By now, all of us have been affected by COVID-19 through stay-at-home orders, business closures and cancelled events. This year, I wasn’t able to visit Prague over spring break like I had hoped to thanks to the shutdowns. Fortunately, the extra free-time allowed me to continue my work studying malicious ads across the Internet — and it’s a good thing I did.

This time around, I had my eyes peeled for something specific: advertisers have already been caught peddling fake coronavirus “cures” across Instagram and Facebook, alongside storefronts that offer commodities like face masks or hand sanitizer at a grossly marked up price. In many cases, users who click-through and pay up will receive nothing in return.

Facebook/Instagram have responded appropriately by banning these scammers and screening for ads that might be related to COVID-19. Unfortunately, other media outlets aren’t doing the same thing, and fake ads are spreading across major news sites that receive millions of visitors every month.

In this article, I’ll share some of the things I found, beginning with Disney’s ESPN.com. But first, let’s talk methods.

How I Scan for Scams

In a previous article, I explained how I scan for malicious ads using a combination of the Pyshark packet scanner and other open source tools. In this case — since I was looking for malicious source destinations instead of malicious code running in the user’s browser — I had to slightly alter my strategy.

Using HTTRACK and Wget, I wrote a crawler to compile a list of malicious URLs from trust rating authorities like Scamdoc. This data is used to scrape tags, links and keywords from the web sessions scanned by Pyshark. In the end, I am alerted to the most suspicious incidents, and attempt to replicate them. If I can do so, that is when I know I have something legitimate.

Scam Time at ESPN.com

ESPN.com — a major online destination for sports fans — is owned by Disney, and both companies use the same AdTech running on top of Google’s Ad Manager, which has been found to serve fraudulent ads in the past.

When I scanned the site, it wasn’t too long before I found something undoubtedly malicious. The following ad purports to offer medical gloves and hand sanitizer:

Clicking on the link will lead users to a domain advertising a number of sanitation commodities at a marked-up price:

#digital-advertising #fraud #malware #covid19 #information-security