User experience online continues to be impaired by Malvertiser activity, being a great cause of concern for Ad Networks and Publishers globally. According to Capitol Technology University, when end users encounter security issues on a platform, their trust erodes, meaning that website Publishers and Ad Networks must prioritize security features to protect not only end users, but their own brand reputation. This is why AdSecure works hard to continue improving ad security tools and features: To help you protect your online business from malicious or poor quality ads. On top of that, and because we truly believe that information is key, we bring you our Violations Report series. If you are wondering, 'How to protect my platform from User Experience advertising attacks?', keep reading: In this article we bring you User Experience attacks detection increases comparing Q1 to Q2 2024.
User Experience attacks detection increases comparing Q1 to Q2 2024
User Experience Violations disrupt the end user’s browsing experience with annoying or malicious activity and content within ad campaigns, leading to them clicking off, and impairing the website’s metrics, audience flow, and revenues. Looking at worldwide Malvertiser activity in Q1 and Q2 2024, we can see huge activity increases in Q2 in specific violations within the category comparing to Q1, including:
+1200.31% increase in Auto-vibrate: How to protect my platform from User Experience advertising attacks?
As we can see, this violation has experienced a steep increase. Auto Vibrate ads automatically vibrate on the user's device when they reach the malicious advertiser’s landing page. This provides a bad navigating experience for the end user and can cause them to feel unsafe since their device has vibrated for no apparent reason! Which could cause them to leave your website immediately and affect your online brand’s reputation.
Example of malicious use of HTML5 vibrate API: This detection is based on a HTML5 vibrate API, which is used for some browsers which vibrate as an error alert. This means that most end users will not see the difference between the real alert and a bogus one especially if the malicious one has been paired up with an auto-pop with a warning. It is not only irritating, but it can be scary to the end user to realise that somebody has taken control of their device, making them click off immediately.
+687.33% increase in Auto-redirect-app-market: User Experience attacks detection increases comparing Q1 to Q2 2024
This detection uses a script which automatically redirects end users which interact with the ad to an illegitimate download page within a malicious mobile app market. Some Malvertisers use bogus mobile apps to run Phishing or Malware scams to trick internet users in order to steal their sensitive data like logins and bank details, or infect their phones with tracking software. In order to avoid Auto-redirect-app-market taking end uses away from my website, make sure to use a Malvertising detection and deletion software combined with a competent in-house Compliance team!
+44.46% increase in Multiple-pop-ups: How to eliminate Multiple-pop-up ads from a website
Cybercriminals can very easily inject malicious code into the pop-up ad format. Some Pop-ups automatically trigger on the end user’s screen, sometimes even downloading malicious software without even needing for the end user to interact. As the name indicates, with this violation, multiple pop-up message ads appear on the end user’s screen, riddled with non-compliant ads and malicious code. As an end user, always keep an eye on pop-ups and ads that sound too good to be true, or have errors in the grammar or the formatting of the text.
Malvertising insight: If you are still wondering, how to protect my platform from User Experience advertising attacks, this should be the last push to get you investing in some protection software: Some Auto-pop ads contain Malware and malicious software such as Spyware and drive-by attacks. This can be such a terrifying threat for the end user, who haven't even pressed any button yet their device is suddenly compromised. How to eliminate multiple-pop-up ads from a website? Get in touch with us!
+ 9.05% increase in Permission-geolocation: Can a Permission Geolocation attack detect where I am?
Last one of the User Experience attacks detection increases comparing Q1 to Q2 2024, some legitimate apps and websites send a permission request pop-up is sent to the end user to access their device’s functionalities. However, the permission notifications that we are talking about are different and somewhat darker: They pop up seemingly out of nowhere without end user interaction, which can be very alarming. If you are a website owner you definitely don't want your end users to be wondering whilst on your site, can a permission geolocation attack detect where I am right now???
How do compromised ads affect user experience on my website?Top User Experience violations of Q2 2024
So if you are still wondering, how do compromised ads affect user experience on my website, if you are a website Publisher, or how to keep my ad supply chain clean of User Experience violations, continue reading: We will now tell you about the 5 top violations within the User Experience category in Q2 2024, how they affect the end user’s journey and answer the question, how to protect my platform from User Experience advertising attacks?
44.4% of all user Experience violations were Landing-page-error: This violation especially impairs end user experience, showing an alert to the end user explaining that a broken link (404 Error, 5xx, timeouts, etc.) has been identified in the path (intermediate redirect links inside the chain) between the click URL and the landing page. Because the end user is directed to a landing page with an error message, they will most likely get scared and click off.
Javascript-dialog-on-entry, 21.1%: This detection highlights Javascript alerts that pop up without any interaction when entering a website or when the end user wants to close the active tab. Javascript dialogue boxes can be very alarming to the end user. They often appear as warning messages or confirmation dialogues asking for the end user's consent on specific options, impacting their user journey throughout a publisher site.
Back-button-hijack took up 28.1% of all violations: This detection highlights Javascript alerts that pop up without any interaction when entering a website or when the end user wants to close the active tab. Javascript dialogue boxes can be very alarming to the end user. They often appear as warning messages or confirmation dialogues asking for the end user's consent on specific options.
Malvertiser insight: The top violation detected in the US back in Q1 2024 was Back-Button-Hijack, and it maintained this position in Q2, representing 26.1% of all violations across categories in that GEO. This violation sees to be commonly used as an illegitimate marketing technique by American Malvertisers, keeping end users on the page, because as long as they're there, they will be clicking stuff and potentially generating more income or downloading Malware. Also, this buys them more time to steal their data.
Permission-notification, 4.5%: A permission request notification is sent to the end user to access their device’s camera, microphone, geolocation, clipboard, etc. They are unsolicited, and pop up seemingly out of nowhere, once again scaring the end user. Also, if the end users mistakenly accepts the request, they could be unknowingly giving Malvertisers access to their personal data, for instance their bank information!
Auto-redirect, 1.8%: These ads contain a script causing a web page to break out of any frames "framing" it, resulting in automatically redirecting the visitor to another potentially malicious website. These malicious ads are generally designed to look like legitimate ads, to then redirect end users to malicious websites or servers with the aim of showing them non-compliant content or downloading Malware onto their devices.
Malvertiser insight: This past august 2024, Google ads has fallen victim of Redirect attacks riddled with Malware downloads. Malvertisers targeted Google in order to place ads impersonating well-known sites that install Malware on unsuspecting end users’ devices. The campaign showed legitimate click URLs such as 'google.com', adding a sense of trust to the ad. Once clicked, the URL redirects the end user to a malicious site where they are prompted to click on a 'Download Authenticator' button, which then downloads an executable file named "Authenticator.exe" which will then infect the end user’s device.
Conclusion: How to protect my platform from User Experience advertising attacks
AdSecure is a powerful ad quality and safety solution that monitors your ad supply chain to detect and eliminate bad ads. If you are hoping to find an answer to how to protect my platform from User Experience advertising attacks, then you should definitely use our 360 Malvertising detection software! Start a 14-day free trial and stop wondering how to protect my Ad Network ad supply chains from User Experience violations, start now!