Man
Professional
- Messages
- 3,077
- Reaction score
- 614
- Points
- 113
It is difficult to imagine even one day of our life without the Internet. And even more so without using a browser. It is what allows users to see your advertisements on entertainment and news sites, thematic forums, and social networks. But, alas, you probably already know that where there are potential leads, there are also scammers.
We interact with browsers every day. After all, they are our bridge to the world of the Internet. At a time when TV advertising is already becoming obsolete (not counting CTV), browsers are becoming the main tool for displaying ads to potential consumers. Therefore, it is not surprising that fraudsters have chosen them as their target.
What types of browser ad fraud are common? How to avoid losing your budget? Let's shed some light on this issue and list the most popular methods fraudsters use to deceive advertisers.
Contents
1. 5 Common Types of Browser Scams
1.1. Self-written browsers
1.2. Malicious extensions
1.3. Domain substitution
1.4. Substitution and implementation of cookies
1.5. Updating mobile browsers
2. The most vulnerable browser
3. How to protect yourself from scammers
Cybercriminals can change almost any information, including a user's location and search history. Even the browser itself can pretend to be official, not homemade. The result is a classic scam: data falsification, in which a bot pretends to be a human.
For example, a user visits a website, clicks on an ad banner, and ends up on the advertiser's website. Their original cookies contain attribution data that is linked to that advertiser. However, the malicious extension modifies those cookies (which is also related to another type of fraud we'll discuss below: cookie injection).
When a user performs a target action, be it purchasing a product, registering on a website, or any other goal, the advertiser pays a reward to the person who brought this visitor to the site. And, as you might guess, due to substituted or embedded cookies, this lucky person is our attacker.
In some cases, scammers may simply swap letters in a domain name or use Unicode characters to trick unwary users.
Attackers use HTML <iframe> tags to insert a document from a third-party site into the current page. In simple terms, they embed GS sites via the tag so that advertisements from a low-quality resource appear as if they were part of the natural content on high-quality sites.
Cookie substitution can lead to numerous problems. For example, attackers can use click farms and botnets of malware-infected devices to perform processes in the background on users' smartphones and PCs: display invisible ads, click on links, fill out forms, etc. As a result, all these actions are paid, but they never result in real conversion.
Similarly, scammers can modify or steal cookies and deprive advertisers of organic traffic by turning natural visitors into unnatural ones.
For example, a user visits an online store website. At that moment, a notification appears on the screen that the current version of the browser is outdated and needs to be updated. Of course, the text of such an "advertisement" contains general phrases and random versions. But a user who does not go into all these subtleties may not notice this and trust it.
If the user clicks on this notification (basically, just a banner), then a malicious update will be downloaded to his device (smartphone) via a phishing site. On this site, he can leave his personal data, and fraudsters will be able to use it in their schemes in the future. In addition, some malware can also get onto the phone along with the downloaded application or document.
All of these schemes have an obvious goal - to take away the advertiser's budget and sell bot traffic as human traffic.
According to the presented results, the worst browser was, surprisingly, Google Chrome. The best was Firefox.
Below we provide the results of the experiment, which shows the percentage of phishing attacks blocked by browsers.
Windows
Phishing is just one of the technologies used by scammers to deceive users. If this were a classic spam mailing via messengers or mail services with links to phishing sites, the percentage of deceived users would be lower. Here, however, a completely different method is used to lure the victim.
Google was, of course, outraged by these research results. However, Which? kept the details of their research a secret. The Russian Yandex Browser did not participate in this experiment, which is logical, since the company is British.
Roskachestvo also conducted its own research. Our experts tested mobile versions of the browsers listed above. According to their results, Firefox and Chrome are leaders in terms of fewer blocked cyberattacks. Opera and Yandex.Browser for devices running Android OS and Safari for iOS were less vulnerable.
There are many ways to deceive advertisers, webmasters and ordinary citizens. We have previously written about types of fraud in advertising (click fraud).
We interact with browsers every day. After all, they are our bridge to the world of the Internet. At a time when TV advertising is already becoming obsolete (not counting CTV), browsers are becoming the main tool for displaying ads to potential consumers. Therefore, it is not surprising that fraudsters have chosen them as their target.
What types of browser ad fraud are common? How to avoid losing your budget? Let's shed some light on this issue and list the most popular methods fraudsters use to deceive advertisers.
Contents
1. 5 Common Types of Browser Scams
1.1. Self-written browsers
1.2. Malicious extensions
1.3. Domain substitution
1.4. Substitution and implementation of cookies
1.5. Updating mobile browsers
2. The most vulnerable browser
3. How to protect yourself from scammers
5 Common Types of Browser Scams
Here are five of the most popular methods that scammers use to steal advertising funds from advertisers. Here they are:Home-made browsers
Today, anyone can create their own browser. All they need is the open-source Chromium engine, available for free from Google. Using custom browsers and special software that fakes user data, attackers can create bots that imitate the behavior of real users.Cybercriminals can change almost any information, including a user's location and search history. Even the browser itself can pretend to be official, not homemade. The result is a classic scam: data falsification, in which a bot pretends to be a human.
