The Scourge of Misleading Claims

By Jerome Dangu, Co-founder & CTO

03 December 2020

At Confiant, we are doubling down on our commitment to protect publishers and their audience by releasing a new protection against ads with Misleading Claims. These creatives use misleading language or imagery to garner clicks or sell products and services of dubious quality. Sketchy affiliate marketers are often the source of misleading claims in ads. This threat for end-users is often underestimated, as is the resulting damage for online publishers looking to protect their audience. 

First, let's take a moment to define Affiliate Marketing, and who better than Neil Patel - the famed expert, to introduce the concept for us:

source: Neil Patel, "What is Affiliate Marketing"

Because affiliates are paid on commission, there is no incentive for them to show any respect to the prospective buyers. This inherent flaw has not hindered the growth of Affiliate Marketing as it is expected to reach $6.8 bn in 2020. With just one rule - pushing traffic and maximizing conversions by all means, affiliate marketing is a prime business model for cybercrime groups. Online advertising is the prime vector for pushing traffic to rogue affiliate networks. Indeed, even top malvertisers like eGobbler and Zirconium generate their revenues from rogue affiliate networks, the type that happily promotes malicious landing pages like Fake Flash updates and Tech Support Scams. 

As Confiant previously documented, sites like MyMediAds provide a powerful platform for affiliate marketers to connect with unsavory networks. In the screenshot below, a network offers to pay for leads to a hodge podge of scammy offers including keto diet offers and fake Norton Antivirus.

So... Let's dive into the wonderful world of Scammy Affiliate Marketing! Below we've collected some of our favorite examples of the tricks employed by rogue marketers:

1. Hard Sale Tactics 

Affiliate Marketers are masters of the hard sell. They use a variety of questionable sales techniques like fake celebrity endorsements, annoying pop-ups, and manufactured urgency to promote their wares. 

Example: display ad, targeting the United States and Australia - Oct 1-2, 2020

Fake news article Branding as a legitimate news outlet (here Women's Health) is a key ingredient used to build legitimacy in scams.
Pop-up As you navigate away from the page, various pop-ups will attempt to re-engage with a last chance offer
Celebrity "Endorsement" Since many celebrities officially endorse products, scammers routinely abuse celebrities' image to boost their reputation.
Prominent Call-To-Action Large buttons are positioned along the page to drive users to the check-out page. It is very typical to have all links on the page point to the same affiliate conversion link (click-through optimization!).
Sense of urgency The offer is expiring in 15 minutes, only 4 bottles left! Good scammers pile on with those FOMO-inducing tactics to maximize conversion.

 

2. Keto Diet Scams

Keto scams are very common in the United States in both native and display ads. 

Above: A diet scam specifically tailored to conservatives? - Native ad, United States, October 23, 2020.

Take any scam and make a Shark Tank Spin.
Left: real abc.com site, right: Keto diet scam page
Keto diet scam via Native, Unites States, June 2020

3. Use of Cloaking to Bypass Detection

Misleading ads often maintain persistence-that is, uninterrupted access to users via programmatic channels-by relying on cloaking. In the example below, the landing page uses a fake pizza template (middle screenshot) when hiding from ad quality audits. When targeting real users, the landing page reveals a diet scam with a fake CBC news article template.

 

Keto diet scam via display ad, various countries (since October 2020)

4. Image Manipulation

Celebrity endorsements are much easier to get using Photoshop. Below is a cloaked "male enhancement" pills scam via a display ad in Brazil (since August 2020). The scam landing page seen on the right utilizes an altered celebrity image to suggest his satisfaction in the pills advertised.

Left: fake landing page, right: hidden scam landing page

Left: same scam landing page uses an altered photograph of Tony Ramos (a famous Brazilian actor), gleefully holding an "Eretril" pills bottle - Right: the actual photo in an awards ceremony

5. Big in Japan

 
 

Japanese scams are by far the most entertaining and unique with their vivid depictions and manga-style story telling.

Display ad, Japan. Active since Oct 1, 2020.

 
 

 

 

 

 

 

6. Politically Themed

Affiliate marketers leverage current events and high-profile politicians to push products as seen below in these hearing device ads. 

President Donald Trump is all over this revolutionary hearing aid device (display ad, targeting the United States - Oct 13, 2020)

7. Playing on Societal Fears

Fear sells and scammers know how to use it to their advantage. Below is a scam targeting gun permit seekers during election uncertainty in the US. 

Above: Scam targeting gun permit seekers (display ad, targeting the United States - Nov 10, 2020)

Below: "News" browser extension (actually malware) that creates buzz by advertising for fake news, in the middle of social unrest in the US and coronavirus lock-downs in Europe - display ad, active since October 17, 2020 in Germany, France & USA.

8. Finance & Insurance

Finance and insurance offers are favored by affiliate marketers due to their exceptionally high payouts. Leads can easily be bought by shady intermediaries and resold to legitimate (and illegitimate) financial companies. 

 

  • Fake blog article
  • Fake government program

 

  • Fake user comments

 

 

  • Collect leads for financial companies
  • Expose personal data + Spam

 

9. Counterfeit products

Pirated Software distribution doesn't make for a premium experience on publishers' websites. Below is an example of a small shop operating out of Vietnam (according to the site) - display ad, Nov 19, 2020 in Europe & USA.

     

Luxury good counterfeiting is a hot topic as authorities globally pressure e-commerce platforms to crack-down. This pushes counterfeiters to the open web, where they can run their own store with ads for traffic. Since ad platforms also attempt to root out the fake good merchants, cloaking is used to persist.

Below is an example of such a sophisticated fraud - display ad, November 19, 2020, Japan.

 

10. FizzCore-style Bitcoin Scams

We would be remiss not to mention the growing threat of FizzCore-style Bitcoin scams. Although Confiant treats these threats as criminal scams and blocks them by default due to their severity, these large cybercrime organizations are heavily reliant on affiliate marketing traffic as well.

Display ad portraying a photoshopped "beaten up" Gordon Ramsay, United Kingdom, Nov. 23, 2020

Fake Forbes article promoting the "Bitcoin Evolution" criminal scam (hidden behind cloaking) with Ramsay's endorsement.

Conclusion

As we've seen, rogue affiliate marketing spans a wide spectrum of badness in online advertising. The general rule is there's no rule, no moral compass that would dictate that cyber criminals only distribute malware while casual scammers would only promote Keto diet pills.

From the revolutionary anti-snoring device all the way to investment scams and malware, cyber crime organizations do not look down on seemingly petty scams [1]; they apply the same professionalism and technical sophistication that they do to malvertising. 

By applying our scaled security technology and our threat intelligence expertise, Confiant consistently detects, tracks and blocks these malicious actors to protect online publishers and their audience. 

 
 
[1] Case in point, the Silent Fade group created a sophisticated bot net to monetize with diet and other "benign" scams