Today in Digital Marketing - The Terrifying Malware Targeting Meta Ad Accounts
Episode Date: January 6, 2023Millions lost, and still the Ducktail malware continues to sow chaos with online media buyers. Plus: Pinterest pins its hopes on the clean room. Twitter's latest round of layoffs affects the ad pl...atform. Online shoppers spent more in Q4... but at what cost? And the TikTok feature none of us wanted, but probably all of us need. ✅ Follow Us on Social Media✨ GO PREMIUM! ✨ ✓ Ad-free episodes ✓ Story links in show notes ✓ Deep-dive weekend editions ✓ Better audio quality ✓ Live event replays ✓ Audio chapters ✓ Earlier release time ✓ Exclusive marketing discounts ✓ and more! Check it out: todayindigital.com/premiumfeed 🤝 Join our Slack: todayindigital.com/slack📰 Get the Newsletter: Click Here (daily or weekly)Or just The Top Story each day on LinkedIn. ✉️ Contact Us: Email or Send Voicemail⚾ Pitch Us a Story: Fill in this form📈 Reach Marketers: Book Ad🗞️ Classified Ads: Book Now🙂 Share: Tweet About Us • Rate and Review------------------------------------🎒UPGRADE YOUR SKILLS• Inside Google Ads with Jyll Saskin Gales• Foxwell Slack Group and Courses Today in Digital Marketing is hosted by Tod Maffin and produced by engageQ digital on the traditional territories of the Snuneymuxw First Nation on Vancouver Island, Canada. Associate Producer: Steph Gunn. Ad Coordination: RedCircle. Production Coordinator: Sarah Guild. Theme Composer: Mark Blevis. Music rights: Source AudioSome links in these show notes may provide affiliate revenue to us. Our Sponsors:* Check out Kinsta: https://kinsta.comPrivacy & Opt-Out: https://redcircle.com/privacy
Transcript
Discussion (0)
It is Friday, January 6th. Today, millions lost, and still the ducktail malware continues to sow chaos with online media buyers.
Plus, Pinterest pins its hope on a clean room, Twitter's latest round of layoffs affects the ad platform,
online shoppers spent more in Q4, but at what cost?
And the TikTok feature none of us wanted, but probably all of us need.
I'm Todd Maffin. Here's what you missed today in digital marketing.
It is the malware that's terrifying digital marketers.
It's called DuckTale.
And with a little pinch of social engineering, it can get into your meta ad accounts and start spending millions of dollars on your company's credit card. And if you think two-factor authentication
will save you, you're wrong, because this exploit can even get past hardware keys like Ubico.
It happened to MTA Digital, a performance ad agency in Poland. Paweł Skubinski leads paid
social there. They noticed the hack when a colleague was at a workshop showing their
biggest client some of their campaign performance. He saw that something's wrong with the naming of the campaigns.
And he saw that, wait a minute, these are not our campaigns.
And then we just ended the workshop.
The hackers had gotten into their client's meta ad account,
essentially ignoring the two-factor authentication,
and started spending more than a million dollars.
It was using a browser plugin.
Some of the plugins were hacked, and they used that to get the access.
And what did the plugin's functionality purport to do?
Presumably, you didn't download a plugin for your browser called Let Us Into Your Facebook Account.
So was it like a cheap grammar plugin
or like what was it that it pretended to be on its way in?
This was just some kind of grammar plugin,
but it was some of the normal ones.
So it wasn't that suspicious.
That looked really, really normal.
But with some plugins,
they just want more access to the website than the other ones.
And for example, we now have a very strict list of plugins that we can use on the browser
that we are logged into company accounts in.
For example, TikTok Pixel Helper, we don't use it on those accounts.
Really?
Yeah, it just asks for too much. And last time I checked Twitter Pixel Helper,
it was like more than maybe two years ago.
But at that time also, it was just asking for too much.
Then they got hacked a second time.
But this time, the hackers didn't even need a browser plugin.
Skavinsky believes they were able to scrape two-factor backup codes
using an invisible web browser. This weekend, our full conversation where Pavel and his colleague
go step-by-step how they were hacked and what brands and agencies can do to protect themselves
against this very scary malware. That's coming tomorrow exclusively to the Premium Podcast feed,
which you can sign up for at todayindigital.com slash premium or tap the link in the show notes.
