PropellerAds Ads Safety Report 2025
Year after year, we continue to strengthen our multi-layered security system to protect advertisers, traffic suppliers, and end users from ad fraud. At the same time, fraud schemes are becoming more sophisticated, infrastructure-heavy, and harder to detect at a glance.
2025 clearly showed that ad fraud is no longer about simple tricks or single-step deception. From advanced cloaking setups to malware distribution chains and social-engineering attacks targeting messenger accounts, the threat landscape is evolving – and so are our defenses.
As part of our commitment to transparency, we’re sharing key insights from our Policy and Security teams, including:
- Key reasons for campaign rejection or blocking, identified during moderation
- Confirmed suspension reasons
- Emerging fraud trends
- How do we strengthen protection across the platform
- And what advertisers can do to stay compliant from day one
Rejected or Blocked Campaigns: Key Reasons in 2025
In 2025, we applied over 729,794 rejections across ad campaigns for various policy violations.
Rejected campaigns were identified and stopped during the moderation stage, so they did not go live. These checks are designed to prevent policy violations and potential risks before any traffic delivery occurs. For minor inconsistencies, advertisers are informed of identified issues and may update their campaigns to comply with platform requirements.
Below is a breakdown of the key ad campaign rejection reasons identified during moderation in 2025 (please note that the table below reflects the number of rejections, not rejected campaigns, meaning that one campaign could be rejected multiple times):
The majority of rejections are related to content compliance and user safety requirements, with adult content and malware-related signals accounting for the largest combined share. Early detection at the moderation stage helps protect advertisers, publishers, and end users while maintaining a stable and predictable advertising environment.
Overall, the number of campaign rejections in 2025 increased by 35% compared to 2024, reflecting enhanced moderation coverage and expanded preventive controls.
Please mind that the figures above represent preventive moderation actions and should be viewed in the context of overall platform traffic volume.
Suspended Advertisers: Confirmed Fraud Cases
Account suspensions are applied only for confirmed, high-risk, or repeated violations identified through early-stage moderation and security review processes, using a combination of automated systems and expert review.
Here’s how the suspended advertisers were distributed by reason:
As we can see from the numbers, cloaking remains a key high-risk violation category addressed by our security systems, but its nature has changed significantly (read more in the following section).
Cloaking is the practice of showing different content to moderation systems and to end users, typically to obscure the true nature of a campaign.
Also, cloaking is not unique to our platform; it’s a known market-wide technique discussed in ad quality/security reporting. Independent industry research supports the observation that deceptive techniques such as cloaking and other ad security threats are prevalent across the digital advertising landscape. Reports from industry specialists like Confiant, which publishes the Malvertising & Ad Quality (MAQ) Index based on hundreds of billions of monitored impressions, highlight the persistence of ad quality and security issues – including evolving threat patterns that leverage cloaking to evade detection. This broader context underscores that such techniques are not unique to any single platform but are recognized ecosystem-wide.
Image source: https://www.confiant.com
GEOs Most Vulnerable to Fraud
When it comes to GEOs, according to our observations, Tier-1 regions (countries with high purchasing power and economic development) continue to attract higher-risk malicious activity, reflecting their broader appeal across the digital advertising ecosystem.
In 2025, we observed activity originating from Turkey (TR), including cloaking-based attempts targeting Spain as well as Turkey itself, primarily involving malware-related scenarios. Spanish-speaking regions also became a focus for certain fraud schemes.
From a technical perspective, the majority of detected attempts targeted Windows and Android users, accounting for approximately 80% of identified attack vectors.
Year-over-Year Dynamics: How Fraud Patterns Evolved
To provide additional context, we compared moderation and security data from previous annual reports with 2025 observations.
For consistency, year-over-year comparisons below focus on relative distribution trends, helping illustrate how fraud patterns and moderation priorities have evolved over time.
Suspended Advertisers: Dynamics by Type (2022 – 2025)
From 2022 to 2024, cloaking consistently accounted for approximately 45% of suspended advertisers, alongside multiaccounting as a major secondary factor.
While cloaking itself is not inherently malicious, the use of cloaking techniques violates the principle of transparency that underpins a trusted advertising ecosystem. By obscuring the real product, destination, or user flow, such tools make it possible to alter campaign content after moderation or conceal prohibited scenarios.
For this reason, campaigns employing cloaking mechanisms are treated as high-risk violations, as they prevent effective verification of advertiser intent, product integrity, and compliance with KYC and policy requirements.
In 2025, the structure of suspensions became more concentrated. Cloaking accounted for over 80% of confirmed suspensions, reflecting a shift toward fewer but more complex and higher-risk violation types.
This change does not indicate increased exposure, but rather more precise identification and classification of infrastructure-heavy cloaking schemes, which often combine multiple violation signals into a single enforcement outcome.
Other suspension reasons – including ransomware schemes, failed identity verification, and scam-related setups – formed a smaller but persistent portion of confirmed violations, reinforcing the need for layered, long-term enforcement strategies.
Restricted Campaigns: Dynamics by Reason
In earlier reports (2022-2024), restricted campaigns were predominantly driven by content-related issues, with adult content consistently accounting for a significant share of rejections.
In 2025, restriction dynamics reflected a continued dominance of content-related violations, alongside a growing share of infrastructure and security-related signals. At the same time, infrastructure and security-related signals gained greater prominence, with malware alerts representing 26% of rejections, highlighting the growing role of technical validation alongside ad campaign content moderation.
