Companies need to build up a reputation and maintain it to sell their brand in the competitive market. For this, advertising and the domains under which they advertise are very important. This is why companies are willing to spend billions of dollars to boost their sales. However, all this money doesn’t always reach the right hands and consequently does not profit the company as expected.
What is Domain Spoofing?
As the name implies, it is faking to be a legitimate domain or website to sell advertising space to advertisers. It takes advantage of the consumer-browser trust.
Usually, publishers sell their ad space to advertisers to obtain a certain percentage of their profit, and the advertisers get more exposure. This is done through a bidding mechanism. Customers are more likely to buy products advertised on premium websites rather than ones with inappropriate content. However, websites that look premium may be fake.
Taking Methbot as an example, this set of criminals purchased thousands of fake domains, URLs, and social profiles under the cover of reputable websites. It generated almost 5 million dollars in revenue. It is almost undetectable unless the patterns of ‘ad clicks’ and views are carefully observed over time.
What are its types?
There are three types of domain spoofing:
- Ad injections:
Infected ads may be “injected” into the user’s browser on visiting certain websites or by accidentally pressing a download button. These ads or malware then start running their code and display ads that the website does not own.
- Modifying Ad Tags:
Ad tags are a way to track the effectiveness of publishing ads on a publishers’ site. These tags can be hacked into and tampered with to show a constant audience, thereby convincing advertisers that they are buying into high-quality ad space when, in reality, their ads will be displayed on sub-par sites.
- Custom Browsers:
Custom browsers can be used to open sites that commercial browsers do not have permission to open. Frauds use them to create sites with a URL that seems to be that of a premium website. Advertisers fall for the disguise and send in the money to the spoofed URL.
How does it hurt?
Domain spoofing directly affects the advertisers’ as all ad frauds do, wasting their investments set aside for brand security. In addition to this, they may also lose sales due to ads' placement on dingy websites, affecting their reputation.
Publishers are, however, more severely affected as they can be held responsible for such frauds. They are used as the cover, and they get the backlash when their campaigns fail to show results. Also, by manipulating ad tags, their progress can be misinterpreted, and when they do not receive the predicted profit, they will be sourly disappointed. They not only face losses in terms of money but also in terms of consumers.
How do you solve it?
Domain spoofing was not considered a severe threat by the media until the Methbot operation, but even then, as it is hard to expose and prove, it is still a growing crime. This has resulted in the rise of ad verification companies, which act as the middle point between buying ad space and the ad being published. They make sure both ends of the deal made between the advertiser and the publisher are met and satisfied, so it cannot be taken advantage of.
Ads.txt, which stands for Authorised Digital Sellers, introduced by the Interactive Advertising Bureau (IAB), is the ultimate solution to domain spoofing. It was created to make the inventory supply chain more transparent thereby, not giving any dark corners for the frauds to hide. It is a program to be adopted by the publishers by adding a text file to their site, listing the vendors associated with them. This information can be accessed by the advertisers and used as a form of authentication. Google itself has now begun urging their publishers to adopt ads.txt.
What measures can we take?
Companies have to be less stingy with their investments in the advertising industry and make sure they don’t buy into cheap media. They should also begin investing in ad verification and anti-fraud software to make sure their money is not going down the drain and is being utilized profitably.