Third Party Advertising

Posted by on Jan 21, 2016 in Malvertising, Online Advertising, Tech Support Scam

“Don’t do it.”

That’s my advice to any network entertaining the notion of third party advertisers. The simple fact of the matter is that when you on board third party advertisers you’re putting your network’s reputation on the line, but more importantly: potentially jeopardizing the safety of your users. The economic benefits of third party advertising must obviously outweigh reputation and safety, at least in a networks mind, hence the reason so many networks do it.

So what’s really happening when you decide to use third party advertisers? Essentially, you’re going to send your users to an advertiser that you don’t know. In doing so, the third party network pays a small fee for the referral. Now you may trust the advertising network hosting the advertiser that you’re sending your user to, but subtle differences in terms, editorial policies, fraud rules, abuse mitigation et cetera can and will result in bad things happening to your users.

I can spend all day talking about the pitfalls of this model. The quickest analogy I offer to folks when discussing third party advertising is this: let’s say you have a house with a family and good friends. The house is your network, your family is your users and your friends are your advertisers. Your family is safe when they are in your house. Your family is safe when they are in the house with your friends. For the most part, your family is safe when your family visits your friends. Third Party Advertising is what happens when one of your friends brings one of their friends that you have never met before to your house to visit your family when you are not there. This unknown “friend” then leaves your house, with your family.

Enough with the jibber jabber, let’s get down to brass tacks:


Here’s what happened:

  • I did a search on and scrolled down to the sponsored links
  • Amazon warns me that I will be taken off of if I click on this particular set of sponsored ads (third party ads), the text includes: “We are not responsible for websites you visit by clicking on these links, and you should carefully review their privacy policy and conditions of use.” I wonder where I would have reviewed the policy and usage terms in questions for this scenario. Amazon? Maybe they should include “We have no clue who these advertisers are. Furthermore, they can and will engage in deceptive and illegal practices which include wire fraud, so you should carefully review your actions before clicking on any of our/their/??? ads”
  • I clicked on the ad. I was then routed to Google’s network and onto Google’s Advertiser who then locked my browser with popups and engaged in the first phase of a tech support scam: gain the trust of your victim by getting them to phone you for help.

“Please help me! Somethings wrong with my computer”

“Happy to help mam. Let me log into your computer and see what is wrong with it…”

Enter: Rebuttals. Dismissals. Boring emails. Silly blog posts on safety. News articles that include “we love our users and do everything in our power to protect their safety” or “advertising is so much more complex than that”. Blah blah blah.

Bottom line is that it took me five seconds to find a bad Google advertiser on Amazon’s site. This advertiser is targeting vulnerable people through deceptive practices. Yes, there’s always a risk (third party or otherwise) but it really shouldn’t be this easy to find nonsense of this nature, not on a site like Amazon and not with a network like Google.

« »