• by Laurie Sullivan  @lauriesullivan, October 5, 2020

Data released Monday finds malicious advertisers can buy a cloned website template for a few dollars and use IP addresses to effectively target users, to create what one online ad verification and transparency solutions company calls the most performance-driven advertising seen in years.

Historically, malvertisers has been used to launch attacks, but today malicious advertisers are creating what GeoEdge calls a “package” of attractive ads and deceptive landing pages full of fake content that lures readers and site visitors to present them with scams such as stealing information. 

GeoEdge estimates these malicious advertisers produce content that is six times more effective than auto-redirect ads.

The company believes the latest trend in malvertising to date this year has caused half of all malicious advertisements. 

GeoEdge stops the ads leading from a publisher's site to cloned sites. The ad on the publisher's site is scanned, followed by the ad’s landing page.

Much of the malicious activity occurs on the landing page. The ad can be free of malvertising, but the landing page can be full of malicious code. This is part of the content marketing push on the part of malicious marketezrs, putting the malicious attributes on the landing page rather than in the ad.

Cloned websites are not intended to rank in a search engine like Google and Bing. The purpose is to serve as the landing page for malvertising and other malicious content.

The pandemic has given thieves new opportunities to generate revenue from content and the two major areas used to lure those searching on engines or visiting websites are COVID-19 and the presidential election in the U.S.

As November approaches, GeoEdge expects an increase in the number of cloned news websites. The company estimates 89% of publishers serve deceptive ads, with 42% of those dealing with user complaints, while 20% are forced to contend with a loss in revenue or subscribers.

Thieves are personalizing landing pages with the branding and language of the users’ internet service provider, and creating prize redemption pages with 127 comments, many from users with images.

GeoEdge describes in its research seeing cloned versions of banks such as HSBC and Paragon Bank -- as well as global media sites such as Forbes, Today, BBC, El Pais, and Zeit Online -- appear in search results. These companies have experiencee major losses and fake news this year, according to the data.

With the average user seeing around 5,000 online ads daily, and one in 5,000 ads leading to a malicious cloned site, most users are exposed to a malicious cloned site daily.