Babar Khan Javed
Jan 8, 2018

Advertisers losing $1.1 billion a year to redirected links: GeoEdge

Multiple hacker networks involved in large-scale auto-redirect attacks are costing advertisers and publishers $1.13 billion annually, according to a new report.

Advertisers losing $1.1 billion a year to redirected links: GeoEdge

Multiple hacker networks are involved in auto-redirect attacks that cost advertisers and publishers $1.13 billion annually.

The finding is the basis for a report by GeoEdge, an ad verification company, based on the analysis of 650 million impressions. The mechanisms of attack include mobile click fraud, tech support claims, and malicious app installations. 

Distribution of malvertising issues

The umbrella term auto-redirect refers to any situation where the user's browser is sent to a location that was not the user's intended destination. In a common ploy, users often encounter purposely confusing web pages designed to trick them into downloading an app or a piece of malware. In other attacks, the redirect spawns a hidden frame or image that, unbeknownst to the user, carries out nefarious tasks that result in click fraud, attribution fraud or cookie stuffing, according to the company, which defines seven distinct types of redirect attacks.

In the case of click fraud, GeoEdge came across instances of a singular mobile browser managing to call upon a range of invisible iframes, including multiple URLs. In this case, a whitelist has been provided by GeoEdge for the domains that are commonly targeted for these attacks.

Auto-redirect attack breakdown

In terms of cost to advertisers, GeoEdge estimates that auto redirects, which make up 48% of malvertising events, are costing $210 million annually, while click fraud is costing advertisers and publishers $920 million annually.

Mobile devices make up 72% of malvertising, with the Apple iOS constituting 57% of the incidents, while Android users are attacked just 15% of the time.

Redirect geographic breakdown with average CPI.

Mobile users are being duped by messages that look like official notifications of Apple or Google, with the copy fixated on alerting users of device infection and prompting immediate action in downloading malware or dialing a scam number.

Scams maintain their legitimate appearance by redirecting users to a new window instead of a banner ad, lowering instances of being flagged or reported. While hacking a bank is taxing, replicating the home page of a bank in order to attain sensitive user data is relatively easy.

Advertisers can prevent these problems by investing in better incentives from their agencies and ad networks. One of the most common root causes cited by the GeoEdge report comes in the form of cost per install (CPI) which peaked at $1.24 for iPhone and $0.53 on Android in 2017.

Without a clearly defined goal, ad networks tasked with driving app downloads often deploy the tactics cited in this paper in order to drive traffic to an app-download page, banking on achieving single-digit conversion rates.

The onus is on the advertisers to incentivize white-hat best practices from their agencies and ad networks, with penalties on app page bounce rates and an in-depth understanding of the methodology to be deployed for driving traffic. 

Demand ultimately determines supply, and it's up to advertisers to partake in the quality conversations and contracts that ensure that their partners do not resort to redirects or phishing scams in a bid to generate app downloads or site visits.

Related Articles

Just Published

3 hours ago

Longtime Weber Shandwick chairman Jack Leslie to ...

Leslie has held the role of chairman at Weber for more than 20 years since the merger of Bozell Sawyer Miller Group and Weber Shandwick in 2001.

4 hours ago

British Airways appoints new ad agency

IAG-owned airline moves its advertising and CRM account from WPP to Uncommon Creative Studio after four years, scrapping its integrated model

13 hours ago

IAS launches new reporting platform Signal

It provides new tools for managing media quality

13 hours ago

Pinterest plays up status as a safe space

The social media company is looking to differentiate itself from Instagram and other networks.