Trust and Security is Important to us!

This website uses advertising and analytics technologies (including cookies from your device) to measure advertising effectiveness and/or to improve the browsing experience.

By clicking 'Continue to Site', you consent to our use of advertising and analytics technologies (including cookies from your device).

Continue to Site
Exit to Privacy Policy
Close Icon

Customize My Results

Configure the Crawler

Configure the Crawler

Send My Ad Activity

Close Icon
Hidden

Form Content Start

Show Me:
Pick Engines:
National / Local
Name(Required)
Hidden

Section Break

Hidden
This field is for validation purposes and should be left unchanged.

Close Icon

Get a Demo

Instantly schedule a demo and receive a personalized walkthrough of The Search Monitor.

Close Icon
  • Valid info required below for personalized demo
  • Hidden

Close Icon

Build my package

Complete the form on the right to get a customized quote. One of our experts will be in touch with you shortly.

Close Icon
  • Hidden

The Search Monitor takes down online advertising fraud ring

Affiliate Managers, Retail, Travel
Fraud Ring - URL Hijacking - Clothing - Search Monitor
Last month, The Search Monitor detected fraudulent PPC ads running on Bing, Yahoo, and Google. The fraudsters impersonated more than 300 advertisers on a global scale. The advertisers that were affected by the fraudulent activity spanned across several industries, including leading business in automotive (JC Whitney), furniture (Joss & Main), software (MobiStealth), printing (Tiny Prints), home & garden (Ace Hardware), travel (Booking Buddy), firearms (Brownell's), and services (Deluxe).

How Did The Fraud Happen?

The fraud was perpetrated through URL Hijacking. URL Hijacking is the practice where the scammer impersonates an advertiser by using the advertiser's URL as its Display URL in PPC ads, then linking the ads through an unauthorized link such as an affiliate link, a phishing link, or a cookie-stuffing URL.

Why does URL Hijacking Happen?

There are several scenarios that could encourage a company to commit online advertising fraud through the use of URL Hijacking:
  • Affiliates are trying to drive traffic and increase their commissions
  • Phishing sites are trying to redirect traffic to a spoofed landing page to gather personal information
  • Affiliates are trying to push traffic through a link to drop cookies, a practice known as cookie stuffing
  • Other advertisers trying to capitalize on your brand equity and raise their PPC quality score
Below are two charts showing spikes in URL hijacking that we witnessed for a clothing retailer and a furniture retailer. (Each chart includes one Search Monitor client, so the names are not disclosed.) Fraud Ring - URL Hijacking - Clothing - Search MonitorFraud Ring - URL Hijacking - Furniture - Search Monitor

What Did The Fraud Look Like?

  • We found more than 300 advertisers under attack worldwide from URL hijackers who were using several thousand domains, including wileytrack.com, toppertrack.com, togateway.com, and cimjwc.com. In some cases, the hijacker tried to look like a real Destination URL.
  • We discovered one hijacker who was trying to look like Kenshoo. Kenshoo is a widely used marketing solution provider helping companies with marketing optimization. The Kenshoo tracking URLs all contain the domain xg4ken.com. The hijacker flipped this domain around and was using x4gken.com where the 'g' and '4' were switched.

How Did We Catch and Take Down The Fraud Ring?

The Search Monitor's ad monitoring technology scours search engines, performs searches, and analyzes the results. This monitoring activity happens on a global scale, from thousands of different IP addresses, and can occur as often as every hour. (Learn more about what we monitor.) We've perfected our technology to identify when an affiliate is practicing URL hijacking and then automatically notify us, our clients, and our partners. What tipped us off to the fraudulent activity:
  • We received two red flags on the same day signifying URL hijacking was happening
  • Our Investigations Team noticed a spike in attack volume, while at the same time, our client Linkshare diligently noticed that several of their clients were impacted. Linkshare took swift action reporting it to us. Thanks Linkshare!
  • We realized there was a problem and our automated scripts searched to determine the exact number of advertisers impacted
  • When we realized the magnitude of the issue, we leveraged our close relationship with Stacie Suzuki from Bing's fraud team, since the majority of the activity was happening on Bing.
  • Bing investigated and took immediate action to remove the offending advertisers. Thanks Bing! Thanks Stacie!
The problem was solved, at least temporarily. But the incident underscores the need to keep a close eye --- through automated, advanced compliance monitoring technology --- on your online ads and their performance. The world of online ads is much too big to be able to manually know when another company is trying to take advantage of you! This is all we do, so please reach out if we can help.