Overall digital ad spending is projected to grow in 2024. However, as more ad dollars go toward connected TV (CTV) and retail media search, social media advertising is expected to grow at a slower rate.
Trustworthy Accountability Group’s (TAG) recent report suggests that decreased social media spending by legitimate brands will lead to lower ad rates and increased inventory, a recipe for more malvertising.
What is malvertising, and who does it affect? Why does malvertising work? And what can be done to stop the spread?
What is malvertising?
Malvertising, a portmanteau for malicious advertising, is “the exploitation of digital advertising to enable bad actors to spread malware and circumvent systems in a way that harms end users, publishers, and platforms.”
Consumers may see an ad with an offer for a free software program or a warning of a computer virus that can be easily resolved by clicking on the ad. What they don’t see is the malicious code that may be injected into that ad, and if they click on it, malware infects their device.
In some cases, with what’s called a drive-by download, a user does not even need to click on the ad. Simply visiting a page with an injected ad can put visitors at risk.
Malverposting is another form of malvertising that uses a slightly different technique. Fraudsters create fake content, instead of ads, that seem legitimate, but when visitors click on a link in the content, malware is installed on their device.
It has been estimated that one in every 100 online ads is malicious, and they’re not just on social media channels. Injected ads have been found in other trusted places such as sponsored links on Microsoft’s Bing Chat, and most recently appeared in Google search results.
TAG suggests that the current online advertising environment can lead to a significant increase in malvertising which obviously harms consumers, but also negatively impacts publishers, platforms, and legitimate advertisers.
Why does malvertising work?
Malvertising works in large part because the infected ads and content look legitimate. Marketers today use AI tools to create and deploy digital ad campaigns. Fraudsters have access to those same tools to spoof a real campaign or create original, high-quality, malicious ads or videos.
Another reason consumers fall victim to malvertising is they are simply not aware of the danger of clicking on ads, especially when they are on trusted sites. Most cybersecurity warnings focus on the risks of clicking on links in suspicious emails or texts, with little if any mention that ads and fake content can pose. The sites that the ads lead them to may contain a misspelling or use a different domain from a legitimate brand site, but these can easily be overlooked.
Of course, for consumers to click on malicious ads, the ads have to get through ad networks and publishers to be displayed on sites. While it is certainly in their best interest to detect and stop them, the sheer number of ads created and placed automatically makes it incredibly difficult to do so.
Can anything stop the spread of malvertising?
Malvertising is different from ad fraud and harder to detect and stop. While ad fraud occurs from fraudulent impressions and clicks on legitimate ads, malvertising is about the quality of the ad itself, which is what makes it so hard to detect.
Malvertising has the biggest impact on consumers and publishers, but it also affects all legitimate advertisers trying to reach their target audience online. The steps taken to protect one party can have negative effects on another.
When a consumer becomes a victim of malvertising, they are likely to lose trust in that site in particular and in online advertising in general. Consumers can protect themselves with ad blockers or by simply avoiding clicking on any ad. While this protects their devices from being infected with malware, it decreases the revenue that publishers rely on, and it lessens the effectiveness of advertisers by affecting the ability to reach their target audience and drive leads and sales.
Publishers can help protect consumers, and their revenue stream, by checking ads for malicious code, avoiding certain languages that can easily be hacked, and vetting the third-party ad networks they partner with. One way to do this is by working with networks that are “Verified by TAG” and committed to following standards to fight online fraud, malware, and more.
Advertisers should also vet the platforms they use to place their legitimate ads on open programmatic networks and ask what steps publishers are taking to prevent malvertising on their sites. They should also monitor their traffic sources; a drop from certain referral sources may indicate consumers don’t visit or trust these sites to keep them safe. Your ads may not be seen by your target audience, or they may be appearing along with suspicious ads which make visitors reluctant to act.
Both publishers and advertisers should have a strong ad fraud detection solution in place to stop invalid traffic and fraudulent activity on legitimate ads that run on any site or social media channel. It can also detect unusual traffic patterns to help flag malicious ads.
We know there are several ad fraud solutions out there, all claiming that they can detect fraud, protect publishers, platforms, and advertisers, and maximize ROI. But there are only a few that have gone through a rigid, third-party validation process to earn the TAG “Certified Against Fraud” certification.
Fraudsters are always looking for ways to make money, without regard for consumers, publishers, ad networks, or advertisers. Their methods are ever-changing, and the technology that makes ad creation and placement easier for everyone in the digital advertising industry also makes it easier for them to be exploited. That’s why you need a multi-layered approach to protect your ad budgets and revenue streams. That’s why you need to partner with Anura.
Not all ad fraud solutions are created equally.
Download our ebook “Watch Out for These Claims from Low-Quality Fraud ‘Solution’ Providers” to learn what to look for when selecting an ad fraud detection partner.