What Are Ad Injections?
Ad injections are unauthorized advertisements that are injected into web pages with the intention to get users to click on them. Users who click the ads are usually redirected to other sites before eventually reaching their target page. Ad injections can come from several sources such as ad networks and browser extensions. Most extensions are available for free because their developer’s intent is to monetize them when a user clicks on ads injected by the extension. Injected ads are frequently smart in that they seek out existing, legitimate ad space on a webpage and replace or overlay the original ad. However, some injected ads simply rearrange the UI of the page and force their way onto the page.
Ad Injections Are a Growing Threat for E-Commerce
Ad injections have been a challenge for website owners since the late 2000s, and even Google has been unable to control their widespread growth. Up to 20% of your website users could be infected by unwanted extensions, ad injections and malware that alter their path to purchase. In recent years, ad injection companies have started ad networks to cash in on unsuspecting users who click on deceptive ads. This can create a vicious cycle with users unknowingly installing more malware and adware that will inject even more ads. And, the injections are growing in sophistication, with triggers that inject ads only on specific websites or only when a user performs a specific operation. User clicks generate big money, so the ad injection problem is unlikely to subside anytime soon.
How Companies Are Fighting Ad Injections
Because ad injections are only seen by the infected visitor, not by the site owner, combating them is difficult. There are some websites that attempt to limit the impact of injected ads using Content Security Policies (CSP). But the effectiveness of this is limited since CSPs are a moving target and require constant updating and monitoring.