Forced cybercrime and trafficking in South East Asia

online scam violations in South Asia

According to the latest United Nations Report onlien scam violations in South Asia, billions of dollars are being generated each year by gangs who coerce victims into committing cyber crimes globally! According to the report, hundreds of thousands of people in Asia have been trafficked and forced to work for online scamming operations across South East Asia. Most of these victims are migrants in vulnerable situations who face a range of human rights risks, however some countries' nationals are also being targeted. These online scam operations are mainly rooted in the rise of online casinos and gambling pages in the South East Asian region during the Covid pandemic. Such pages are officially banned to varying extents in China, Cambodia, Thailand and Lao PDR, creating the right out of the law environment for cybercriminals to exploit victims using cryptocurrency fraud, illegal gambling and other online scam violations. To help you protect your online business and end users from these dangerous cybercriminal malvertising scams in South Asia, from AdSecure we bring you the top malvertising trends perpetuated by cyber criminals in South Asia in Q1 2023:

Forcibly recruiting victims to become cybercriminals in South East Asia

The main focus by cybercriminal gangs is to exploit online businesses and e-commerce platforms across the world by using cryptocurrencies and online gambling scams, which is why criminal gangs have targeted multilingual individuals across South East Asia, as online casinos have become more popular globally, since the pandemic. While many of the victims were from South East Asia, the UN estimated that about 120,000 victims are in Myanmar and 100,000 in Cambodia, while tens of thousands more people are being forced to work in Laos, the Philippines and Thailand. The report’s author, Pia Oberoi, UN Senior Adviser on Migration and Human Rights for the Asia Pacific region, informs that victims from Southern Asia, Africa and Latin America are also involved.

To make things more complicated, many of the centers in which these targeted victims are forced into online criminal activity, are physically located in jurisdictions where governance and the rule of law are weak, and authority is contested. As mentioned above, individuals are forced or coerced to perpetrate online malvertising threats using a range of platforms including fake gambling websites and cryptocurrency investment platforms, as well as romantic and financial scams (also called “pig-butchering”), where fake romantic relationships or friendships are used to defraud online users of significant amounts of money. The scams are often highly sophisticated, with fake websites built to showcase fraudulent data in order to convince the target that there are significant profits to be made. People who are targeted can also receive small amounts of money to convince them of the legitimacy of the platform.

Now, let’s look into the sort of online malvertising threats detected in South Asia, according to the AdSecure Violation Report South Asia in Q1 2023.

Top 10 online malvertising threats detected in South Asia in Q1 2023

According to the AdSecure Violation Report South Asia in Q1 2023, the following were the top 10 online malvertising threats detected in South Asia in Q1 2023, across all categories:

As we can see, Ssl-non-compliant is on top, followed by Threat Intelligence. User Experience violations are the most popular, followed by User Advisory and then User Security - Let’s look at what has been going on within each category:

27.60% of scans in South Asia detected User Security Violations: The User Security category covers violations that harm the end user’s safety. The most used User Security violations detected in South Asia in Q1 2023 were Ssl-non-compliant and Malicious URLs with 22.40% and 5.2% respectively of the total top 10 violations.

Insight: Ssl-non-compliant violations are malicious ads that contain at least one unsecured element in their chain of resources, whether it is an unsafe link lacking encryption, no https, mixed content, a ssl version, or a cipher mismatch. This critical violation could cause the end user’s security being compromised, as well as being blocked by Google and flagged as insecure, which directly affects the reputation of the hosting website. The second violation detected within the category is Malicious URL, which are compromised urls used to direct users to dangerous and or non-compliant sites to steal their personal and sensitive information such as bank details and logins, or even trick them into downloading dangerous software. This can once again lead to serious consequences for the end user’s safety.

30.5% of scans in South Asia detected User Experience Violations: The User Experience category covers non-critical violations that can provide a poor user experience, driving them away from websites over time, if left unresolved. The following are the top 4 User Experience Violations detected in South Asia in Q1 2023:

Top 1: Back-button-hijack
Top 2: Javascript-dialog
Top 3: Landing-page-error
Top 4: Auto-redirect

User Experience violations affect end users with malicious and annoying activity within the ad campaigns they interact with. For instance, cybercriminals use hijacking back buttons to direct users to a different page when the back button is clicked. They want end users to stay on their page or site longer rather than leaving the website right away. Besides, both landing page error and auto-redirect violations impair user experience by manipulating the end user’s browser history, keeping them stuck on a certain page by inserting one or several redirects in their browser history, to then forward them back to that specific page.

