Ad cloaking is a technology that replaces the content shown when you click on a link in an advertisement. In this context, cloaking is a tool for dividing traffic. The rationale is that big traffic exchanges typically take a tough stance regarding ad moderating, which may deter them from bringing highly lucrative offers there, especially when it comes to grey and black offers, and to get access to large, high-quality traffic and still earn money.
How does ad cloaking work?
Our original landing page is the destination for our targeted audience, while bots and moderators are directed to a specifically prepared white page. A white page is a page that fully complies with the rules of the exchange without any aggressive presentation. The simplest form in which a white page can be presented is an informational article with a link to the source site related to the topic of the offer without a hint of the sale of the goods, or you can take it to a wide site with a thematic post so that there are no suspicions. Also, you can generally divert inappropriate traffic to a page with a 404 error.
For example, the next element is a black page, a landing page where the user will be actively pushed to buy and influence their psyche with all sorts of facts and statistics and wow effects and then cloak.
How is ad cloaking detected?
Before cloaking software, namely trackers or special services, the possibility of cloaking is not always available. Setting up the map is quite simple. When creating a campaign, we specify the conditions under which traffic will be redirected to the white page and which to the landing page.
Special services come in two flavors: free and paid. Unlike trackers, they offer deeper filtering capabilities to gather the required databases. There are advanced services that leverage neural networks to analyze devices, seamlessly integrating with popular trackers for comprehensive insights.
Cloaking is not limited to one purpose; in addition to passing moderation, with its help, we can filter out fraud traffic, that is, users with irrelevant GEOS types of devices, using proxies, VPNs, and other parameters.
Cloaking itself is also not a permitted procedure; therefore, when such manipulations are detected, the accounts that rule them get blocked. Even if some time has passed since the launch, do not forget about it. It is preferable to test this approach with fresh accounts and consumables.
Challenges in detecting cloaked ads
Scammers also use timing to their advantage. If a user appears to be on a mobile device, fingerprinting checks for a touch screen. Scammers use fingerprinting both before and after clicks to ensure they are dealing with real users, not security scanners or bots. Scammers also use Canvas, which allows browsers to show graphics and animations in HTML5, identify computers, and evade security mechanisms. They start the campaign with the cloaker off and target minimal traffic. Before launching campaigns, they need approval from the DSP. This is why scans along the supply chain often miss advertisers and malicious actors: cloaked ads only show their true nature after the final scan or review. They even monitor battery charge levels, knowing that batteries at 100% indicate non-standard users. Since most QA reviews are done initially, once they get approval, they activate the cloaker, confident that future scans won’t detect the script redirecting the URL to different IP addresses. If it doesn’t find one, it assumes it’s a security platform and displays a legitimate ad image and landing page. Scammers go to great lengths to avoid detection because they invest heavily in each campaign, preferring to be overly cautious.
Blocking Cloakers in Real-Time
Ad quality used to be an ad-ops worry, but now because it affects all aspects of the business performance, including revenue, user loyalty, brand image, and overall success, publishers are making management decisions about it. In all digital contexts, real-time blocking offers trusted security by addressing the root problem, which in this case is the cloaking. Real-time blocking can catch a cloaked ad at the point when it finally reveals itself and before the page content loads. Plus, since real-time blocking runs on the user’s device, cloaks can’t distinguish between real users and artificial ones. Broadly speaking, cloaking is very difficult for publishers to combat because, like many ad security and quality threats, there are many variations in how bad ads and pages are cloaked.
Forced redirects have superseded in-banner video scams and phishing attacks of the past, and publishers are now concentrating on creating phony “clickbait” advertisements.
Ad tag scanning is one of the most basic forms of ad protection that many publishers employ, and cloaking is designed to fool and get around it. All of these methods have something in common: they have spread widely because bad actors have used cloaking strategies to camouflage their code and its true purpose. Publishers have developed a plethora of anti-cloaking (or de-cloaking) strategies in response to the gradual evolution of cloaking tactics throughout time. Unfortunately, publishers’ security tools are often not robust enough to detect cloaking.
