Who hasn’t experienced auto-redirects? More than just a source of frustration, auto-redirects pose a danger to the entire ad ecosystem. Read about auto-redirects so you can avoid being led astray.
Forced redirects, or auto-redirects as they are more commonly known, are caused by malvertisers who steer visitors away from their intended online destination. These bad actors inject scripts into infected sites that send users to fraudulent or low-quality sites. Once redirected, users are at the mercy of cybercriminals, who can scam them or infect their devices with malware.
In recent years, auto-redirects have only increased in frequency and sophistication. It’s crucial that publishers, ad platforms, marketers, and ad agencies alike do what they can to curtail this harmful trend.
Anatomy of an Auto-Redirect
In an auto-redirect, when a user visits a website, an unsecured ad slot deploys malicious code. It prompts a pop-up that displays right over the page’s content, or in the case of mobile devices, over most of the device’s screen.
The pop-up sends users a misleading message. In some cases, this message is alarming, such as informing them that their device has been infected with a virus or malware or that they must update their browser or device immediately. In some cases, the message sent is compelling, leading users to think they’ve won a prize or gift card.
The user looks for a way to eliminate the pop-up, but no obvious solution presents itself. Clicking on the message unleashes an auto-redirect that users to an unsecured website or to the app store.
No Harm, No Foul?
Auto-redirects have become so common that many wonder if they are that big of a deal. In short, yes, they are. While auto-redirects can take different forms, the factor they share is malicious intent.
Forced redirects breed distrust and loss of reputation. They aggravate users by diverting them from their intended online destination. They impair publishers’ ability to monetize user sessions through safe, legitimate advertising.
Over 95% of auto-redirects lead directly to scams that defraud marketers, ad agencies and take money from users. Auto-redirects plague even high level publishers and audiences, with the majority of auto-redirects taking place on more expensive mobile devices.
Auto-redirects send users to unwanted, low-class sites pushing diet pills, adult content, consignment services, dating sites, or pharmaceuticals. They also include phishing scams that lead users to share their sensitive information and Trojan horse attacks that cause users to download malware. This malware steals users’ private information or financial details or takes over their device, turning it into a bot that clicks on scam links.
Nearly half of all malvertising incidents are attributed to auto-redirects. They cost publishers millions of dollars annually because users never reach their intended page or abandon their session. In many cases, users lose faith in the publisher, forever associating them with a bad experience or a scam. Click fraud, which infects a user’s device with malware without the user even knowing what happened, leads to lost revenue in the industry.
Redirects Running Rampant
Detecting auto-redirects poses an enormous challenge to publishers because they only occur in certain situations, such as a particular time of day, geographical location, or through certain wireless providers. This allows most auto-redirects to evade detection and get past many of the standard ad security protections available.
Often, lost ad revenue will be the first sign to publishers that they are dealing with auto-redirects. They will then need to work backward to detect the origin of the attack. Conventional, manual, and in-house solutions are generally inadequate ways for publishers to eliminate auto-redirects. Experienced malvertisers manage to stay a step ahead of these basic approaches.
Publishers must be vigilant about the serious threat posed by auto-redirects to their revenue and reputation. A proactive approach must include a real-time, round-the-clock solution to ad issues before they strike. Only then can publishers outwit the ad quality menace that is the auto-redirect.