Recently, AdSecure's Violations Report for the year 2023 was published in the Martech Series by Customer Success Specialist Guandi Bai. Read this article to find out the top global malicious advertising trends and poor ad quality insights for 2023:
As we gaze into the future of ad tech in 2024, it is important to keep a strong focus on ad security which affects not only end users but the business reputation of Ad Networks, Programmatic ad exchanges and Publishers. Ad tech evolves rapidly with new technological advances which are also exploited by Malvertisers, who are malicious Advertisers who are constantly looking for new ways to target innocent online end users in order to try to take over their devices or defraud them with activity such as Scareware, Ransomware, Malware, Phishing, etc.
In order to protect and educate Publishers, Ad Networks, and Ad Serving Platforms, ad security solutions like AdSecure are able to scan ad supply chains to find suspicious activity. Each year AdSecure provides the ad tech industry with its annual Violations Report. AdSecure’s 2023 analysis examines malicious advertising data from 296 million scans of client ad campaigns and ad supply chains from 1 Jan to 31 December 2023.
By detecting Malvertiser tactics and trends AdSecure protects the integrity of their client’s online businesses and their end users. The highlights from the report examine: the top 10 GEOs targeted most by bad actors with malicious advertising, the biggest malvertising trends of 2023 and how Ad Networks and Publishers were still serving ads that do not meet the IAB Industry Standards.
Top 10 GEOs with highest Malvertiser activity 2023
To start off analysing the top global malicious advertising trends and poor ad quality insights, let’s have a look at the top 10 GEOs that experienced the highest percentages of malicious advertising attacks in 2023:
Top 1: USA (29.5%)
Top 2: Thailand (13.5%)
Top 3: India (9.4%)
Top 4: Malaysia (8.7%)
Top 5: Philippines (7.9%)
Top 6: Germany (6.9%)
Top 7: France (6.8%)
Top 8: Canada (6.3%)
Top 9: Italy (5.9%)
Top 10: Spain (5.1%)
As we can observe, North America (USA & Canada) is at the top of the list with a combined percentage of 35.8%. Southern Asian GEOs in our top 10 showed 26% and the 4 countries from the EU combined come in third with 24.7%. Now, let’s examine what are the top 6 violations to have experienced increases from 2022 to 2023, globally:
6 top malicious advertising tactics that increased in 2023
Continuing on you will find the 6 top malicious advertising tactics that increased in 2023, including Unwanted Programs detection increases, Landing-page-error, Ssl-non-compliant, Auto-redirect, Browser-locker detections increases and Scareware.
1 Unwanted Programs detection increased in 2023 by a staggering +3,362.4% from 2022 to 2023! One of the top global malicious advertising trends and poor ad quality insights, this violation’s goal is to show intrusive advertisements to end users. This is why it is not great news that Unwanted Programs detection increased in 2023: Unwanted Programs trick the end user into installing software with ads which showcase malicious programs posing as software. Or it inserts itself in browser add-ons and bundles that also contain legitimate software installs. These installed malicious programs then monitor targeted end user online activity to then sell this data to Malvertisers. They use the data to insert more intrusive ads into the web pages viewed by said end user; or they may modify their browser settings (disabling pop blockers, for instance), heavily impairing their device functionality as well as their browsing experience.
2 Landing-page-error increased by +171.1%. If an Ad Network or Publisher is serving an ad and the Advertiser of the campaign does not use the correct full landing page url, then the end users who clicks on the ad will see an alert from the browser explaining that the page they have clicked to access doesn’t exist, or it has a broken link (404 Error, 5xx, timeouts, etc.). What this means for the Advertiser is that they are potentially wasting their budget sending traffic to a landing page that doesn’t work. Also, these broken links can make the end user feel unsafe when clicking on ads on a specific website, heavily damaging the site’s reputation, as well as the Advertiser’s reputation and earnings.
3 Ssl-non-compliant escalated by +93.31%. Ssl-non-compliant violations contain unsecured items in their resource chain which can cause security issues. For instance, they could be using a http unsecured link, meaning that the end user’s data is not encrypted and can be compromised. When done deliberately, Ssl-non-compliant is a MITM (man-in-the-middle) type of attack designed to steal or alter end user information that has passed through the internet network. However, this violation could also be flagged after a misplaced or badly secured item in the resource chain, which is an easy mistake to make by inexperienced Advertisers.
