There are literally no limits to what scammers will do to pull off ad fraud. If there is a way that they can rip off online advertisers, they will do it. A recently uncovered ad fraud campaign targeting WordPress websites is all the proof one needs to confirm just how serious the problem is.
Ad fraud occurs when scammers utilize online means to drive revenues, harm competitors, or artificially inflate social media engagement. It is a prolific crime that costs advertisers billions of dollars annually. The fact that the recently uncovered scam successfully targeted WordPress further demonstrates that no one is immune.
How It Went Down
According to the Hacker News, the ad fraud campaign in question combined numerous online marketing strategies to maximize its effect. The fraudsters targeted Google Ads by way of the AdSense ID Google relies on to track ad revenue.
The fraudsters also took advantage of Bing search results and link-shortening tools to make it appear as though the fake traffic they were generating was legitimate. Finally, they created malware designed to redirect website visitors to fake Q&A websites marked with the suspect AdSense IDs. The malware was distributed and activated through 10,000+ compromised WordPress sites.
The proverbial icing on the cake was backdoor PHP code deployed on infected WordPress sites to make sure that the malware remained persistent. The malware runs whenever an infected site is loaded. It also reinfects the site to guard against website trying to remove the malware.
Redirecting Traffic Is the End Goal
It is clear that WordPress, Bing, and the other tools utilized to perpetrate this particular ad fraud campaign were not the actual targets of the campaign. The end goal was ultimately to redirect website visitors to fake Q&A pages. Every time a user was redirected, the fake page’s AdSense ID caused Google Ads to register a click. Every registered click represents a charge to the advertiser.
The fraudsters fake sites are likely part of the Google Display Network, which is how the perpetrators end up generating revenue for themselves. They are essentially stealing money from advertiser budgets and lining their own pockets with it.
Fighting Ad Fraud Isn’t Easy
Infecting so many WordPress websites requires a certain level of sophistication. Ditto for trying to hide what was going on by utilizing Bing links and URL-shortening tools. It all points to one uncomfortable fact: fighting ad fraud is not easy. It takes a trained eye and the right tools to identify ad fraud in its earliest stages. Stopping it before it even starts is nearly impossible.
The push to stop ad fraud begins with ad fraud detection services and fraud prevention software. Fraud Blocker is but one example. Fraud Blocker is a highly advanced software package that deploys a number of different strategies to monitor for ad fraud and, when it is detected, give advertisers the opportunity to stop it.
Big Tech Needs to Do More
Proprietary services and software packages are a good starting point. But they will not win the war against ad fraud alone. Rather, online advertisers need more help from big tech. They need companies like Google, Microsoft, and Meta to invest more time, money, and effort into tools and strategies that can effectively combat fraud.
Likewise, website owners rely on their web development and digital marketing agencies to help them identify and stop ad fraud. The same analytics such agencies use to determine the effectiveness of their SEO campaigns can be used to identify potential fraud. In the end, winning the war is going to take a joint effort.
