Ad fraud targeting Google Adsense, Twitter, Bing surges – almost 11,000 WordPress sites hit

News Plus 15 Feb 2023 - 3 min read

Ad fraud targeting Google Adsense, Twitter, Bing surges – almost 11,000 WordPress sites hit

By Andrew Birmingham - Editor - CX | Martech | Ecom

Market Voice 3 min read

“A marketer’s secret weapon”: how choosing the right measurement partner can change everything

By Mutinex | Partner Content

Three senior marketers. Three complex challenges. One shared solution: finding a measurement partner that turns gut instinct into investment confidence.

Tags: ad fraud

An ad fraud grift designed to pilfer revenue from Adsense campaigns, and flog dodgy crypto schemes into the bargain has flared up significantly in the first weeks of 2023, according to Sucuri, a US based web security firm.

What you need to know

Fraud is designed to harvest Adsense views and clicks and promote dodgy crypto schemes
Uses redirects from Google, Twitter and Bing to create an air of legitimacy
First detected last year but big surge in recent weeks

It is one very large and ongoing campaign of organised advertising revenue fraud.

— Ben Martin, Analyst, Sucuri

An new ad fraud scheme targeting Wordpress sites hosting Google Adsense ads has surged in recent weeks. First detected by security firm Sucuri in late 2022, the attack has now infected almost 11,000 sites around the world.

This particular scheme uses redirects from Google, Bing and Twitter to create an air of authenticity.

Ad fraud remains a huge and still growing problem in the digital marketing ecosystem. The World Federation of Advertisers famously suggested that ad fraud would overtake the illicit drugs racket by 2025 as the scale of the problem grew to $US50bn. It turns out rgw WFA might have been too conservative - Juniper Research estimated that ad fraud was worth $68bn in 2022.

Five countries - the US, Japan, China, South Korea and the UK - account for 60 per cent of the losses, according to Juniper.

While it doesn’t appear in the leaderboard, Australia is not immune. In 2021, for instance, Mi-3 reported that Australia was the desktop video ad fraud capital of the world. More recently the first industrial scale ad fraud scheme hit the digital audio sector.

Types of ad fraud

Click fraud: When bots or humans click on ads without any intention of engaging with the ad or purchasing the product, in order to generate false clicks and revenue for the fraudster.
Impression fraud: When a fraudulent publisher generates fake impressions by loading ads in hidden parts of a webpage or using bots to generate views.
Ad stacking: When multiple ads are stacked on top of each other, with only the top ad visible to the user, resulting in impressions for all ads in the stack.
Domain spoofing: When a fraudulent website pretends to be a legitimate website, in order to trick advertisers into running their ads on the fake website.
Bot traffic: When bots are used to generate fake traffic to a website or ad, in order to inflate the number of impressions or clicks.
Cookie stuffing: When a fraudulent publisher places multiple cookies on a user's browser, in order to generate false impressions or clicks on ads.
Viewability fraud: When fraudulent publishers place ads in areas of the website that are not visible to users, resulting in false impressions and ad views.

Motivations
The goal of the fraudsters in the scheme, described by Sucuri, seems to be two-fold: Firstly to promote a couple of dodgy crypto currency schemes but also to increase the traffic to web pages created by the fraudsters that host Google Adsense ads.

According to Sucuri’s ananlyst and researcher Ben Martin, “unwanted redirects via fake, short URLs to fake Q&A [Question and Answer] sites result in inflated ad views/clicks and therefore inflated revenue for whomever is behind this campaign. It is one very large and ongoing campaign of organised advertising revenue fraud.”

Sucuri found that fraudsters were using legitimate services from Cloudflare, a company that provides a service to help make websites faster, more secure and reliable and which also provides security features to help protect the website from malicious traffic and attacks, such as DDoS (Distributed Denial of Service) attacks.

After being booted from Cloudflare, the fraudsters shifted to DDoSGuard, which Martin describes as “a controversial Russian DDOS service that operates as a Belize corporation".

In a company blog about the fraud, Martin: “We strongly encourage website owners to patch all software to the latest version to mitigate risk and secure wp-admin panels with 2FA or other access restrictions.” Companies that have already been infected were advised to “change all access point passwords, including admin credentials, FTP accounts, cPanel, and hosting.”
The company also provided a step-by-step guide to cleaning websites that have been hit.