Pinterest is releasing some enhanced ad functionality ahead of the cookie apocalypse.
The company's partnered with the data platform LiveRamp to pilot clean rooms for select advertisers,
which will let brands combine their own first-party data and data from Pinterest for ad targeting in a third-party space
without having to reshare information with Pinterest.
The cleanroom software keeps data private and provides aggregated insight into ad performance.
Pinterest emphasized that because the neutral cleanroom environment offers privacy controls,
neither party's personally identifiable sales and campaign data
is visible to the other party. The company hopes the move will offer brands and advertisers an
alternative tracking method as we move toward a cookie-less future. Pinterest said the grocery
retailer Albertsons will be the first advertiser to test the new software, with more to follow.
Let this sink in.
While Twitter's ad revenue continues to tank,
Elon Musk has now laid off engineers working on advertising.
The information reported yesterday
that roughly 40 data scientists and engineers
who specialized in refining machine learning
to optimize ads on the platform
were let go Wednesday evening.
The cuts follow the resignation of the
company's product engineering lead earlier this week. According to a source with direct knowledge
of the layoffs, those impacted had been working on using machine learning to show Twitter users
the most relevant ads based on their interests and behavior on the platform.
They added the layoffs now leave very few engineers in this area. from major financial losses, data breaches, and natural disasters. Get customized coverage today starting at $19 per month at zensurance.com.
Be protected. Be Zen.
Despite money woes, U.S. shoppers rang up a record of nearly $212 billion
in e-commerce spending in November and December.
That's up 3.5% from last year, according to a new Adobe Analytics report released yesterday.
The report noted that price hikes and increased consumer demand fueled the spike.
The company did not factor inflation into its sales growth figures,
but said there would still be underlying consumer demand growth if it had done so.
Online toy sales saw the greatest increase compared to October 2022,
206% more, followed by video games,
then apparel and accessories.
Smartphones accounted for nearly half of online sales.
Adobe also reported record discounts this holiday season
across major e-commerce categories.
Toys, again, saw the biggest discounts with retailers,
marking down items by more than 30%,
discounts on electronics down 25%.
But even with these big discounts, more than a third of consumers took on debt to pay for their
holiday purchases. A recent survey found consumers racked up more than $1,500 in debt, up nearly a
quarter from 2021. One out of three said it will take at least five months to pay off their debt.
And the majority of respondents said they didn't plan on taking on debt.
The report also found that a quarter of shoppers had used buy now, pay later services to finance
their 2022 holiday shopping. Interestingly enough, even though the hype is pretty strong
around that sector, that's actually down from a third of consumers last year. In terms of sources
of holiday debt, BNPL platforms ranked second behind credit cards, while store credit cards
ranked third. And finally, TikTok is trying to save you from spiraling into a black hole when
you could be catching some Zeds, or as you Americans say, Zs, the platform
confirmed today that it is testing new sleep reminders that include the option to set up
alerts when it's your bedtime and to mute notifications while you sleep, which could
be a welcome update for exhausted social media managers.
There is no word yet on whether the feature will sing you to sleep with a lullaby.
The premium version of this podcast.
It's just like this one,
but with no ads,
access to deep dive weekend episodes,
story links in the show notes,
audio chapters that let you jump between stories really easily,
and a lot more.
Go to todayindigital.com slash premium or tap the link in the show notes.
Today in Digital Marketing is produced by EngageQ Digital
on the traditional territories of the Tsunamik First Nation on Vancouver Island.
Our associate producer is the intrepid Step Gun,
production coordination by Sarah Guild, podcast music licensing by Source Audio, ad coordination by Red Circle. And not
many people know this, but our theme composer, Mark Blevis, is an internationally recognized
futurist and tech industry prognosticator. His theories do seem a little out of lunch, though.
For instance, he thinks Elon Musk is exactly the right person to leave
Twitter I told him that was
nonsense but Mark said you may
be right I may be crazy
but it just may be a lunatic you're
looking for
I'm Todd Maffin have a restful weekend friends
I'll see you on Monday
I'm a lonely day.