Spikes In Malicious Landing Pages; What You Need to Know

by Andrew Reed, on Oct 19, 2021 9:00:00 AM

Malicious landing page attacks have dominated the malvertising ecosystem the last couple of weeks, making up more than half of all attacks in the past 30 days.


Spike in malicous landing pagesgraph key


These types of attacks lure users in and sneak by manual ad reviews by disguising themselves as familiar and legitimate corporations while cloaking their malicious URLs behind seemingly harmless ones.

These ads often blur the lines between ad security and ad quality assurance, but the impact they have on your user experience, reputation, and ad yield is exactly the same.


What Are Malicious Landing Pages

Malicious landing pages are intentionally deceitful web pages that try to lure users into giving up their private information (credit card numbers, SSN, contact information, etc.), invest in online scams, or install malware on their device.

The attack associated with last month’s spike was largely a cryptocurrency scam, disguised as a lucrative Netflix investment.

The rendered ad looked like this:

Fake netflix ad

While the ad relating to the malicious landing page is usually harmless (i.e. no malicious payload impacting publishers webpage), if a user is deceived into clicking on the sensational ad they will be brought to a deceitful webpage looking to either steal private information or install malware on their device.

Once the user clicks the ad, they are navigated to this registration page, standing in as a fake Netflix Investment, where they are prompted to enter their name, email, and phone number.


fake registration page

After registering, they will once again be redirected to a new webpage. This time to a trading platform that deals in binary trading options (betting if something goes up or down).

binary trading site


Here the user may be enticed to start trading through the platform, but the available information about this trading platform shows that this is an offshore broker unlicensed for US, UK and AU. And after browsing the page, the ability to trade shares of any advertised popular brands like Netflix is doubtful.

Online reviews of this platform also show that users who attempt to withdraw their invested money are led prompts attempting to trick users into investing further and/or will see a subsequent blocking of their account.

Once a user puts money into a site like this, it is unlikely that they will be able to cash out.

The original creative might have been harmless to the publisher’s site, but an ad that results in a user clicking through to a landing page that is malicious is just as disruptive and dangerous to your users' experience as other common types of malvertising.

Although you get paid for the ad impressions, you end up paying with your brand reputation. Users will view your site as dangerous, untrustworthy, or as a playground for malicious activity and bad actors, and will be likely to avoid your site in the future. 

This means diminishing returns on earned ad impressions as more users avoid your site and frustrating user experience.

If you have monetized your site, particularly with a native advertising tool, be on the lookout for these kinds of attacks and interruptions to your user experience in order to protect your site and ad revenue.

--Article Continues Below--

New call-to-action

--Article Continues Below--

Why Native Advertising?

Bad actors often target native advertising platforms with these kinds of ads because they tend to be lower cost and have less internal oversight. We’ve seen them primarily targeted through native advertising platforms like Triple Lift and Outbrain.

Native advertising is when ads are created to look similar to the content already on your site, which has a lower impact on your user experience while also boosting click-through rates because you have managed to drop the user’s guard.


Rolling Stone Sponsored Stories


Unlike banner ads, which consist of a script package of images, tracking information, and code that makes everything work, almost like a small little piece of software, native ads consist only of separate images (logo, large image, small image), tracking URLs, and text (advertiser, cta, headline).

This means there is no room for third party or creative code and almost no risk for redirects, dynamic cloaking (changing images based on the user), or other malware.

But because Native ads are often cheap and less restrictive in terms of quality (which is why you see dubious health-products and clickbait headlines), they are a target rich environment for malicious landing pages and online scams.

The goal of these advertisers is to swallow up as much user information as they can before being detected by publisher’s or a security group as breaking ad policy guidelines. 

They manage to pull this off by either cloaking the landing page with a harmless one to pass manual review, but setting parameters to the URL so that it changes with live traffic or after a certain amount of time.  

In some cases, the page is approved without any cloaking because the scam or issues are unknown to the platform allowing it. This ad will then be particularly challenging to track down and remove. 


Partner With cleanAD

Malicious landing pages may not be directly interfering with your webpages, but deceitful and malicious ads still bring the same woes with them as more traditional forms of malvertising.

Most ad security groups catch the bad guys by tracking down the malicious URLs and adding them to blocklists to prevent the bad actors from advertising on your site.

But malvertisers can avoid this technique by constantly changing their URLs. Once one domain becomes blocked, they can quickly switch to another.

This means you are left playing catch-up with a reactionary security system, leaving your site vulnerable until new URLs wait to be added to their blocklists.

At cleanAD, our unique single line of code is currently the only true preventive solution on the market. Our security behaviorally detects and prevents malicious advertisements, meaning even as URLs change and new threats enter the ecosystem, you remain protected full-stop.

If you are frustrated with constantly having to track down bad advertisers, seeing your ad revenue stumble, and watching your site metrics plummet, you can sign up for a free 14-day cleanAD trial here.

New call-to-action

Topics:Malvertising DataMalvertisingMalvertising 101Malvertising Solutions

Our blog

Where businesses come to learn more about protecting the points of digital engagement with their customers, audiences and users.

Subscribe to Updates