What do you think?

Keep Reading

News Plus 26 May 2025 - 8 min read

Unclickable: New film shows just how easy it is to build an ad fraud network – and how big tech, telcos profit; connected TV next wave

By Andrew Birmingham - Martech | Ecom | CX Editor

When global tech company boss Guy Krief saw 100,000 new paid subscriptions land the day after launching a new digital ad campaign, he decided to investigate. Then he decided to test how easy it was to build an ad fraud network. Then he set it up to skim off a tonne of money from the Republican and Democrat parties in the US election. It was too easy. Then he approached Google, Meta, big telcos and Door Dash (who’s budget was being picked of by bots). Now he’s made the operation into a film that lays out a portrait of an ecosystem where big businesses profit, directly or indirectly, from fraud, including mobile operators, ad networks, and app stores like Google Play – and small businesses are collateral damage.

News Analysis 21 Jun 2023 - 3 min read

Doppelgangers, spoofers, flooders and stuffers - IAB Australia muscles up against ad fraud, but hedges on scale of problem

By Andrew Birmingham - Editor - CX | Martech | Ecom

IAB Australia today launches a comprehensive Ad Fraud handbook that identified 35 different types of grift, and acknowledges that in the world of financial crimes, ad fraud stands alone in terms of its capacity to deliver high rewards for low risk and effort. But the industry association, some of who's members have an uncomfortable past sustaining both the poachers and the gamekeepers, is still shy of nailing a specific ad fraud number to the mast. By comparison, Juniper Research puts the scale of the problem at $68bn worldwide.

News Plus 9 May 2023 - 4 min read

Ad safety sizzle: Short seller moves on DoubleVerify stock, flags concerns on privacy impact, product complexity but backs rival IAS

By Andrew Birmingham - Editor - CX | Martech | Ecom

DoubleVerify v Integral Ad Science (IAS) anyone? A festering battle in equity markets over the outlook in advertising markets is underway as a key player monitoring the $530 billion-plus global digital ad sector for ad viewability and fraud, DoubleVerify, is being hunted by an investment firm which makes its money betting on the fall of a company's stock price - known as short selling. According to a report by US-based Spruce Point Capital Management into DoubleVerify, the digital ad safety sector is riven with deep price cutting, having reached saturation in the high-end enterprise market. Spruce Point Capital Management, which remains bullish on DoubleVerify rival, IAS, also suggests that changes to how Apple and Google manage privacy will make it harder to detect ad fraud and is a threat to companies in the ad safety market.

News Plus 19 Apr 2023 - 7 min read

Dark patterns: Connected TV viewing is booming – and so are advertising fraud syndicates. Here’s why Australia is avoiding the crims – for now.

By Andrew Birmingham - Editor - CX | Martech | Ecom

Australia has dodged the Connected TV (CTV) ad fraud wave hitting the red hot global CTV markets - for now. Fraudsters have inevitably piled in with more than a dozen high-profile scams already yielding large elicit returns from open exchanges for criminal syndicates, dodgy operators and for the adtech ecosystem that services them - 17% of CTV ads don't reach real people according to GroupM and iSpot. But Australia so far is mostly immune - the lack of premium video and BVOD ad inventory released into the broader adtech system by broadcaster-controlled platforms might frustrate advertising intermediaries but its keeping the fraudsters at bay - but for how long?

News Plus 3 Feb 2023 - 3 min read

First industrial scale ad fraud targeting audio discovered: BeatSting's creators are trousering a million dollars a month from the grift, says DoubleVerify

By Andrew Birmingham - Editor - CX | Martech | Ecom

BeatSting heralds the arrival of large scale digital ad fraud in audio advertising markets. The scheme leverages a technique previously used to attack ConnectedTV

News 19 Oct 2021 - 3 min read

Australia now world's desktop video ad fraud capital as rates triple: IAS

By Sam Buckingham-Jones - Senior Writer

Australia's rates of ad fraud on desktop video advertising have tripled in the past year, according to latest Integral Ad Science data, with the highest incidences in the world.