The Search Monitor Takes Down Online Advertising Fraud Ring
May 27, 2014
Orlando, FL – Last month, The Search Monitor detected fraudulent PPC ads running on Bing, Yahoo, and Google. The fraudsters impersonated more than 300 advertisers on a global scale. The advertisers that were affected by the fraudulent activity spanned across several industries, including leading business in automotive (JC Whitney), furniture (Joss & Main), software (MobiStealth), printing (Tiny Prints), home & garden (Ace Hardware), travel (Booking Buddy), firearms (Brownell’s), and services (Deluxe).
How Did the Fraud Happen?
The fraud was perpetrated through URL Hijacking. URL Hijacking is the practice where the scammer impersonates an advertiser by using the advertiser’s URL as its Display URL in PPC ads, then linking the ads through an unauthorized link such as an affiliate link, a phishing link, or a cookie-stuffing URL.
Why Does URL Hijacking Happen?
There are several scenarios that could encourage a company to commit online advertising fraud through the use of URL Hijacking:
- Affiliates are trying to drive traffic and increase their commissions
- Phishing sites are trying to redirect traffic to a spoofed landing page to gather personal information
- Affiliates are trying to push traffic through a link to drop cookies, a practice known as cookie stuffing
- Other advertisers trying to capitalize on your brand equity and raise their PPC quality score
Below are two charts showing spikes in URL hijacking that we witnessed for a clothing retailer and a furniture retailer. (Each chart includes one Search Monitor client, so the names are not disclosed.)
What Did the Fraud Look Like?
- We found more than 300 advertisers under attack worldwide from URL hijackers who were using several thousand domains, including wileytrack.com, toppertrack.com, togateway.com, and cimjwc.com. In some cases, the hijacker tried to look like a real Destination URL.
- We discovered one hijacker who was trying to look like Kenshoo. Kenshoo is a widely used marketing solution provider helping companies with marketing optimization. The Kenshoo tracking URLs all contain the domain xg4ken.com. The hijacker flipped this domain around and was using x4gken.com where the ‘g’ and ‘4’ were switched.
How Did We Catch and Take Down the Fraud Ring?
The Search Monitor’s ad monitoring technology scours search engines, performs searches, and analyzes the results. This monitoring activity happens on a global scale, from thousands of different IP addresses, and can occur as often as every hour. We’ve perfected our technology to identify when an affiliate is practicing URL hijacking and then automatically notify us, our clients, and our partners. What tipped us off to the fraudulent activity:
- We received two red flags on the same day signifying URL hijacking was happening
- Our Investigations Team noticed a spike in attack volume, while at the same time, our client Linkshare diligently noticed that several of their clients were impacted. Linkshare took swift action reporting it to us. Thanks Linkshare!
- We realized there was a problem and our automated scripts searched to determine the exact number of advertisers impacted
- When we realized the magnitude of the issue, we leveraged our close relationship with Stacie Suzuki from Bing’s fraud team, since the majority of the activity was happening on Bing.
- Bing investigated and took immediate action to remove the offending advertisers. Thanks Bing! Thanks Stacie!
The problem was solved, at least temporarily. But the incident underscores the need to keep a close eye — through automated, advanced compliance monitoring technology — on your online ads and their performance. The world of online ads is much too big to be able to manually know when another company is trying to take advantage of you! This is all we do, so please reach out if we can help.
Share on Social
See Our Data at Work
Provide us with a competitor’s website, a set of keywords, or one of our 1,000+ verticals, and we’ll show you the power of our monitoring capabilities. Request a personalized demo today and see what our insights can do for you!
Trusted by