A suspected malvertiser -- a group buying online display ads as a means of distributing malicious code - appears to be posing as a bona fide advertising agency representing legitimate brands. The group, operating under the name BellasInteractive, which it claims is a San Jose, Calif.-based agency that has been in business since 1994, approached at least one big online advertising network in early July, which after an internal investigation, concluded it was just a front, and contacted Online Media Daily to help get the word out. In a guest column published in today's edition, Casale Media CMO Julia Casale, details the step-by-step process the network went through to vet, and ultimately uncover the fact that BellasInteractive wasn't all it seemed to be, and offers guidelines for others to do the same. "We realized others are probably being targeted at this very moment, so we felt the best thing to do is to bring it to the industry's attention," Casale says, adding that the "scariest thing" about the incident was how legitimate the imposters seemed at first glance, providing letters of incorporation, multiple references, and a slick company Web site. As authentic as those materials appeared, Casale says the most frightening part of the incident was how sophisticated he perpetrators were in posing as agency professionals. She says they seemed to have an intimate knowledge of the interactive agency business, and were "prompt and friendly," and that one of the initial tells was they were "almost too responsive" for a legitimate agency. That plus, some English-language difficulties for an agency supposedly based in San Jose, Calif., raised the suspicions of the Casale team, as they went through their normal process of vetting BellasInteractive's credit and credentials, for two online advertising buys - one for a large charity and another for a major travel service - whose names Casale declined to disclose. The incident illustrates how sophisticated, and brazen, cyber criminals are growing in their attempts to utilize the online display marketplace as a vector for distributing malicious code. It's become routine for them to try and place orders via networks, exchanges and platforms offering automated, self-service buys. While many of those online display platforms have become integrating scanning and detection software and systems to thwart such attacks, one industry expert, ClickFacts Founder-CEO, Michael Caruso estimates that at times, as much as 50% of self-service online display ads bought via a credit card can be "charge-backs" due to stolen credit card numbers, which may themselves have been harvested via malware used to raid personal financial information from users. Casale Media's Casale says her company doesn't utilize automated systems, and requires human interaction for every order placed on its network. Last October, most of the media-buying and interactive agency units of Publicis Groupe sent letters to publishers warning them about rogue media buyers posing as bona fide agencies representing legitimate clients, and demanding that they contact Publicis agency representatives by phone anytime they suspect a potential media buy looks questionable. It's unclear whether other agencies have communicated similar instructions, but as the Casale Media experience illustrates, malvertisers are growing increasingly sophisticated in their methods, and the online advertising industry will likely need to step up its game to remain one step ahead. Bogus references supplied by BellasInteractive to Casale Media.