How scammers use ads to target you on trusted websites

Which? research reveals how dodgy ads thrive on online news sites and apps
Tali RamseySenior Writer

Tali writes about scams and consumer rights for Which? delving into fraud, technology and consumer rights topics to keep readers safe and empowered.

Free news sites and apps are almost entirely funded by advertising, but this system is largely automated using AI and algorithms, enabling fraudsters to exploit it.

The online advertising ecosystem involves multiple advertising agencies alongside computer systems that both buy and sell advertising space, sometimes in real time.

These ads land on the pages of popular news websites, with the sites being unable to control the ads which appear on their pages.

Due to the convoluted chain involved in the delivery of an advert, it’s easy for participants to pass on the responsibility to one another to check that adverts are legitimate, all while readers are misled into following malicious adverts they've found while browsing their daily news.

A Which? investigation into this world uncovered several suspicious adverts, ranging from outright scams to misleading products and AI-generated deepfake videos.

Here, we explain what we found and what is being done about these dodgy ads. 

Outsmart the fraudsters

free newsletter

Sign up for our free Scam Alerts service.

Our Scam Alerts newsletter delivers scams-related content, along with other information about Which? Group products and services. We won't keep sending you the newsletter if you don't want it – unsubscribe whenever you want. Your data will be processed in accordance with our privacy notice.

Diabetes quack cure

A scam deepfake video impersonating ITV News and Sir Richard Branson to promote a dodgy diabetes product
A scam deepfake video impersonating ITV News and Sir Richard Branson to promote a dodgy diabetes product

On the Google News app, we found a shocking advert for a product which promised a ‘ritual’ to lower high blood sugar. It linked through to a website with a deepfake video impersonating Dr Hillary and Sir Richard Branson in a fake ITV News interview.

It was spiralled into ludicrous claims: the diabetes treatment Metformin kills people, current diabetes medical information is a lie, and the condition is caused by a lack of potassium in your body.

All of these claims set the scene for fraudsters to peddle a dodgy 'diabetes' product by following another link.

key information

'The advert led to a malware attack'

In one case, we found a malicious advert for an eye test lurking on the Daily Mail website. One simple click led to a website asking to allow notifications in the same way that any other cookie pop-up message might appear. 

After pressing ‘allow,’ a series of pop-ups appeared. They claimed to be from the antivirus companies, McAfee and Norton.

‘Your browser suspended! ‘Malware attack' and ‘You have visited an unsafe site with illegal content’ emblazoned the computer screen.

McAfee and Norton confirmed that these pop-ups were fake and the device Which? used in this investigation had to be wiped due to the constant onslaught of pop-ups produced by this type of malware.

Sham investment schemes

A scam website impersonating the BBC and Martin Lewis to peddle an investment scam
A scam website impersonating the BBC and Martin Lewis to peddle an investment scam

On Yahoo’s website, an ambiguously titled advert led to a fake BBC news website impersonating Martin Lewis to promote a suspicious investment platform.

A fake article labelled: ‘Martin Lewis is being sued by the Bank of England after comments he made on live broadcast’ then told the elaborate and entirely fake tale of Martin being criticised for promoting a crypto-trading platform that the public ‘needs to know about’. 

The fake BBC site led to a crypto trading platform asking for your personal information, which would most likely lead to you being bombarded by calls and emails trying to get you to invest.

So what did the news sites and ad platforms say?

Yahoo told us that it leaves advertiser checks to its advertising partner Taboola, but it has partnered with companies that detect and block malicious or misleading ads in real time. It investigated and removed the ad we flagged to it.

The Daily Mail explained that suspicious advertising that circumvents the systems it has in place to prevent malicious activity are removed.

Google told us that it executes its ‘misrepresentation policy,’ which forbids advertisers from running ads that mislead users, as well as those impersonating public figures.

As for the advertising platforms, Taboola, a content platform that matches advertisers with news publishers, unknowingly placed the investment and diabetes scam ads. It told us that it investigated and removed the adverts and said that it requires other advertisers it works with to adhere to its policy, which prohibits fraudulent content.

Outbrain works like Taboola and placed the malicious eye test advert that we found. It didn't respond to our requests for comment.

Listen to the Which? Podcast: Erica McKoy is joined by Tali Ramsey to discuss the dodgy ads appearing on trusted new websites. 

What is being done about these adverts?

The Online Safety Act (OSA), which makes Big Tech platforms, such as social media companies, responsible for banning harmful and fraudulent content on their platforms is a big step forward for internet safety. Which? campaigned heavily to ensure that scam ads got into the OSA, but despite this Act becoming law in 2023, it is not the silver bullet. 

We most likely won’t see the rules around scam adverts come into force until late 2027 at the earliest. On top of that, the Act is focused on adverts on the largest social media platforms and search engines and doesn’t cover scam adverts on news sites and apps.

The OSA also doesn’t cover breaches of unfair commercial practices legislation, which ban misleading sales tactics such as products not being as advertised, something that some of the ads we found may have been guilty of.

While news sites and apps can’t control what adverts appear on their platforms, they are the final part of the labyrinth, so if they find lots of suspicious adverts on their site, reporting them should be a natural response. It’s also plausible that if fraudsters can’t use social media platforms to promote scams in the future, they’ll seek other avenues, and we could see more malicious content on news sites and apps.

Which? wants the government to commit to a regulatory solution for the open display advertising market, to stop scams like the ones we’ve found from appearing on popular news websites and to prevent even more people from suffering the devastating consequences of fraud in its upcoming fraud strategy.

key information

6 signs of a scam advert

  1. Investments that sound too good to be true
  2. Sensationalised claims – especially health cures or outlandish hacks.
  3. Poor spelling and grammar.
  4. Pressure tactics – are you being asked to act fast?
  5. Celebrities promoting products or investments – always double-check endorsements.
  6. Blurred branding and logos – a genuine advert should have better quality images. 

You can report a scam advert to the Advertising Standards Authority (ASA) on its website. Dodgy websites can be reported to the National Cyber Security Centre.

If you lose any money to a scam, call your bank immediately using the number on the back of your bank card and report it to Report Fraud (formerly known as Action Fraud) or call the police on 101 if you’re in Scotland.

This investigation appears in the February 2026 issue of Which? Magazine

More on this