Malicious Energy Scam Spreads Across Ad Ecosystem, cleanAD Keeps Publishers Protected.

by Nick Carlson, on Apr 1, 2022 8:17:57 AM

Over the past three months, the cleanAD network has seen an explosion of a particular brand of scam, surrounding an energy-saving system that the Advertising Standards Authority and other watchdog groups have deemed “scientifically impossible.”

Appearing under a variety of URLs and faux-brand names, these ads lure users in with fantastical claims about saving money with “one simple trick”. 

Much like charlatans and snake oil salesmen who pack up and skip town to avoid being shut down, malvertising groups often hide their scams under a variety of brand names and URLs in order to avoid detection or bad press from traditional ad review processes, advertising watchdog groups, and online review forums.

In this case, the energy scam has created a number of different sites, all sharing the same content, but changing domains and brand names from Motex, to EcoVolt, and VoltTex. The page even features fake 3rd party Ford and Samsung ads, attempting to establish some credibility.

Once the user interacts with the ad they are directed to a landing page with a vague, long-winded article with falsified data, quotes, and reviews in an attempt to fool users into believing an offer that is in fact too good to be true.

This falls in line with the language used by most online scams, going on to warn unsuspecting users of a “50% discount” off the product to create a fabricated sense of urgency that will lead them to purchase the product.

If the user clicks the “Claim my 50% Discount” they are brought to a checkout page to enter their credit card information, after which they likely receive a faulty product in the mail, if one at all. 

Fraudsters often use these scams to capture credit card information and sell it to other unscrupulous actors across the web to make fraudulent purchases online. Once the information is ripped from the site, users will have to track down fraudulent purchases, reach out to their bank for insurance, and cancel their card altogether.

Over the past three months, this predatory ad has been detected, and blocked, tens of millions of times across the cleanAD network (regardless of changing domains), climbing its way through January and February before reaching its peak in early March at roughly 15 million threats in a single day.

As this scam continues to spread and employ new obfuscation techniques, our cleanAD code continues to block the malicious activity immediately, making it impossible for the malvertising group to slip by our system undetected.

But the success this scam is finding in slipping by other security measures to attack users makes it likely that their scam will continue into the foreseeable future.

How This Damages Your User Experience and Ad Revenue

At first glance, it may seem reasonable to believe that these predatory and misleading advertisements will earn high click-through rates, and thus help boost your overall ad yield.

But the short-term boost in clicks will fail to make up for the long-term loss in revenue as users begin affiliating your brand and website with online scams and other potentially harmful malvertising practices (such as malware or data scraping).

If you continue to allow these ads to run on your site, users clicking through and falling victim to these deceptive, fraudulent advertisers will only make you more of a target, as your site is now a successful source of revenue for their online scam. 

Soon you will see these ads appear more often and more aggressively on your site, driving users away from your business and tarnishing your brand reputation.

And once a user’s trust is lost, it will be difficult, if not impossible, to win it back. 

How You Can Protect Your Publishing Business

DSPs, SSPs, and ad networks alike each have their own ad review processes that are set up to siphon out potentially harmful or fraudulent ads. But standards vary, and for the most part, are rudimentary, manual processes set up to make sure the advertisements meet their policy standards (i.e. correct sizing with no shocking or inappropriate messages or images) and actually lead to pages for the correlating products and services.

If an ad is flagged by watchdog and ad quality groups, it can help prevent it from making it through this review process, but many DSPs, SSPs, and ad networks with less strict standards are still likely to let the ad pass.

Plus, fraudsters can quickly have their ad running again by changing their URL and brand name, starting the process over again.

For the best protection, you will want to partner with an ad security company, whose proprietary software will be able to detect harmful ads and block them from being served on your website.

Traditional security groups rely on blocklists to accomplish this, where dangerous URLs are added to a database of advertisers deemed to be harmful to users and advertising campaigns. 

These databases also use algorithms to block URLs similar to those in the blocklist to try and prevent new and unmarked threats from sneaking past their security systems.

But this approach has a number of drawbacks.

With blocklists, you will always be playing catch up with dangerous online fraudsters. Once you block one URL, they can quickly set up shop on another, creating a cycle of whack-a-mole. 

Blocklists may be able to prevent similar URLs, but many will still be able to sneak between the cracks. 

Not only this, but this technique can also lead to legitimate and lucrative advertisers being mistakenly flagged and blocked. This not only prevents you from earning impressions but can cause strain on your relationships with advertisers.

Finally, when traditional blocklists prevent flagged ads from loading on your webpage, that ad slot is no longer earning impressions from users. Protecting your users and reputation from malicious practices then comes at a price, leaving ad slots unused across countless sessions until the malvertiser stops targeting your site.

Altogether, this is a reactive, prolonged approach to ad security. If you are looking for a true, one-stop, set-it-and-forget-it solution, investing in a preventative, behavioral solution will be your best bet.

Partnering with cleanAD 

At cleanAD, our unique single line of code is currently the only true preventive solution on the market. By behaviorally detecting malicious ads on runtime, our software removes the need for blocklisting, allowing us to block harmful activity while still allowing ad impressions to fire.

This means even as URLs change and new threats enter the ecosystem, you remain protected full-stop while fraudsters still pay you for ad impressions, even though their malicious ad is being blocked on your site. 

This not only protects your ad revenue channel but also disincentivizes bad actors from advertising on your site because they are now paying for ads that are not bringing them any traffic.

If you are struggling with malicious advertising groups, and want to learn more about what our solution can do for you, you get in touch with a salesman and signup for a free 14-day trial here.

Topics:Malvertising Data

Our blog

Where businesses come to learn more about protecting the points of digital engagement with their customers, audiences and users.

Subscribe to Updates