Insight: Auto-redirect was also a popular violation in South Asia. This detection can become a huge problem for a website publisher’s brand reputation, as the Auto-redirect forces a web page to break out of any frame “framing" it, resulting in automatically redirecting the visitor to another website or landing page - This new page the end user gets redirected to can contain anything, from simply annoying or spammy to highly age inappropriate or dangerous content designed to steal the end user’s information.

41.5% of scans in South Asia detected User Advisory Violations: The User Advisory category can be compromised with malvertising trends that can be offensive material not appropriate for all audiences or the potential for suspicious or fraudulent activity. The following are the top 4 User Advisory Violations detected in South Asia in Q1 2023:

Top 1: Threat-intelligence
Top 2: Suspicious-tld
Top 3: Unsafe-content-adult
Top 4: Ad-crypto

Insight: The top violation within the category is Threat Intelligence and is based on AdSecure’s Threat Intelligence service, which reports if a URL is flagged with a violation detected in any AdSecure analysis during the previous 30 days. Malvertisers tend to hide several different types of violations in one single link, which makes it easier for them to sneak malicious activity in, even if 1 or 2 of their violations are detected. For instance, one same URL in an ad can contain a Phishing Threat, covered up by Ad Cloaking, and also contain Crypto Mining or Browser Locker Code. Even if the first 2 are detected, the user’s online welfare would still be at risk.

Top 5 online scam violations in South Asia in Q1 2023

According to the AdSecure Violation Report South Asia in Q1 2023, the following were the top 5 cybercriminal malvertising scams in South Asia in Q1 2023, across all categories:

online scam violations in South Asia

As we can see in the table above, end user security was seriously compromised across South Asia in Q1 2023. In fact, supported by the United Nations Report online scam violations in South Asia, many of the online scams are quite sophisticated since they have been designed to convince end users that these fake phishing websites are legitimate. In addition to that, we see that Browser-locker is the top online malvertising scam detected with 36.21%, which shows us that cybercriminal malvertising scams in South Asia are very popular. However, following the ranking, in the second position in online scams we find Permission Geolocation which, simply put, is a permission request to track the user’s location.

Insight: Permission-geolocation requests permission to send notifications to the user to access their device’s geolocation. Permission requests are fairly common, when an end user downloads an app, or gives location access, etc. However, they are unsolicited and possibly alarming for an end user that has just clicked on an ad. Besides, cybercriminals use them in the hope that the end user clicks to accept and then the bad actors can access personal files and data from the end user's device, for instance tracking their location for non compliant targeting purposes.

Conclusion

As we can read in the United Nations Report online scam violations in South Asia, cybercriminal malvertising scams in South Asia are growing due to the underlying governance and socio-economic factors that fuel this growing illicit economy. Online malvertising threats detected in South Asia can be very frightening for both brands and users, making it crucial for ad networks and publishers to protect the end user’s wellbeing, whilst producing a great user experience for them, thus ensuring a great brand reputation. So how can AdSecure help you? If you are an ad network or a publisher and you want to protect your online business or website from criminal gangs and malvertising, AdSecure is the best ad protection solution in the industry. Start a 14-day free trial and let our Customer Success Specialists guide you through our platform and answer any questions you have about while testing our platform!

How Cybercriminals attacked mobile users in Q1 2023

How to protect mobile ads

Mobile continues to grow in dominance as the device that generates the most internet traffic.  According to Oberlo, in February 2023, 60.67% of all web traffic came through smartphones. Cybercriminals know this too and will target malvertising at mobile websites just as much as desktop websites. The question is, how to protect mobile advertising from cybercriminals? And how do Cybercriminals attack mobile users? AdSecure examined violation detection data during Q1 2023. It found that mobile advertising violation detections stood at 46.7% and desktop violation detections at 53.3%. Let’s take a closer look to see the many different tactics used to target malicious advertising at mobile devices.

Mobile browsers and malvertising

According to Statista Android maintained its position as the leading mobile operating system worldwide in the fourth quarter of 2022, with 71.8% share, while iOS accounted for around 27.6% of the mobile operating system market. However, if we look at AdSecure’s violation detection data for iOS devices using Safari versus Android devices using Chrome, it is more disproportionate, with Safari attacks at 44.7% and Android Chrome attacks at 55.3%. 

