Web attribution fraud
Malvertising
In the case of malvertising, bad actors pose as advertisers and buy ad space. In the meantime, they serve serve creatives that have been embedded with malicious JavaScript. This hidden code can force clicks to advertiser sites, as well as download malware onto the user’s device. They’re forcing attribution — and paying themselves — through illicit manipulation.
How they do it
- Malicious publisher has registered for advertiser’s affiliate program
- User is browsing normally and navigates to a page with advertisements
- Malicious publisher acts like an advertiser in a programmatic ad buying situation and engages a Demand Side Platform (DSP) to buy display inventory on that page
- Malicious publisher delivers compromised ad creative embedded with malicious code that redirects user to publisher’s site
- With this redirect, malicious publisher drops a cookie
- User later completes a purchase on advertiser’s site
- Advertiser attributes credit to malicious publisher, even though they provided no value in driving the sale and in fact compromised advertiser’s brand integrity with a forced redirect. Advertiser then pays them a percentage of revenue