BAD ADS, DEFINED

Short for malicious advertising. When cybercriminals sneak malicious code into real advertisements, creating bad ads with a nefarious purpose.

Short for advertising technology. An umbrella term for the software and tools that help brands and agencies target, deliver, and analyze their digital advertising efforts. These can include supply-side platforms (SSP), demand-side platforms (DSP), data management platforms, ad networks, exchanges, and more.

Pop-ups, auto audio, in-display video, and other annoying ads that interrupt the user experience and skyrocket bounce rates.

Ads with a large file size that slow your site, tank performance, leading to lost users and lost revenues.

CMPs request and track users data privacy consent to help with GDPR, CCPA, and other data privacy regulations. CMPs allow websites to inform visitors about the types of data they want to collect and ask users for consent for specific processing purposes.

A technique attackers use to force visitors onto an unknown site where they may be infected with malware or shown a fake ad that collects personal information. Redirects can happen through a link, a disruptive pop-up ad, or a webpage overloaded with display ads.

A type of online scam where a criminal diguises themselves as a legitimate and trusted advertiser in order to steal sensitive information from the user.

A clever way to hide malicious activity from security tools. Cloaked ads use fake ad creatives and landing pages to disguise the scam and bypass detection showing a different ad experience to ad quality scanners than to real viewers.

People/groups who use technology to create malicious advertisements with the purpose of stealing sensitive company information or personal data for their own profit.

Criminals, scammers, fraudsters, threat actors, and unscrupulous advertising companies that anonymously send bad ads out into the advertising ecosystem.

A general term for computer programs that hackers use to wreak havoc and gain access to sensitive information. The three main types of malware are viruses, worms, and trojans.

The process of compressing or "stuffing," one or more normal size ads into a single 1x1 pixel frame on a publisher's site. The ad becomes virtually invisible to the user but still triggers an impression with every visitor that lands on the site.

Misleading, false or fraudulent messaging in advertising designed to steal money, personal information or both from victims.

Ad platforms that are notorious for delivering high-risk ad creatives and are the preferred vector for malicious actors. While HRAPs offer some safe demand, their high rates of malicious ads make it a wise decision for most publishers to block them.

AKA malicious cryptomining. When cybercriminals hack into someone's business or personal computer, laptop, or mobile device and use its power and resources to mine for cryptocurrencies or steal cryptocurrency wallets owned by unsuspecting victims. The code is easy to deploy, runs in the background, and is difficult to detect.

A type of "drive-by download" used to trick site visitors into downloading malware that gives the attacker remote access to their device.

When Hackers breach outdated servers and append malicious code to existing ads. This type of attack Confiant uncovered and labeled "Tag Barnacle" because the malicious code is attached to a previously valid Revive Ad server.

AKA: Hyperlink Auditing is an HTML standard that can be used to track clicks on web site links. This is done by creating special links that ping back to a specified URL when they are clicked on. It can be used to illegally track personal information.

When malvertisers layer multiple ads on top of one other, but only the top ad is visible. When the user clicks on the top ad, a click is registered for all the ads in the stack and advertisers end up paying for all those false ad impressions and clicks.

A type of toolkit cybercriminals use to distribute malware or perform other malicious activities. Exploit kits are packaged with exploits that can target commonly installed software such as Adobe Flash®, Java®, Microsoft Silverlight®.

A form of cookieless tracking that users can’t easily discover or opt-out of. It involves creating a unique fingerprint of a user’s computing device based on the myriad characteristics that differ from one computer to another (screen resolution, operating system, fonts installed, etc).

Auto-play audio ads that play as soon as the page or ad loads. These are usually considered disruptive, can contain inappropriate language, and can cause slow load times.

Auto-play video ads that play as soon as the page or ad loads. These are usually considered disruptive, can contain inappropriate imagery, language, and can cause slow load times.

