Adex recently revealed a potential 3rd party fraud scheme at play involving one of the top European football clubs’ websites – FC Barcelona’s website.
Among the major Adex’s clients is a global ad network – PropellerAds, which employs Adex to check millions of ad campaigns being launched on their platform. The company is extremely meticulous regarding fraud prevention and brand safety.
On November 16, during routine automated campaign checks and monitoring, Adex specialists identified a suspicious link leading to the official website of Barcelona FC. This anomaly immediately alerted the anti-fraud squad and triggered the manual review process.
Upon scrupulous analysis, a mismatch of NS records in the second- and third-level domains has been spotted. The official website (root domain) is hosted on AWS (Amazon Web Services), yet the NS records of the subdomain are on Google Cloud DNS.
Based on these facts combined with further research indicating that IP addresses do not match, we can say that this iGaming page is most probably fraudulent and likely started operating around October 26.
Clearly, the ad campaign was instantly banned to prevent any possible fraud attack.
The contents of the subdomain webpage represented a huge risk not just in terms of brand safety but also of potential illegal gambling.
It is possible that the Football club didn’t notice the illegal activity due to several factors, including:
- The subdomain was not indexed by Google
- There was no traffic spike since the subdomain was hosted on a different server
Our leading anti-fraud expert adds: ‘It definitely doesn’t happen every day to expose such a fraud case. Usually, criminals mimic popular or authoritative websites by switching a letter or two in the domain name or copying the interface’s design. It’s a bold move to hijack a subdomain of a club loved by many and use their good name to deceive users.’
Adex has already notified FC Barcelona regarding the uncovered fraud and will update this article should we receive any comments.