CYBERSPACE—The Wall Street Journal has reported on a sophisticated scam it describes as “a new type of online-advertising fraud” that is allegedly being perpetrated by porn sites. Two of the alleged participants in the scheme are hqtubevideos.com and pornoxo.com. A WHOIS search indicates contact information for both sites, which are of the tube variety, are hidden behind the Moniker Privacy service.
“When a user visits one of these porn sites, the Web page launches dozens of pages that are hidden from the computer user,” wrote Emily Steel for the WSJ. “These hidden sites are filled with paid links to legitimate websites. Unbeknownst to the user, software built into the porn sites forces the user's computer to click on these links, sometimes hundreds of times, sending a flood of computer-generated traffic to legitimate websites.
“No person is actually seeing or clicking on the ads,” the article continues, “yet the operator of the scam collects commissions for directing traffic to sites like Web portal Lycos, video sites Mevio and Current TV, and others. And big advertisers, including Verizon Communications Inc. and TD Ameritrade Inc., are paying for ads that were never displayed to users. The websites say they weren't aware they were collecting money for ads that weren't shown.”
The discoverer of the fraud, an online ad-protection company called AdSafe Media Ltd., told the Journal that “its preliminary research found more than one thousand websites with possible links to the scam. In some instances it found more than 5,000 ‘invisible ads’ being shown to an individual consumer after one visit to a porn site. AdSafe said the scheme likely has been running for at least several months.”
While many of the ad companies and websites interviewed for the article said that such scams involve a small percentage of their traffic, the CEO of Double Verify, another online fraud prevention firm, told the paper that around 31 percent of the $100 million of online ad spending that it monitors each month is wasted because of fraud or ads targeted to the wrong destination.
"These guys pop up like mushrooms, they change their names and location and sites and come up with a new fraud and a new site with a different name," said Oren Netzer. "It is a cycle where we always have to chase them down.”
The Journal also did its own analysis of the computer code transmitted during visits to one of the porn sites, hqtubevideos.com/play.html. The analysis “revealed the site opens dozens of invisible pages—invisible to the user—with innocuous-sounding names such as relaxhealth.com and baldnesshealth.com.
“Those sites are filled with paid links and have minimal content,” the paper continued. “In some cases they are hidden in tiny windows on the porn site that are no bigger than a single screen pixel. But they appear as normal pages in communications with other websites.”
The two sites mentioned, in addition to containing no identifying contact information, are also deficient regarding certain legal requirements, including either having no 2257 or DMCA link on the site, or having 2257 and DMCA links that do not contain legally required information. Such oversights tend to indicate websites that are hosted overseas and are either repositories of stolen content or bad actors with respect to the fraud reported by the Wall Street Journal or other types of deleterious behavior.
The article notes, however, that the prevalence of such scams is common (and always evolving) and is hardly dominated by scammers utilizing porn sites to perpetrate their crimes. The article quotes Harvard Business School assistant professor Ben Edelman as saying such types of online fraud occurs frequently across a “broad network” of sites, and that he comes across an average of 50 such scams a month.
Though generally small in scale, he told the Journal, they constitute “death by a thousand paper cuts.”