Browser Injected Ads: How They Steal Your Customers

January 3, 2020 - Ensighten

As consumers we have all experienced pop-up ads or banners while trying to browse the internet. They might urge us to click on them to secure a great deal on a product or service or tell us that we have won a competition and we must click to claim a prize. For internet users, these ads are – at best – annoying, creating a frustrating online experience and potentially leading us to navigate away from a website.

But for website owners, these ads are far from harmless and can result in brand damage, loss of customer loyalty and revenues. With their main purpose to re-direct users from your website, not only can they derail your customer’s plans to purchase from you, they might end up sending them to a competing site.

The problem of unsanctioned ads that hijack the customer experience is becoming more prevalent. It has been suggested that between 15-25 percent of all user web sessions are being commandeered or affected in some way – resulting in millions of dollars in lost revenue for online businesses.


What is a browser injected ad?

The typical internet user has a host of browser extensions and web apps they use regularly, and while these can improve the functionality and online user experience, they can also be the source of unwanted ads. These usually free apps and extensions can be bundled with software that, once downloaded, ‘injects’ the unsanctioned ads into users’ web browsers on the client side, changing the way they view your website.

Browser injected ads might feature:

  • Competitor ads – promoting the same product you are offering or a comparable version of it with a view to lure the shopper away from your website
  • Price comparisons – everyone loves a bargain and offering a cheaper version of your product or service is a quick way to get the customer’s attention
  • Pop-ups – the “most resented” type of ad by consumers, pop-ups are a sure-fire way to ruin your customer’s browsing experience
  • Video ads – both video ads and adware-based cryptocurrency mining software can significantly affect website performance – with 90 percent of consumers having left an ecommerce site because it did not load in the time expected


Worse, the ads can feature adult content which can damage your brand and your long-term relationship with customers.


Real-world examples

In 2018, Amazon was targeted by a “sophisticated and widespread” scheme to deceive consumers into interacting with malicious ads and websites. The hackers took advantage of the online giant’s brand recognition to push ads and pop-up messages to consumers who believed them to be genuine.

Elsewhere, cloud security firm Netskope recently detected ads being injected into web traffic of multiple users. The source of the ad injections is a JavaScript ad injector commonly known as Lnkr, which has previously been found in browser plugins, standalone Windows adware applications, rootkits, Android packages and even directly included on some websites. The most common active distribution vector is browser extensions that inject ads into all the user’s web traffic, and the campaign is still ongoing, warns the company.

The problem is that as the malware is injected on the client side – meaning the website owner often has no visibility over the fact that visitors are having their browsing experience ruined until it’s too late and they have lost valuable conversions.


How does ad injection impact customers?

The customer experience is one of the most valued aspects on digital transactions. 78 percent of retailers say a good experience is the biggest driver of loyalty today, but 69 percent say they need to work harder than ever to keep customers coming back. As a business, you simply cannot afford to provide a sub-par experience to your website users.

“People are far less tolerant of problems with digital services than they were two years ago, and they’ are now far more likely to take decisive action – deleting applications, turning to the competition and sharing their negative experiences far and wide,” notes The App Attention Index 2019.

With the ads injected on the client side, traditional server-side security solutions lack visibility or control over the problem.

Through the Ensighten solution, you can see which unauthorized ads and third parties are running on your website and block unauthorized advertising injected into visitor sessions, to stop your customers from being diverted to other websites.

Ad injection is a growing issue for ecommerce websites. Without full visibility over what’s happening on your website, your online revenue and customers’ online experience will be greatly impacted. Ensure that your organization does not fall victim to the damaging impact of ad injection – download our guide to ad injection prevention or contact us to see how you can secure your website.




Founded in 2009, Ensighten is the global cybersecurity leader providing client-side protection against data loss, ad injection, and intrusion while enhancing website performance.

Learn more about Ensighten and our solution

Ad injection guide

Learn more about malvertising and how you can protect your website to ensure you are not losing revenue to cybercriminals

Read Now

Journey hijacking blog

Learn about customer journey hijacking and how to protect your brand and your customers from injected ads

Read Now

Online demo

See the Ensighten solution in action to learn how we can help protect your website against malvertising

Book Now