Suspected Malvertiser Posing As Legitimate Ad Agency

A suspected malvertiser -- a group buying online display ads as a means of distributing malicious code - appears to be posing as a bona fide advertising agency representing legitimate brands. The group, operating under the name BellasInteractive, which it claims is a San Jose, Calif.-based agency that has been in business since 1994, approached at least one big online advertising network in early July, which after an internal investigation, concluded it was just a front, and contacted Online Media Daily to help get the word out.

In a guest column published in today's edition, Casale Media CMO Julia Casale, details the step-by-step process the network went through to vet, and ultimately uncover the fact that BellasInteractive wasn't all it seemed to be, and offers guidelines for others to do the same.

"We realized others are probably being targeted at this very moment, so we felt the best thing to do is to bring it to the industry's attention," Casale says, adding that the "scariest thing" about the incident was how legitimate the imposters seemed at first glance, providing letters of incorporation, multiple references, and a slick company Web site.



As authentic as those materials appeared, Casale says the most frightening part of the incident was how sophisticated he perpetrators were in posing as agency professionals. She says they seemed to have an intimate knowledge of the interactive agency business, and were "prompt and friendly," and that one of the initial tells was they were "almost too responsive" for a legitimate agency.

That plus, some English-language difficulties for an agency supposedly based in San Jose, Calif., raised the suspicions of the Casale team, as they went through their normal process of vetting BellasInteractive's credit and credentials, for two online advertising buys - one for a large charity and another for a major travel service - whose names Casale declined to disclose.

The incident illustrates how sophisticated, and brazen, cyber criminals are growing in their attempts to utilize the online display marketplace as a vector for distributing malicious code. It's become routine for them to try and place orders via networks, exchanges and platforms offering automated, self-service buys. While many of those online display platforms have become integrating scanning and detection software and systems to thwart such attacks, one industry expert, ClickFacts Founder-CEO, Michael Caruso estimates that at times, as much as 50% of self-service online display ads bought via a credit card can be "charge-backs" due to stolen credit card numbers, which may themselves have been harvested via malware used to raid personal financial information from users.

Casale Media's Casale says her company doesn't utilize automated systems, and requires human interaction for every order placed on its network.

Last October, most of the media-buying and interactive agency units of Publicis Groupe sent letters to publishers warning them about rogue media buyers posing as bona fide agencies representing legitimate clients, and demanding that they contact Publicis agency representatives by phone anytime they suspect a potential media buy looks questionable.

It's unclear whether other agencies have communicated similar instructions, but as the Casale Media experience illustrates, malvertisers are growing increasingly sophisticated in their methods, and the online advertising industry will likely need to step up its game to remain one step ahead.


Bogus references supplied by BellasInteractive to Casale Media.

4 comments about "Suspected Malvertiser Posing As Legitimate Ad Agency".
Check to receive email when comments are posted.
  1. Andrew Ettinger, August 2, 2010 at 9:09 a.m.

    This is the type of great industry reporting that I expect from Mediapost. Kudos!

  2. Roy Weissman from Octopus, August 2, 2010 at 9:32 a.m.

    I don't see how they could have been that sophisticated. Both google and the usps database indicate that the san jose street address is not valid. A check of the domain registration indicates that the domain was just registered in April of this year to someone at an invalid address in Philadelphia.

    That seems a little odd for an interactive agency started in 1994 in San Jose, California.

    While I think that Julia Casale's efforts to make this public is very valuable, sometimes the most basic checks can stop most fraud cold.

  3. Harvey Gamm from Buzz Media, August 2, 2010 at 12:56 p.m.

    Wow! We were contacted by the same people going under the company name out of Baltimore. They negotiated and were very quick to close a deal...too quick. After we told them the CPM was twice as much as they offered, they simply doubled the budget which was another red flag. When we asked for references, we had them 30 seconds later...another red flag. We called and receieved a series of voice mails and disconnects and the references are the same as the Casale references so it is the same scam.
    Great article to get the word out.

  4. Rob Lipschutz, August 3, 2010 at 4:06 p.m.

    I’m happy to see MediaPost reporting on this issue and shining a light on what’s at stake for the entire digital ad ecosystem. Online advertising is prime, fertile, and profitable ground for bad guys. The influx and complexity of threats related to malware and malvertising continues to grow – putting consumers and publishers at risk — as those bad guys spend time and money to create social engineering attacks to infiltrate ad streams. Despite the tendency to point fingers first at ad networks, many premium publishers we work with at the Rubicon Project have experienced malvertising attacks through their direct channels, and have come to realize that their entire ad stream - direct-sold and third-party sales channel deals alike – need careful technology protection against malware.

    Yes, publishers need to be vigilant when new companies emerge and perform appropriate background checks, but just as consumers have security software on their computers, publishers and advertising companies also need technology to counter malicious attacks. For publishers to protect their users, brand and revenue, it’s critical they have a technology solution that will counteract the risks, delivering efficient and safe access to all sources of demand.

Next story loading loading..