Malicious extensions
Through malware-infected extensions and plugins, fraudsters can inject advertisements into third-party sites and applications, which the user may not even know about. The most common process is when the malware is programmed for redirects.For example, a user visits a website, clicks on an ad banner, and ends up on the advertiser's website. Their original cookies contain attribution data that is linked to that advertiser. However, the malicious extension modifies those cookies (which is also related to another type of fraud we'll discuss below: cookie injection).
When a user performs a target action, be it purchasing a product, registering on a website, or any other goal, the advertiser pays a reward to the person who brought this visitor to the site. And, as you might guess, due to substituted or embedded cookies, this lucky person is our attacker.
Domain substitution
In general, the technique of domain substitution is associated with fake sites created as clones of official resources. But there are also more advanced methods of this type of fraud: when sites or browsers are infected with malware.- URL Trick
In some cases, scammers may simply swap letters in a domain name or use Unicode characters to trick unwary users.
- Cross domain substitution
Attackers use HTML <iframe> tags to insert a document from a third-party site into the current page. In simple terms, they embed GS sites via the tag so that advertisements from a low-quality resource appear as if they were part of the natural content on high-quality sites.
Cookie substitution and injection
Cookie stuffing is the theft of organic traffic through manipulation of cookies in the browser. To do this, scammers usually buy the cheapest traffic and receive money for fake user activity.Cookie substitution can lead to numerous problems. For example, attackers can use click farms and botnets of malware-infected devices to perform processes in the background on users' smartphones and PCs: display invisible ads, click on links, fill out forms, etc. As a result, all these actions are paid, but they never result in real conversion.
Similarly, scammers can modify or steal cookies and deprive advertisers of organic traffic by turning natural visitors into unnatural ones.
Updating Mobile Browsers
A fake browser update has become another tool in the hands of fraudsters to deceive users. For this, attackers use malware that penetrates the owner's smartphone. The scheme is aimed at devices running the Android OS.For example, a user visits an online store website. At that moment, a notification appears on the screen that the current version of the browser is outdated and needs to be updated. Of course, the text of such an "advertisement" contains general phrases and random versions. But a user who does not go into all these subtleties may not notice this and trust it.
If the user clicks on this notification (basically, just a banner), then a malicious update will be downloaded to his device (smartphone) via a phishing site. On this site, he can leave his personal data, and fraudsters will be able to use it in their schemes in the future. In addition, some malware can also get onto the phone along with the downloaded application or document.
All of these schemes have an obvious goal - to take away the advertiser's budget and sell bot traffic as human traffic.
The most vulnerable browser
The British company Which? conducted an experiment in which it tested browsers for Windows and MacOS. The company's specialists determined the worst and best browser in terms of security. How effectively they can resist fraudulent attacks, primarily phishing ones.According to the presented results, the worst browser was, surprisingly, Google Chrome. The best was Firefox.
Below we provide the results of the experiment, which shows the percentage of phishing attacks blocked by browsers.
Windows
- 85% Mozilla Firefox
- 82% Microsoft Edge
- 56% Opera
- 28% Google Chrome
- 78% Mozilla Firefox
- 77% Apple Safari
- 56% Opera
- 25% Google Chrome
Phishing is just one of the technologies used by scammers to deceive users. If this were a classic spam mailing via messengers or mail services with links to phishing sites, the percentage of deceived users would be lower. Here, however, a completely different method is used to lure the victim.
Google was, of course, outraged by these research results. However, Which? kept the details of their research a secret. The Russian Yandex Browser did not participate in this experiment, which is logical, since the company is British.
Roskachestvo also conducted its own research. Our experts tested mobile versions of the browsers listed above. According to their results, Firefox and Chrome are leaders in terms of fewer blocked cyberattacks. Opera and Yandex.Browser for devices running Android OS and Safari for iOS were less vulnerable.
There are many ways to deceive advertisers, webmasters and ordinary citizens. We have previously written about types of fraud in advertising (click fraud).
How to protect yourself from scammers
- The official and most popular browsers are updated automatically. They do not need to ask permission. You should not follow links on unknown sites.
- Don't open links from unknown people. Always check with your friends who suddenly started sending you spam. They may have been hacked.
- Do not download attachments to emails sent to you by strangers. Most often, such documents contain malware.
- Do not post personal information, including bank card details, on dubious websites.
- Opt for popular and well-known official browsers, not self-written ones. The level of security will in any case be higher for those that regularly maintain a base for blocking unwanted activity.
- Pay attention to the domain name of the site. Pay attention to how the addresses of the official companies' sites that you visit most often are written.
- Clear your browser cookies regularly. This will remove any third-party data that has been inserted by scammers, if any.
- Download only official and verified extensions, plugins and applications.
- Use antivirus, including for mobile devices. Update databases regularly.
- Try not to visit questionable sites.
- Try to change your account passwords periodically. This will help you protect yourself in case hackers leak another database of user registration data for a service.
