Savvy computer users looking to navigate the internet without being tracked or having to face geolocation restrictions turn to virtual private networks (VPNs) to protect themselves. Those who understand the VPN concept consider VPNs to be a good thing. That they are. But is it possible that VPNs are also contributing to the growing problem of ad fraud?
Cyber security experts are starting to reach that conclusion. They are realizing that bad actors have figured out how to harness the power of VPNs to perpetrate ad fraud. They have also figured out they can get unsuspecting VPN users to help them.
This leaves companies like Fraud Blocker having to look for new ad fraud detection avenues capable of thwarting efforts to use VPNs as vehicles for fraud. It is an especially difficult challenge given the nature of VPNs themselves.
How VPNs Work
As the name implies, a VPN is a private network through which web users can access the internet with enhanced privacy. Think of the VPN as a proxy. If you were to use one to go to your favorite news website, your computer would not make a direct connection with that website.
For starters, your computer would gain access to the internet through your Internet service provider (ISP). From there, it would attempt to connect to your VPN. A successful connection would mean the VPN provider connecting to your favorite news website, acting as an intermediary between your computer and their server.
All the while, the VPN obscures your legitimate IP address. It sends out a false address so that the server on the other end cannot locate your computer. In addition, all the data traffic passing between your computer and the server is encrypted.
Legitimate internet users have valid reasons for using VPNs:
- Preventing Online Tracking – VPN users tend to be the types of people who don’t want to be tracked online. They believe that their online activity is nobody else’s business. They do not want to be tracked for ad purposes, information mining, etc.
- Accessing Content – Online content can be restricted by geography. As an example, some of your major sports leagues restrict the games U.S. viewers can watch based on location, while still allowing European viewers to watch whatever games they please. A VPN can make an American viewer appear to be a European viewer.
- Website Testing – Geographic restrictions can make it difficult for a web developer in one country to test a site they are developing for a customer in another country. A VPN solves that problem by masking the developer’s genuine location.
Despite what VPNs are capable of doing, they can be used to perpetrate ad fraud. Unfortunately, ad fraud detection software doesn’t always recognize fraudulent activity taking place over VPNs.
Infect the VPN
Fraud perpetrators use a variety of means to exploit VPNs to perpetrate ad fraud. One common tactic is to infect the VPN itself. The fraudster will create a VPN account just as if they were a legitimate customer. They then log on and use adept hacking skills to plant ad fraud malware on the VPN.
Once the malware is embedded and running, it can use virtually any computer connected to the network as a bridge to ad fraud. Only the most adept VPN users would have any clue something was wrong. Most users wouldn’t know a thing. They would go about their business not realizing their computers were being utilized as ad fraud tools.
Another tactic is to use the VPN only as a launching point for infecting other computers. The idea is to use the VPN to force a malware download when an unsuspecting user logs on. The advantage here is that the malware will continue perpetrating ad fraud even when the computer user accesses the internet without a VPN.
In many cases, embedded malware can connect and perpetrate ad fraud without a computer user actually making any attempt to get online. The user could be away at work while the malware on his home computer automatically connects to the internet and busies itself with its main task.
Free VPNs Are a Target
It should be noted that free VPNs are an attractive target to those who would commit ad fraud. Fraudsters know that people looking for free VPNs are likely people who know very little about how VPNs work. They just want something that will give them access to protected content without costing them a dime.
This being the case, Fraud Blocker and other ad fraud detection providers recommend staying away from free VPNs. While paid VPN services are not immune from ad fraud malware, they are significantly less likely to be infected because their business models require more diligent security.
As far as free VPN services are concerned, it is not uncommon for them to be offered through browser plugins. The nature of browser plugins, as an inherent security risk, makes the chances of being infected that much greater. Not only should consumers avoid free VPNs, but they should also stay away from VPN plugins as well.
Continuously Monitor Traffic
While cyber security experts work out ways to defeat ad fraud, advertisers do have a few tools at their disposal. The most effective tool is good, old-fashioned traffic monitoring. It doesn’t require any fancy software or special knowledge. Continually monitoring traffic gives advertisers a good idea of where clicks are coming from, how quickly they are coming, and whether they are leading to profitable website activity.
Advertisers can also invest in ad fraud detection software that automates many of the tasks involved in discovering ad fraud and stopping it. No software package is 100% reliable. Things still slip through. But a good package should detect most ad fraud, making the advertiser’s job easier.
Ad fraud is a very real problem that can be perpetrated through VPNs. If you are a regular VPN user, do not assume you are immune. Bad actors could be using you and your VPN to perpetrate ad fraud.