From a moderation perspective, content validation is leading, but deeper technical and infrastructural verification is also significant. As detection capabilities expand, campaigns are increasingly evaluated not only for what they display, but for how they are delivered, hosted, and maintained throughout their lifecycle. This allows earlier identification of higher-risk scenarios and strengthens preventive protection across the platform.
GEOs: Year-over-Year Patterns
A year-over-year comparison shows that GEOs with higher traffic volumes and advertiser demand are consistently observed in fraud-related cases. Turkey and India were present across multiple reporting periods, while other GEOs shifted depending on market dynamics and regional activity.
These observations align with broader industry patterns, where regions with large and active online audiences naturally attract increased attention from both legitimate advertisers and malicious actors, due to their market scale, digital adoption, and engagement levels.
Across multiple years, the structure of detected violations remained largely consistent, while detection depth, coverage, and preventive capabilities expanded. This allowed earlier identification of high-risk patterns and more effective containment at pre-launch stages.
Fraud Trends We Observed in 2025
Fraud tactics continue to evolve alongside advertising technologies, affecting the digital ecosystem as a whole. In 2025, our Policy and Security teams focused on identifying emerging patterns and higher-risk schemes at early stages, allowing us to adapt detection methods and strengthen preventive controls.
The observations below reflect attempted and detected violations identified through moderation and security processes and addressed before campaigns reached traffic delivery stages. They highlight areas where continuous monitoring and infrastructure-level analysis are essential to maintaining platform integrity and advertiser trust.
1. Cloaking Became Infrastructure-Heavy
So, as we already said, in 2025, cloaking attempts became less primitive and far more complex. Instead of simple redirects or basic filtering, fraudsters now rely on:
- Multi-layer traffic routing
- Conditional content delivery
- Distributed infrastructure
Importantly, cloakers are not limited to specific ad formats – they attempt to exploit all available formats. That’s why our anti-cloaking tools operate across the entire traffic volume, not selectively.
2. Malvertising via Direct File Distribution
Another notable pattern identified in 2025 was the attempts to spread malicious files through ad campaigns. These are no longer classic redirect-based attacks. Instead, users may receive:
- Infected files directly
- or Via multi-step interaction scenarios
We analyzed one such case in detail in this study.
3. Messenger Account Hijacking (Telegram and WhatsApp)
Another notable high-risk pattern involved attempts to compromise messenger accounts. We identified attempted campaign setups involving:
- Phishing landing pages
- Fake login forms
- Mobile-first social engineering scenarios
These schemes are especially dangerous because they target personal communication channels and rely heavily on user trust.
If you want to learn more, read our case study that illustrates how we prevent such attacks.
4. Compromised Infrastructure and Hijacked Domains
A particularly dangerous trend is hosting landing pages on hacked or abandoned infrastructure, including:
- Expired or forgotten domains
- Servers of legitimate companies, unaware of the breach
Addressing such scenarios requires deep infrastructure and behavioral analysis beyond surface-level URL validation.
AI, Automation, and Anti-Fraud: How We Use It
Yes, AI plays a role in our fraud prevention techniques, but it’s not a silver bullet.
All detection tools used by our Policy and Security teams are internally developed systems. Machine learning and AI models act as supporting instruments, strengthening expert analysis rather than replacing it. In practice, AI helps us:
- Detect behavioral anomalies
- Analyze interaction patterns at scale
- Prioritize high-risk signals faster
At the same time, systemic analysis, infrastructure checks, and human expertise remain central to fraud prevention.
How AI Is Used in Fraud Attempts
While AI is not primarily used to create fundamentally new cloaking mechanisms, we do observe its application in supporting fraudulent operations. In particular, AI tools are used to:
- Generate fake or manipulated documents for identity verification attempts
- Adapt creative assets and advertising texts to specific regions and languages
- Imitate the branding and positioning of popular AI products and models, leveraging public interest and trust surrounding AI technologies
Examples include campaigns attempting to promote offers under the guise of well-known AI tools or models brands. Such campaigns do not pass moderation and are blocked at early stages.
Fraud Prevention Is About Both: Savings and Risk Management
When we talk about fraud prevention, we’re not only protecting advertising budgets. This is fundamentally about risk management, including legal risks, reputational damage, infrastructure abuse, risks for publishers, as well as risks for end users.
Our goal is to reduce these risks across the ecosystem, ensuring long-term platform stability and advertiser trust.
Pre-Launch Compliance Checklist
Before launching a campaign, we strongly recommend following this basic compliance hygiene:
1. Review Terms and Policies
Before launch, thoroughly review the platform’s ad content requirements, verify that your ads comply with all format, vertical, and GEO restrictions, and clearly understand and accept responsibility for any violations, including unintentional ones.
2. Know Your Product End-to-End
Advertisers must clearly understand what they are promoting, review the complete user journey, and identify any potential risks for the end user.
The fewer unknowns that remain, the lower the risk.
3. Maintain Clean Domains and Infrastructure
Another important recommendation from our Policy and Security team is to monitor domain reputation. Make sure you avoid abandoned or questionable hosting and always respond promptly to antivirus or browser alerts.
4. Do Not Use Cloaking or Cheating Techniques
Any form of cloaking or deceptive practices is considered a high-risk violation and once identified typically leads to permanent suspensions.
Final Thoughts
Fraud prevention is not a one-time effort. It’s a continuous, evolving process that requires strong technology, expert analysis, and shared responsibility.
At PropellerAds, we remain committed to transparency, platform safety, and protecting everyone involved in the advertising ecosystem. If you encounter suspicious activity or have questions related to compliance or fraud, please contact us at: contact.us@propellerads.com.
Trends
View more posts