Old media and new media may do battle in the quest for consumer eyeballs but they increasingly have a common foe: malicious ad buyers.
Last month, the New York Times fell victim to a sophisticated scam in which a scammer was able to buy ad inventory directly from the news giant posing as a past buyer of ads on behalf of VoIP company Vonage. The Times had to scramble to locate the malicious ad when legitimate-looking ads were swapped for malware-serving ads.
While it was easy to criticize the Times for being a little less cautious than it probably should have been, the Times is hardly alone. The latest victim of a similar scam: gossip blog Gawker. According to Gawker, via Business Insider, Gawker was recently approached by a person claiming to be an ad buyer from Spark Communications, a holding of media giant Starcom MediaVest Group. He wanted to purchase ads on Gawker for a Suzuki ad campaign.
Gawker has let Business Insider post the email exchange and it's quite insightful. The fake ad buyer, who went by the name 'George Delarosa', had the ad buyer lingo and process down. While that in and of itself isn't necessarily impressive (there's plenty of info online), anyone who is used to poorly-written phishing schemes with misspellings and poor grammar might be surprised that there are scammers who can draft an email. And, unlike the scammers most of us are used to, "these guys were happy to jump on the phone to get ads back up and running".
Of course, there were little hints that piled up throughout the exchange. Spark no longer had the Suzuki account, apparently. And Delarosa's email came from a domain clearly designed to resemble that of Spark Communications, but which was only registered in September through a Chinese domain registrar and with non-Spark contact information. A quick check of WHOIS would have gone a long way.
Given this, it's possible to argue that Gawker's ad person should have been a little more suspicious. But let's be fair: it's pretty clear that whoever was behind this was willing to go to great lengths to make themselves look legitimate. And when someone is willing to sign on the dotted line for a five-figure ad buy, the BS detector is liable to be turned off.
Unfortunately, sophisticated scams complete with impersonation are clearly now part of the online ad buying landscape. As such, publishers will have to throw their assumptions about what scammers look like out the window and start vetting everyone and everything. Nothing less than the safety of their audiences is on the line.