How Clickbait Advertising Shapes
User Behavior & Digital Media

GeoEdge’s Q1 Report investigates the prevalence and source of post-click clickbait attacks targeting mobile users in North America and the UK. The report focuses on misleading product offers and financial scam ads that flow through programmatic channels during Q1 of 2023. The findings indicate that these attacks are rampant, with a staggering 87% of all clickbait ads traced back to only two SSP’s. The results of this report provide insights into the evolving landscape of online malicious tactics and underscore the urgent need for stronger measures to protect users against malvertising.
From 2022 to 2023, GeoEdge monitored and analyzed billions of advertising impressions across premium websites, apps, and SSPs to compile the research presented in this article. The data was collected using GeoEdge’s real-time ad security solution, which enables the measurement of quality and blocking of malvertising across devices and channels on live impressions.
The programmatic ecosystem has experienced an influx of clickbait ads following a drop in CPMs at the start of the year. The reduced barrier to entry has attracted a major flow of fraudsters to the market. How easy is it to serve fake product advertisements on premium sites? We tracked clickbait ads along the programmatic supply chain. Here’s what we uncovered:

The Prevalence of Clickbait in Programmatic Channels

Programmatic channels have been overwhelmed with misleading product offerings due to evolving fraudster tactics as well as the ease of entry to the market. Due to inadequate safeguards, publishers’ sites have been exploited as a means to scam online audiences.

Based on GeoEdge’s March 2023 survey of global Digital Media and Ad Ops professionals, 70% of respondents believed that ad security incidents occur at a rate of 1/1,000. However, the situation is more severe with incidents occurring at:

  • US: 1/170
  • UK: 1/140
  • Canada: 1/200
  • Germany: 1/300
  • Japan: 1/1000

Malicious Activity Index 2022-2023

GeoEdge security research revealed that scammers have expanded their operations and shifted tactics to primarily
post-click attacks.
Danger lurks in today’s post-click experience as users are lured in by a myriad of promises, only to be duped through social engineering. Post-click attacks use deceptive creatives to induce user clicks through manipulation and psychological engineering.

Scammers changed tactics around 2020, shifting from using auto-redirects to lure users to malicious domains, to using clickbait to entice users to intentionally navigate to known malicious destinations.

Misleading Product Offers Emerge as the Primary Tool For Fraud

Publishers have been under the assault of clickbait ads over the past three months.
Misleading product offers and financial scams lead the way as the most common attacks.

Mobile users are particularly vulnerable to scammers who launch post-click attacks disguised as product offers. GeoEdge security data reveals that 65% of post-click attacks target mobile devices, with desktops bearing 30% and tablets making up the remaining 5%.
  • Misleading product offers lure users with clickbait ads for nonexistent or counterfeit products, preying on users’ hopes and fears.
  • Financial scams misuse recognized celebrities and shocking headlines to lure users into clicking on ads. These ads redirect them to deceptive landing pages promoting fake financial services or financial instruments.
  • Malicious browser extensions and add-ons offer users incentives to install them, and then collect details about users’ online activity and personal information.
  • Forced Browser Notifications exploit social engineering tactics with familiar logos and icons that trick users into downloading and installing disguised malicious programs.
  • Auto redirects hide code within the ad pixels, transporting users to various schemes.

How Do Misleading Product Offers Enter the Programmatic Supply Chain?

Malicious actors usually initiate an attack by purchasing a license on a DSP. They then carry out a warm-up phase, in which they pretend to be legitimate advertisers. They upload code that calls for a legitimate ad leading to a genuine website, free of malicious code. Most DSPs have a probation period for new advertisers, during which they review campaigns to determine their legitimacy.

Malicious actors avoid deploying any attacks during this time to be approved for continued advertising by the DSP. Once they’re under the radar, fraudsters change the code in the background using a tactic known as cloaking, which hides the scam.

Cloaked scams rely on client-side fingerprinting to identify specific users who are vulnerable to being scammed.

Cloaking lets scammers evade ad policies that prohibit diet scams, trademark-infringing products, and malware. Users are directed to a deceitful landing page where the scam takes place. Users who do not meet the targeted parameters or non-human environments never see the deceptive landing page.

Ensuring Protection Against Misleading Product Offers


In the fight against harmful and misleading ads, publishers must take proactive measures to protect their users. The initial step is to collaborate with SSPs that prioritize ad quality by precisely categorizing ads and preventing clickbait scams from being displayed on your website.

GeoEdge analyzed ad quality ranking and malicious ad trends in Q1 by tracking impressions from the top 9 global SSPs. There were significant performance disparities among the leading SSPs, with some showing acute levels of high-risk creatives. 

SSP Ad Quality Takeaways:

  • 87% of all scam ads came from only 2 SSPs [SSP1+SSP6]
  • The worst performing SSP delivered malicious ads at 1.36% of the rate of the best performing SSP.
  • The overall average percentage of malicious ads among the top 9 global SSPs was 0.54%.

In today’s rapidly evolving advertising landscape, relying solely on SSP protection is not enough. To take control of ad quality and user security, publishers must be armed with real-time on-page prevention solutions. The right tools analyze the actual content and code of ads and landing pages, rather than relying on advertiser declarations, to categorize and block bad ads. Real-time solutions provide the highest level of protection for users, ensuring that misleading product advertisements never make it through the filters.

About GeoEdge

GeoEdge’s advanced security solutions ensure high ad quality and verify that sites offer a clean, safe and engaging user experience, so publishers can focus on their business success. Publishers around the world rely on GeoEdge to stop malicious and low-quality ads from reaching their audience. GeoEdge allows publishers to maximize their ad revenue without quality concerns, protect their brand reputation and increase their user loyalty. GeoEdge guards digital businesses against unwanted, malicious, offensive and inappropriate ads — without sacrificing revenue.