Mobile browsers and malvertising How Cybercriminals attack mobile users

Insight: Because iPhone users tend to be more affluent, Cybercriminals clearly try to attack iOS mobile users with as much effort as Chrome users.

Top 3 targeted mobile devices for detections per operating system

iOS devices for detections:

iPhone 8 

iPhone 8+

iPhone X

Android devices

Samsung Galaxy S10

Nexus 6 

Google Pixel 3

As you can see these device models are older than the current latest models from manufacturers. iPhone 8 was released back in 2017 and in the Android list, Nexus 6 was released in 2014 and is now discontinued. 

Insight: How do Cybercriminals attack mobile users? Cybercriminals target older handsets because in some cases, older handsets tend not to have the latest software protection updates. They also assume that less tech savvy people tend not to get the latest smartphone models or upgrade their devices for many years. This makes them prime targets for malicious activity. So what was that malicious activity in Q1 targeting mobile devices? 

Mobile Q1 violation types

Looking at the share of each violations category detected on mobile, let's see how Cybercriminals attacked mobile users in more detail:

How Cybercriminals attack mobile users

How do Cybercriminals attack mobile users? User Security violations

In Q1, the top 2 violations which took the lion's share of violations were SSL non compliance, which detects ads that contain at least one unsecured item in the chain of resources (unsafe, no https, mixed content, ssl version or cipher mismatch). The second largest was Malicious URLs which are inserted into ads with the intent of hosting all kinds of unsolicited content such as spam, phishing, and drive-by exploits. Like other kinds of malvertisements, a Malicious URL is designed to lure unsuspecting users to scam sites, which can lead to serious issues such as monetary loss, theft of sensitive information, and the appearance of malware. At first sight, Malicious URLs can look like legit landing page URLs intended to be a part of an ad’s sales funnel. They can go completely undetected by ad platforms and publishers, representing a real threat for the end user.

Top 5 most scary User Security violations for end users

Taking a deeper dive into AdSecure’s detection data, there are a selection of violations that are perhaps the scariest to happen to an end user on their mobile device. In Q1 there were no detections found for Randsomware, perhaps the one violation that brings the most fear for end users, by blocking their device and files unless a ransom is paid. But this did not stop Cybercriminals attempting to exploit end users with the following user security violations:

Browser Locker 42.3%: This violation disables any form of action that can close the browser. In a better scenario, advertisers force users to accept Push Notifications in the browser, otherwise it will loop the users in the browser. In a worse scenario, all attempts to close the browser will result in a warning message box appearing. The purpose of browser lockers is not only to scare but also to create the illusion that the mobile device has been locked. What's happened is that the browser is stuck in between a flurry of alert dialogs that won't seem to go away, no matter how many times they are clicked on.

Drive by Cryptomining 31%: Cybercriminals hijack the end users mobile device to use its processor to secretly mine for Crypto currency for the Cybercriminal. Also called Crytpojacking, the end user has no idea their device has been hijacked. 

Unwanted Programs 14.5%: This violation downloads unwanted software on the end users mobile device via an executable file or mobile application. Programs could be malware, fake antivirus software, etc.

Scareware 7.1%: These are ads claiming that the end user’s mobile device is infected with a virus and that the end user needs an antivirus software, which may, ironically, actually contain a virus that could harm the mobile device, causing costly repairs or, even worse, lead to identity theft. Scammers often use the names of well-known companies that specialize in software to gain end user trust. The Scareware pop-up advertisements aim to mimic genuine warning alerts generated by security software.

Phishing 5.1%: After clicking on an ad the end user is sent to a phishing site which aims to trick the end user into revealing their personal information (for example, passwords, phone numbers, or credit cards). The content pretends to act, or looks and feels, like a trusted entity — for example, a browser, operating system, bank, or government.

How do Cybercriminals attack mobile users? User Experience violations

User Experience violations damage the end user experience on how they interact with ads served on a publisher site. Here are the top 5 User Experience violations AdSecure detected in Q1 on mobile:

Landing Page Error 44.2%: This is when an end user receives an alert when the system identifies a broken/dead link (404 Error, 5xx, timeouts, etc.) on the ad’s landing page or when a broken link is identified in the path (intermediate redirect links inside the chain) between the click URL and the landing page. 