4 Auto-redirect showed a +86.4% increase. Auto-redirect malicious ads contain a script causing a web page to automatically redirect the visitor to another website or to an app store, in order to show them unsolicited ads and landing pages, or to steal end user information. These unwanted ads could also contain non-compliant content, potentially leading to unassuming younger end users being exposed to explicit non-appropriate content.
5 Browser-locker detections increases reached +82.8%. This violation blocks the end user’s ability to use certain browser functions and forces them to either change browser settings (For instance, enable Push Notifications), or request a ransom in order to release the browser lock. Any action that can close the browser, for instance clicking the close button or pressing shortcut keys, will end up in a warning Javascript message. This message shows a manufactured reason such as loss of user data or files, to ask them to pay in order to unlock their device.
6 Scareware increased by +40.47%. Potentially the most daunting violation for end users, Scareware violations claim that the end user’s device has been infected with a virus, using the name of a well-known software company to gain their trust, to then prompt them to pay for fake antivirus software, and also the end user is parting with credit card information. These bad ads display misleading visual messages or notifications on a web page, prompting the end user to take certain actions (click, call, download, install, purchase, etc ). It could cause great impairment to the brand reputation of the website where the malicious ad was placed and to the Ad Network serving the ad on the Publishers site.
1 in every 245 scans detected ad campaigns that don't meet the IAB industry standards
The IAB Standards are a set of rules and guidelines set by the Interactive Advertising Bureau. AdSecure ensures that these standards and technical requirements are met with their detection solution that scans ads for weight (iab-ad-weight), compression (iab-ad-compression), dimensions (iab-ad-dimensions) and count (iab-ad-request-count). They have been put in place in order to help Advertisers, website Publishers and Ad Networks guarantee ad quality and compliance.
It is extremely important for ad tech industry stakeholders and online businesses to adhere to them, because not doing so impacts end user experience negatively and can lead to websites being flagged or penalized by Google. For example, one violation, Iab-ad-weight, increased by +42.2% compared to 2022. In case you are wondering, 'how do I find a solution to avoid Google ranking my website down?', Google will block slow to load heavy ads on a website, showing a blank space where the ad has been blocked, which not only looks bad on the website to the end user, but also means advertisers are wasting impressions because the ad will generate no clicks. The IAB recommends an ad size with an initial load of maximum 50KB and a sub-load of maximum 100KB; ads that don’t comply with these specs will be flagged by AdSecure’s platform as they are ad campaigns that don't meet the IAB industry standards.
This is how the IAB Standards violations category has evolved in the past 3 years, including ad campaigns that don't meet the IAB industry standards:
-
In 2021, 1 in 62 scans across violation categories detected non-alignment to the IAB Standards.
-
In 2022, 1 in 104 scans detected at least one IAB Standards violation.
-
In 2023, 1 in every 245 scans were IAB Standard violations.
Despite the downward trend, there are still a high number of advertiser ad campaigns that don't meet the IAB industry standards, making this one of the top global malicious advertising trends and poor ad quality insights. Once again this highlights the need to continue educating Advertisers on the importance of abiding by industry standards. And for Publishers and Ad Networks to use an ad compliance and quality solution which flags IAB Standards violations.
Conclusion: Global malicious advertising trends and poor ad quality insights
Probably the main conclusion to draw from all of this global malicious advertising trends and poor ad quality insights analysis, is that Malvertisers won’t be satisfied by just hijacking the ad itself. Instead, they will attempt to corrupt as many elements within an ads supply chain as possible, including landing pages and web protocols using hidden code. In fact, in 2023, according to AdSecure, 1 in 5 scans detected at least one violation within the ad supply chain. 1 in 17 scans detected at least 2 violations, 1 in 27 scans detected 3 violations and 1 in every 333 scans detected 4 violations. So not only Unwanted Programs detection increased in 2023, and so did Browser-locker detection increases as well as other ad quality and security violations. But instead this also means that multiple attacks can be hidden within the same campaign. It is important to realize that Ad Network and Publishers have a duty to protect end users using solutions such as AdSecure, for a safer online world for everyone.