One solution to mitigate malverising is as transparency. Each as should contain the legal contact details (company name, country) of the advertiser. It does not solve the issue fully, but consumers will surely avoid East European suspicious companies advertising. It will also make it easier for the security researchers to track down bad actors and will bring some liability to the ad platform (Google).
Facebook already does this for political ads, so it is doable.
This is why punitive damages were invented: companies who didn't want to do the right thing because of money would be made to pay even more than if they had done the right thing in the first place.
If you tried to run a fake, malware-laden website in a Western country you would eventually be shut down and prosecuted.
These scams mostly fester in nations with weaker institutions, not just Eastern Europe but also China and India. Their authorities are simply not interested in preventing this kind of unlawful activity.
Can you somehow quantify it or is it your gut feeling? Any articles out there?
I don't know if they catch small fish as in this example, it just isn't in the news. The bigger fish happens to be in the news, like shutting down international scam call center - 2 in LV, 1 in LT. Video from police cam if anyone wants to see smashing windows: https://www.vp.gov.lv/lv/jaunums/verieniga-starptautiska-ope...
We are also being educated in many places including schools, government institutions, posters, jobs etc about the risks, about how scammers work and stuff like that.
> In Russia, for example, authorities there generally will not initiate a cybercrime investigation against one of their own unless a company or individual within the country’s borders files an official complaint as a victim.
Some countries had notable levels of crime because they had the combination of smart techies with limited earning potential in their home country and governments which were either ineffectual or corrupt enough that they could make a substantial criminal income without going to jail. Similarly, the reason Nigeria was best know for phishing for years wasn’t that the people were unusually criminally-inclined but that many of their talented young people had the choice between being honest and poor or wildly rich, and unsurprising some fraction chased the easy money. Anywhere you don’t have great economic prospects for a lot of people will have this problem.
Or you simply can have a database of all websites' SSL certificates[0] and compare it to the website you are accessing or in this case, compare it to the website that buys ad placement.
Facebook already does this for political ads, so it is doable.