When bad actors sneak multiple, high-cost video ads into low-cost banner ad placements. The scammer secures a low cost placement, poses as the publisher who was auctioning the ad space, joins a different exchange, and offers a higher-value video opportunity. Then they accept multiple bids for the same slot, stack the videos on top of each other, and place a static display ad on top. The publisher thinks they got what they asked for and serves the ad. The user triggers impressions for all the ads. And the scammer pockets the difference between what they paid for the banner ad and what the video placements paid.

A disruptive, graphical user interface (GUI) display area, usually a small window or Ad, that suddenly appears ("pops up") in the foreground of the visual interface. Some authors of pop-up advertising create on-screen buttons or controls that look similar to a "close" or "cancel" option. When the user chooses one of these "simulated cancel" options, the button performs an unexpected or unauthorized action (such as opening a new pop-up, or downloading an unwanted file on the user's system.

Brands whose ads may be offensive, competitive, or inappropriate for a specific publisher's site or audience based on their consent (or age).

Categories or types of ads that may be offensive, competitive, or inappropriate based on publisher's choices, or audience based on their consent (or age).

A pop-up graphical control element in the form of a small window that communicates information to the user and prompts them for a response. These can be inserted in bad ads to force the user to complete the on-screen action. Any response can install malware or initiate an unwanted software program.

AKA: Local Shared Object (LSO), Zombie Cookies, or commonly called a Flash cookie (due to its similarity with an HTTP cookie), is a piece of data that websites that use Adobe Flash may store on a user's computer. They store information about the websites you visit and can persist even after you opt-out of behavioral ad tracking or delete HTML cookies.

Uses geotargeting (provided by mobile service providers) to pinpoint potential customers and supply them with ad content relatable to them. This is a form of tracking and can violate the privacy consent of users who have not opted-in to tracking.

Public service announcement ads or other non-revenue producing ads. Often these are used to replace any empty ad space that still exists when the page is served - often these are used to replace bad ads that were removed if the ad impression space was not re-sold.

Ads that use misleading language or imagery to garner clicks or sell products and services of dubious quality.

Ads that act as a placeholder when a brand-safety blocklist prohibits the original ad from displaying. While not appropriate for the original advertiser, a different advertiser might be interested in inventory.

When there is a mismatch between the tracking behavior of an ad and the consent given (or not given) by a user. User consent is required to fulfill regulatory requirements (GDPR, CCPA, etc).

Any unusual (or unexpected) activity by a person or entity that flouts accepted norms of behavior, rules or regulations.

AKA: XSRF, Sea Surf or Session Riding, is an attack vector that tricks a web browser into executing an unwanted action in an application to which a user is logged in. A successful CSRF attack can be devastating for both the business and user.

A type of paid media where the ad experience follows the natural form and function of the User Experience, so that it looks like a trusted part of the content. The user can be lured into clicking on Malvertising that utilizes Native Ads because it looks like trusted content.

Software that integrates with users' Internet browser and interacts with browser functionality automatically.

Server software that integrates with users' Internet browser to add malware, expose private information, control or manipulate the browser for criminal, malicious or subversive purposes.

A digital marketplace that enables advertisers and publishers to buy and sell advertising space.

AKA: Sell-Side Platform, is software used to sell advertising in an automated fashion. SSPs are most often used by online publishers to help them sell display, video and mobile ads.A

Server software that is used to purchase advertising impressions (viewable online Ad space) as cost effectively and efficiently as possible.

AKA: Invalid Traffic (IVT) is any attempt to defraud digital advertising networks for financial gain, for criminal purposes or to steal personal information. Most often Ad Fraud is perpetrated through the use of a software Bot, that masquerades as a human to cause the fraud on the digital Ad network.

A link (or button) that is designed to attract attention and to entice users to click that link and read, view, or listen to the linked piece of online content, being typically deceptive, sensationalized, or otherwise misleading, but may also contain malware. Often, the clickbait headline and content is of a sensational, provocative or controversial nature. These types of headlines, along with eye-catching images and social media sharing and commenting are all common elements of clickbait.

"The use of automated software to purchase digital advertising, as opposed to the traditional process that involves RFPs, human negotiations and manual insertion orders. The process uses software programmed to fulfill the buy or sell transactions. "