. These days, it is difficult to determine whether an ad is a scam, but it’s tricky to detect it because the true scam only reveals itself once a user clicks on it.
Because fundamental concepts like the truth are under attack, having a trusted partner on your side is more important than ever. A reliable ad security partner who is consistent, credible, and transparent is a must.
Our evolving detection highlights ten scams falling under the clickbait umbrella which take place post-click. These terms and descriptions will provide precise terminology and finer granularity into the deceptive clickbait we detect.
1. Forced Browser Notifications
Forced Browser Notification scams lead users to Accept Push Notifications from a malicious website by offering false incentives like access to video content, streaming services, etc. Once users allow notifications, the scammer gets an open, un-monitored channel to pop visual messages with call-to-action buttons on their browser.
2. Malicious Extensions & Add-ons
This scam relies on button-like creatives that lead users to a landing page where they are prompted to install fake extensions and addons to their browsers by offering incentives like access to video content, streaming services, PDF conversion tools, and more.
Once users install these add-ons, scammers can access their online activity and collect information about anything they do on their browsers.
3. Fake Antivirus & Cleaners
Scareware attacks present the user’s fake messages about a virus or infection on their device, prompting them to download and install phony Antivirus or Computer Cleaning Software, which are malicious programs. These messages appear on the creative or popup after the user clicks on a legit-looking ad.
4. Fake Software Update
These attacks use a fake message about software that requires an update, prompting the users to download and install their disguised malicious programs.
They usually contain social engineering elements such as icons and logos designed to make the user think the massage was prompted by their system or a service provider they trust (Google, Adobe, Apple etc.)
5. Suspicious VPN
Suspicious VPN attacks present users with a fake error message prompting them to install a VPN to secure their online activity. The VPN software installed by the users might be functioning as a proper VPN, but it will also be carrying suspicious behaviors such as users’ data collection and online activity tracking.
6. Gift Card Scam
This scam leads users to provide personal details to gain a prize.
They usually come in two main shapes: Fake Survey Scams & Fake Lottery scams.
Both use standard practices to lure users into clicking on them and winning the prize and fake comments of users on the landing page that are designed to disguise the fact that this is a scam.
7. Tech Support Scam
Tech Support scams are effective because they combine several elements that strongly impact the user. Fraudsters use innocent-looking ads-After the ad is clicked, they brutally take over the entire screen while disabling basic browser features like the user’s ability to exit full-screen mode or close the browser tab. They use icons and logos (Apple, Microsoft) to make the message seem like a system alert. They often add strong red colors to create a psychological alerting impact (social engineering). These scams often tell a horror story about a critical malfunction or virus, and t offer a clear path to solve the problem, either by downloading and installing some fake program, calling a fake support center that will guide the user to instal the malicious code, or simply phish some personal data.
8. Financial Scam
A financial scam usually starts with scammers pretending to be legitimate advertisers, buying media for a legitimate campaign. In this “Warm-up stage” the scammers gain the trust of ad networks and DSPs, getting approved with their harmless ads and LPs. Once scammers are approved, the scam is revealed and the social engineering work will kick in as the ad tags return a clickbait creative. Financial scams often exploit the popularity of a local celebrity (without their consent) along with a shocking title designed to lure users into clicking the ad. Once the ad is clicked, the user will be redirected to a deceptive landing page that will usually mimick a trustworthy news site containing a fake article promoting a phoney offer or financial service such as cryptocurrency or stock exchange trading, with no real company or vendor behind it. The landing pages are built so that any clickable element on them leads the user to the deceptive offer page, where they are asked to provide personal information and credit card details to register to the service.
9. Brand Infringement
Brand infringement Ads implement ads for fraudulent, low-quality, Non-genuine products or non-existent products and services. This may include counterfeit products, campaigns impersonating brands or businesses by referencing or modifying the brand content in the ads, URL, destinations or misrepresenting themselves as the brand or business. Clickbait ads and landing pages like these typically promise premium products at unusually low prices.
10. Misleading Product Offers
Misleading Product offers employ ads and landing pages providing products that don’t exist in the market (e.g., miracle cures), Non-genuine products ie; imitation, clones, faux, and fake. Clickbait creative in this category may prey on users’ hopes and fears, offering easy solutions for complex problems, products, or services in scant supply.