In September, cybercriminals pulled off one of the biggest ad fraud scams in recent memory by turning scores of user devices into “ghost click farms” that generated billions of fake ad impressions daily. Then, in January, another gang did it again – using scam software to secretly launch background browsers, interact with ads in a way that looks human, and turn micro-payments into lump sums of stolen ad revenue.
This is bad for marketing, of course, but it’s arguably just as bad for cybersecurity. Generating fake clicks at scale often requires a combination of dodgy software, elevated permissions, and network access – the same capabilities needed for other serious attacks. Devices compromised for ad fraud often exhibit secondary malicious behaviors such as data exfiltration and credential harvesting. Further, if left unaddressed, they can remain as unmonitored backdoors within the network, enabling lateral movement and data theft.
Both marketing and cybersecurity need to see this problem for what it is – a shared threat. Defending it requires breaking down silos between the two disciplines and treating advertising as part of the attack surface.
Why Ad Fraud Is Still Rampant Today
It’s worth noting that, today, ad fraud remains the same scam – inflating metrics to deliver multiple microtransactions that add up to a significant payday – but the scale is now far larger. Back in the day, click farms were operated by real people in real places. Now, the latest wave targets low cybersecurity thresholds to spread malware that automates clicks worldwide.
It’s rather ingenious: fraudsters are faking their way into app stores and fooling users into downloading legitimate-looking software. Once inside the smartphone, the malware launches hidden browsers to navigate to fraudster-controlled domains. And it gets even smarter – automation and machine learning enable not only constant ad engagements but simulated scrolling, clicking, and viewing behaviors that appear human. This makes it much harder to detect fraud patterns and determine whether clicks are from bots or buyers.
This is a vicious cycle for marketing. As ad fraud becomes more widespread, it further confuses campaign performance metrics and reduces return on investment, wasting an estimated one in five dollars in the sector. And, to make matters worse, emerging fraud methods also open backdoors into company ecosystems.
Why Cybersecurity Shares Marketing’s Problem
This is much more than a “marketing problem,” and security needs to pay attention. For example, BadBox 2.0 was a malware-driven ad fraud scheme that compromised more than 10 million Android devices last year. The botnet engaged in ad fraud and also operated as a broader proxy network that could anonymize credential theft, data exfiltration, and command-and-control traffic. This scam demonstrates that “ad fraud” backdoors can , technically speaking, enable distributed denial-of-service attacks, large-scale credential stuffing campaigns, and ransomware distribution.
Both sides of the marketing-security equation need to remember there’s often no fixed line between ad fraud infrastructure and general-purpose criminal infrastructure. In a business context, employees are susceptible to social engineering and often bring their own devices to the digital workplace. Due to the proliferation of shadow IT, devices infected with “ad fraud” malware can connect to the shared cloud and attain privileged access to customer data, analytics systems, and payment infrastructure – with internal teams none the wiser.
Of course, this leads to visibility issues and blind spots, as well as compliance headaches. Compromised devices harvest data to perpetuate marketing scams including device identities, location, and browsing behavior. In a company ecosystem with protected information, this immediately raises regulatory red flags under the GDPR and the CCPA. From a marketing and security perspective, this is a shared problem that requires a shared solution.
Marketing and Security Are Stronger Together
Fighting back against ad fraudsters requires both teams working in concert. Marketing needs security’s expertise to identify compromised infrastructure, and security needs marketing’s visibility into unusual traffic that hints at foul play.
Start building this collaboration with culture. Train teams across the aisle to say something if they see something. Marketing should be on the watch for unusual campaign activity (invalid clicks, irregular or inhuman engagement metrics) while security monitors malware indicators across endpoints and the wider network. At a technical level, the two should also have access to joint dashboards and shared incident response protocols. In this way, specialized detection tools that can correlate marketing traffic anomalies with security threat indicators are worth exploring.
Additionally, stop the spread of ad fraud malware by removing low-hanging fruit. Connected devices are renowned for hard-coded passwords and poor software patching – technical elements that fraudsters often target at scale with automated vulnerability discovery. Admins can wrest back control by choosing better-connected products, enforcing device health checks before allowing corporate resource access, and unifying visibility with unified endpoint management.
Finally, assume the network’s compromised and work backward to contain it. Zero trust, for example, continuously assesses device health rather than trusting it once, limits lateral movement by restricting what marketing systems can access, and treats traffic from “legitimate” ad platforms as untrusted until proven safe.
From regulatory compliance to marketing success and customer trust, the stakes demand action. Success depends on both teams recognizing ad fraud as a security threat and collaborating to close the pathways that enable it.
Mike Schrobo is the CEO and Founder at Fraud Blocker, a leading click fraud prevention software. He’s a former executive-level member at several leading technology companies with over 25 years of marketing experience and an Adweek national award winner. At Fraud Blocker, Mike and the team are on a mission to maximize ad performance by detecting and blocking click fraud, reducing invalid click rates, and eliminating wasted ad spend.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.