Babar Khan Javed
Jan 8, 2018

Advertisers losing $1.1 billion a year to redirected links: GeoEdge

Multiple hacker networks involved in large-scale auto-redirect attacks are costing advertisers and publishers $1.13 billion annually, according to a new report.

Advertisers losing $1.1 billion a year to redirected links: GeoEdge

Multiple hacker networks are involved in auto-redirect attacks that cost advertisers and publishers $1.13 billion annually.

The finding is the basis for a report by GeoEdge, an ad verification company, based on the analysis of 650 million impressions. The mechanisms of attack include mobile click fraud, tech support claims, and malicious app installations. 

Distribution of malvertising issues

The umbrella term auto-redirect refers to any situation where the user's browser is sent to a location that was not the user's intended destination. In a common ploy, users often encounter purposely confusing web pages designed to trick them into downloading an app or a piece of malware. In other attacks, the redirect spawns a hidden frame or image that, unbeknownst to the user, carries out nefarious tasks that result in click fraud, attribution fraud or cookie stuffing, according to the company, which defines seven distinct types of redirect attacks.

In the case of click fraud, GeoEdge came across instances of a singular mobile browser managing to call upon a range of invisible iframes, including multiple URLs. In this case, a whitelist has been provided by GeoEdge for the domains that are commonly targeted for these attacks.

Auto-redirect attack breakdown

In terms of cost to advertisers, GeoEdge estimates that auto redirects, which make up 48% of malvertising events, are costing $210 million annually, while click fraud is costing advertisers and publishers $920 million annually.

Mobile devices make up 72% of malvertising, with the Apple iOS constituting 57% of the incidents, while Android users are attacked just 15% of the time.

Redirect geographic breakdown with average CPI.

Mobile users are being duped by messages that look like official notifications of Apple or Google, with the copy fixated on alerting users of device infection and prompting immediate action in downloading malware or dialing a scam number.

Scams maintain their legitimate appearance by redirecting users to a new window instead of a banner ad, lowering instances of being flagged or reported. While hacking a bank is taxing, replicating the home page of a bank in order to attain sensitive user data is relatively easy.

Advertisers can prevent these problems by investing in better incentives from their agencies and ad networks. One of the most common root causes cited by the GeoEdge report comes in the form of cost per install (CPI) which peaked at $1.24 for iPhone and $0.53 on Android in 2017.

Without a clearly defined goal, ad networks tasked with driving app downloads often deploy the tactics cited in this paper in order to drive traffic to an app-download page, banking on achieving single-digit conversion rates.

The onus is on the advertisers to incentivize white-hat best practices from their agencies and ad networks, with penalties on app page bounce rates and an in-depth understanding of the methodology to be deployed for driving traffic. 

Demand ultimately determines supply, and it's up to advertisers to partake in the quality conversations and contracts that ensure that their partners do not resort to redirects or phishing scams in a bid to generate app downloads or site visits.

Related Articles

Just Published

6 hours ago

Mindshare adds dedicated China leadership

EXCLUSIVE: APAC CEO Amrita Randhawa has relinquished her China responsibilities to two new leaders, Benjamin Condit and Linda Lin.

6 hours ago

Pinterest unveils new tools and insights for marketers

Major takeaways from the platform’s first global advertiser summit.

7 hours ago

Crash Course: How to develop a content strategy

You know content should be a key part of your overall brand strategy, but where do you start? This course explains the key steps you should take to ensure an effective content journey.

7 hours ago

The unlimited potential of live storytelling in ...

Brands like Standard Chartered, Uber Eats and Mastercard achieve impact by marrying human emotions with the unpredictability and excitement of live sports.