Back Button Hijack 24.6%: Back Button Hijacking is an ad security threat which manipulates the end user’s browser history, keeping them stuck on a certain page by inserting one or several redirects in their browser history, to then forward them back to that specific page. This abusive behavior of hijacking a user's browsing history has been considered a violation by Google Advertising Policies.

Javascript Dialog On Entry 15.9%: A Javascript alert that pops up without user interaction on entering a website.

Permission Notification 10.3%: This violation attempts to ask the end user for permission to send notifications to them.

Auto Redirect 5%: Ads that contain a script causing a mobile web page to break out of any frames "framing" it, resulting in automatically redirecting the visitor to another potentially malicious website/page.

How do Cybercriminals attack mobile users? User Advisory violations

User Advisory violations can provide a poor user experience, driving end users away from websites. This affects the traffic quality of websites and also trust in the websites' ads. The top 5 User Advisory violations AdSecure detected in Q1 are as follows:

Threat Intelligence 34.6%: This detection is based on AdSecure’s Threat Intelligence service and reports if the URL was flagged for a violation in any AdSecure analysis in the previous 30 days.

Unsafe adult content 32.5%: This violation shows ads to end users that contain ad creatives featuring adult content which may contain elements such as nudity, pornographic images or cartoons, or sexual activities. Publisher sites do not want to show ad creatives featuring pornography to end users, unless it is an adult website. It is also potentially harmful for children to be exposed to these ads.

Suspicious TLD 23.1%: Free or suspicious top-level domains are frequently used by Cybercriminals who are setting up hosts for spam emailing, scams, shady software downloads, malware distribution, botnet operations and "phishing" attacks, or other suspicious content. 

IAB Standards 8.1%: The IAB Standards measure the performance of ads against the IAB Industry standards to stay Google compliant, more on this in our next section. 

Crypto ad 1.7%: As cryptocurrency advertising has been regulated by more and more countries, this AdSecure detection identifies misleading or non-compliant cryptocurrency promotions. 

IAB Standards and mobile advertising

AdSecure’s IAB Standards detections are crucial to ensure that ad networks and publishers are serving ads that meet the online advertising industry standards set by the Interactive Advertising Bureau (IAB). This can mean the optimal weight of an ad served, serving pixelated or squished ad creative images, etc. If an end user sees a squashed ad image for example, he is unlikely to click on the ad. Not only does this affect the professional image of the publisher's site that is serving the ad, but also the ad network that is supplying the demand. 

In total, 4.24% of all ads targeting mobile devices scanned by AdSecure in Q1 2023 showed that the ads did not meet the IAB industry standards. That's 1 in every 23 ads on mobile. Of the four IAB Standards AdSecure scans and detects, here are the percentages of each detection in Q1 2023:

IAB Standards and mobile advertising

Two particularly important IAB Standards are the Ad Dimensions and Ad Weight detections. For example, the mobile screen is small and therefore the ad creatives dimensions need to fit into the standard mobile ad format sizes for an optimal end user ad experience. Secondly, 53% of mobile users abandon a site if it is slow to load, and Google penalizes websites that load too slowly. If the website is serving heavier than the industry standard ad weights, this will slow down a mobile device, which could lead to Google rankings for the website being affected. 

Malvertising on mobile, the conclusion

According to Statista, in 2022, mobile advertising spend worldwide was estimated to be worth 336 billion US dollars. By 2023, the mobile advertising market is expected to grow to 362 billion US dollars, a growth of 7.73%. With such a high market value, mobile advertising is the biggest growth sector for ad networks and publishers to monetize. With this huge volume it is easy to see how and why Cybercriminals attack mobile users, they use various tactics to secretly inject malicious advertising campaigns into the ad supply chain. This is highly damaging for ad networks and publishers, not to mention the end user who ends up becoming a victim. As mobioes are now core to everyone's existence, if a Cybercriminal succeeds in infecting or taking over a mobile device, the effects can be devasting for the end user.

Now you can see how Cybercriminals attacked mobile users. So how do you protect mobile ads? AdSecure offers 360 degree monitoring and protection for your ad supply chain by automating your ad verification process before ad campaigns go live & while they are running. Why not start a free 14 day trial and find out how AdSecure can protect your business from Cybercriminals.