Brand safety has been in the news a lot in the last year, much of it about the risks associated with running ads on the popular YouTube channels of vloggers, such as Logan Paul and PewDiePie, and even on YouTube Kids.
As disturbing as these incidents are, the real brand safety challenge for publishers, which is a particular issue with native advertising, is what happens to the user’s experience after they click on the ad.
The challenge with malicious native ads is that they look clean. You usually won’t find racy images or inappropriate content on display in a malware or cryptomining campaign. The problem starts when a publisher’s visitor is enticed to click on the ad.
For their direct advertisers, publishers have the ability to vet ads; advertisers won’t damage a strong working relationship with a trusted publisher to run a potentially malicious campaign. But when working with a native ad vendor utilizing programmatic bidding to target a site visitor in .00437 seconds, there isn’t enough time for anyone to vet a malicious ad, particularly one where the ad’s creative is completely brand safe.
Whether it’s an auto-redirect or a phishing campaign, malicious marketers are the most performance-oriented marketers you’ll find. They might take prey on users by announcing that if the user received this message, there is a problem on their device or with their operating system, using fear to entice the users to click.
Other campaigns will hijack actual brands, like Instagram or the "Star Wars: Galaxy of Heroes" game made by Electronic Arts, running creative to trick users into believing that they’re clicking on ads for these brands.
With malicious campaigns, clicking through to the campaign landing page or app store placement is where the trouble begins. Users enable malware to take over parts of their device for malicious use, whether it’s to run a crypto-mining campaign to harness an unsuspecting user’s computer processing unit (CPU) or to land unintentionally on an app’s page in one of the app stores where that app pays for the maliciously re-directed click.
In some cases, in the first day of the campaign, the landing page will be legitimate, but after that, when the malicious marketer knows the native ad platform already reviewed the landing page, it’s switched to something nefarious from which to launch malicious activities.
And every quarter, malicious marketers get better, uncovering new ways to inject malware, run fishing scams or lock browsers, hurting the user’s experience on the publisher’s website or application.
What can we do about the brand safety challenges with native advertising?
First, we must understand that these aren’t just publisher problems or even native ad vendor problems. These are problems that impact the entire digital marketing eco-system. Therefore, we must stop blaming publishers and work together to solve the problems of malicious ads in order to ensure that users have a safe and positive experience when visiting a publisher’s app or website.
Second, when one publisher, vendor or marketer uncovers a malicious attack campaign, they need to share this information with their partners and throughout the industry. Once one type of attack has been publicized throughout the industry, the perpetrators will have a difficult time succeeding with the same attack tactics on other native ad vendors / publishers.
Unfortunately, most try and hide the fact that they’ve been attacked, not wanting to draw negative attention to themselves. This enables the perpetrators to use the identical attack tactics against others.