Skip to content
Naked Security Naked Security

Ad fraud: Fake local news sites are rolling in the dough

"" Names like that sound close enough to real news domains to pass, but bots are the only ones visiting.

Amazing – local media outlets are giving off death rattles if they’re not already dead and buried, but a newly launched “news” site for the teensy Texas town of Laredo has seen its traffic shoot through the roof: from 200K page views in August 2019 to 3.7m visits a mere three months later.

What’s the secret sauce for, created in June 2019?

According to Social Puncher, a firm that’s analyzed what it concludes is a series of sham news sites, the Laredo Tribune site is running on the fumes of pure ad fraud.

The fakery is funded by advertisers who are unwittingly paying fraudsters who pump up the page views on small “news” sites to eye-watering levels. They’re doing so by buying fake traffic from bots: evidenced by anomalies such as nearly all the traffic coming from mobile devices. That’s atypical, unless a site is specifically targeted at a mobile audience.

Other red flags include the fact that the average number of pages visited and the time that the “users” spent on the site were sky-high, particularly for mobile users, and that most visits came from outside the site’s target geography.

Social Puncher’s Vlad Shevtsov, director of investigations, estimates that each of these fake news sites – which have astonishingly high traffic rates but mysteriously blink out of existence after only a short time – makes at least $100,000 (£77,450) a month.

But real news costs money to make. Writing it requires humans. Why go to all that trouble, when you can just rip off evergreen articles that are years old and post them to sites with gazillions of pages that aren’t even shown to real, live humans? From the first in a series of reports titled The fake traffic schemes that are still rotting the Internet:

The annual losses from ad fraud are estimated at billions, and even tens of billions of dollars. There are thousands, and even tens of thousands of fake sites that just simulate real media to deceive advertisers. But almost no one wonders what such sites should look like.

Cardboard cutouts posing as real news sites

How do we know that the Laredo Tribune site is bogus? Or, for that matter, the other sites that Social Puncher analyzed, all of which have newsy-sounding names:,, and

A casual audit of The City of Edmonton News site will show that it’s riddled with broken functions and utter neglect. For example, the articles are old, but they don’t display dates, so their age isn’t readily apparent. The About page has language about its focus on local news, but it lacks names or other details about who the editor or journalists are who supposedly create the content. Nor does it have an editorial address or any information about the owners.

The drop-down lists don’t provide links to actual categories. None of the buttons on the main page link to the social media accounts they’re supposed to go to; rather, they just link back to the same page.

If the site were run by a bona fide media outlet, those types of errors would have been fixed on the first day that it went live. But the site, made on a $59 WordPress template by Romanian developers, languishes.

Well, at least, the portion of the site that gives off a pro forma, faint aroma of legitimate small-town news languishes. But beyond that main page is the real meat, the place where the ads get picked up by fake visitors. When Social Punch dug deeper into the Edmonton site, for example, the firm found that the domain has a whole section of articles – one that’s much larger than the main part of the site – that aren’t related to Edmonton at all.

It found 667 articles – that’s more than 20 times more than what’s available on the main part of the site – by one author, a “Ryan Frost.” They’re all “Celebrities: then and now” blurbs. Yet when you click on one, you’ll find that the author for all of the blurbs is somebody called “Lexi Schwartz” – somebody without an author page.

It turns out that there is a section of content that cannot be accessed from the main page or main categories. But it has the vast majority of users visits.

And it’s where there are tons of ads to rack in ad revenues. Social Punch calls this a classic trick of ad fraudsters. They’ll put up a front page to simulate a legitimate news site: one that will fool a casual visitor. Meanwhile, all of the purchased traffic flows through a back door to get to the “shadow” part of the domain, with junk content that hosts dozens of banner ads for legitimate brands.

How do you detect news that’s not exactly “fake?”

Restaurant reviews are evergreen: nobody’s going to question the legitimacy of a site that has one on the front page. It’s not content that changes day to day, as would news about, say, Brexit or the US’s impeachment proceedings.

The problem, according to Social Puncher, is that there are currently no algorithms to automatically compare a site’s domain name, its stated goal, whether its audience is actually local (as opposed to flowing from another country, which doesn’t make sense for a purportedly local news site), and what its real content is about.

There are no tools that analyze the site map and internal links for verification. Therefore, it is impossible to identify sites with a shadow content using modern tech algorithms. Such sites, despite the long history of their use, are not considered by the ad industry as a real threat to digital ad budgets.

Paying fraudsters

Shevtsov told the BBC that Google, and the ad industry in general, are “ignoring obvious evidence – that they pay fraudsters.”

When the BBC contacted Google about the Laredo Tribune, the company said that it had no problems with the site’s traffic; nor does it breach its advertising rules.

That means the checks will keep coming, Shevtsov said, month after month after fraudulent month. Dr. Augustine Fou, a digital advertising expert based in New York who spoke with the BBC, said that this is in spite of the ad industry knowing about this kind of fraud for years.

I get why this is really hard for a platform like Google to police. There are hundreds of thousands of apps and millions of sites that use its advertising technology to make money.

But after years and years of knowing about abuses, they ought to be doing something more proactively, not just taking action after third parties do all the work for them.


Yet another weep-for-the-future moment. Articles like these† highlight the increasing†† population quotient willing to injure fellow humans for gain–and work very hard to avoid real work. They leave me wondering how soon the number of us earning honest livings will dwindle to zero.

† Lisa, et al: they are informative; don’t mistake my lament for a plea to stop producing them.
†† It’s concedingly plausible the Internet only increases visibility of this phenomenon, and the rotten outlier has always existed–and always will.


PS: A security blog’s likelihood to be a routine source of uplifting content isn’t lost on me.
Comedic sources are essential for maintenance-of-sanity purposes.


We do try to write some “this is cool” stories from time to time, such as:


Or (another Pi story):


Google ignores the problem simply because it benefits from it. Google is like investment firms; they make money whether stock prices go up or down. If there’s any loss, it’s their clients’.


Leave a Reply

Your email address will not be published. Required fields are marked *

Subscribe to get the latest updates in your inbox.
Which categories are you interested in?
You’re now subscribed!