Stop Chasing Malware and Redirects With The Help of Clean io
About Matt Gillis
Matt has over 20+ years of mobile, media, and technology expertise with a history of the building and operating companies from startup to scaled global market leader delivering $1B+ in annual revenues. Strong ability to create relationships, lead people and construct high-performing teams regardless of geographic location through tremendous change with a track record of exceptional results.
Most recently, I served as SVP, Publisher Platforms of Oath, where I led the team responsible for our global publisher-facing programmatic and monetization tools and services – a business that delivered over a billion dollars in annual revenue. In this role, I was responsible for leading and integrating a team of 200 people globally consisting of the legacy AOL and Yahoo teams responsible for publisher success with our products.
A mobile industry veteran my entire career, I joined Oath via the AOL acquisition of Millennial Media where I served as President of the Company’s Platform business. I was also a key member of the Millennial Media leadership team that took the Millennial Media public on the NYSE in 2012. Millennial Media was acquired by AOL (a Verizon company) in October 2015 for $250 million.
Jonathan Denwood: Welcome back folks to the WP tonic interview show it’s episode 583 yes 583. and we really got a special guest with us who did some outreach to the, seems a really cool guy from Canada. What more could we asked for listeners and viewers its Matt Gillis, CEO of clean IO. I just love the URL. I’ve got Mr. clean on the show what more can we ask for and we’re going to be talking about all things, marketing automation with an emphasis on E-commerce and Matt is a bit of an expert on that. So Matt do you think you can just give us a quick 20-second intro?
Jonathan Denwood: Wow, seems great. And I’ve got my great co-host, Steven. Steven, would you like to quickly introduce yourself?
Steven Sauder: Yeah. Steven Sauder from zip fish.io we make Word Press fast, by optimizing the code and the servers that run the code.
Jonathan Denwood: And before we go into the main part of the interview, I want to talk about our main sponsor and it’s Normally I would say Kinsta we’ve got a new main sponsor, listeners, and viewers, and it’s cast us, what do they do? Well, they host podcasts and they’re hosting this actual podcast, the WP-Tonic show, and they host all the files. So if you’re into podcasting, you’re looking to start a podcast and I would strongly advise you to look at that it is a hard road to go down, but if you can keep at it it’s a very productive road to go down. So they provide the platform to store all your files on plus a host of other services that will help you in your podcasting journey. I’ve been using it for the past month. It’s a fantastic interface. The crew is really, really helpful. They got Matt Amadeus working for them as their marketing director. What more can you ask? I suggest that you go over to them. Have a look at podcasting sign up very affordable.
So Matt, you know, obviously it’s security, but one of the talking points that you highlighted that you’d like to discuss is market automization around e-commerce as well. So where do we stand? Where do you think a lot of people- let’s start off with this question? Where do you think people make mistakes with marketing automation when it comes to E-commerce? Is there any kind of one or two big mistakes that a lot of people do on their marketing automation journey?
Matt Gillis: Well maybe I can start and give you a little, like take a step back and tell you kind of what we do and how it fits into that narrative because I think that will make sense. so as I said, you know, we cut our teeth kind of-
Jonathan Denwood: Oh Please guide me, Matt I need a lot of guidance.
Matt Gillis: Well, you know, maybe you’re familiar with, if you’ve ever been surfing on a website, maybe on your mobile phone and you’re scrolling up and down and all of a sudden it redirects you to a page and it says, congratulations, Jonathan, you won an Amazon gift card or spin the wheel for your chance to win this. Or your phone has 35 viruses click here. That’s called malvertising. that’s where we started in delivering services and solutions for publishers, to protect them from malvertising, effectively what malvertising is, is’s a bad actor who is buying ads on websites and taking over the user experience. And so we’ve been doing that for a couple of years. We’ve got some of the biggest sites on the planet about 8 million sites use our technology each month.
What we started to notice was that there were a whole bunch of these things called client site injections software that is on a computer that is, you know, waking up and causing havoc on a website. And when we started digging in deeper, we actually noticed there was this phenomenon happening in the e-commerce world. So like our pedigree has been in the advertising technology and the publisher world, but we noticed this phenomenon in the e-commerce world, where there were a whole bunch of these client site injections, destroying revenue, destroying user experiences, kind of taking over sites.
And the main culprit was this thing called honey. If you’ve heard of honey, honey is a browser extension it’s owned by PayPal now PayPal bought them for four and a half billion dollars with a B. and there’s a whole bunch of them. Like honey is not the only one there’s capital one shopping you may have seen or heard of capital one, shopping. Users, download these extensions to put them on their machines. And what these things do is that when, if you’re running an e-commerce store, when your users get to check out, one of these things will pop up and say, you know, Hey Steven, we got coupons for you. Would you like us to try them? Steven likes discounts, Steven is, price sensitive. Steven wants everything for free. So Steven says, okay, and guess what?
Jonathan Denwood: You know him so well.
Matt Gillis: I do Steven and I go way back. but here’s the deal this thing pops up and starts saying inputting coupon1 inputting coupon 2 inputting coupon 3, and then it will resolve to pay to say, Hey, congratulations, Steven, we just saved you 40 bucks on your order by inputting the code, you know, military 40 at checkout, which was intended obviously for someone in the military. it’s terrible the user experience, you know, users love discounts but guess what if you’re a merchant, the first thing we say is you own your store. You should be able to control the code that’s executing on your store and guess what they don’t have that control honey and wake by, and all these other ones can actually just inject in and take over the user experience. So that’s what we do.
We have a product called clean cart for e-commerce and we give merchants protection to be able to own and control all of the code that executes on their website so that they actually can control their selling prices, their discounts, their user experience. And we think, again, you own your store you should be able to control everything about it. If you owned bricks and mortar store, you wouldn’t let someone come and walk into your store and stand beside your cash register and every time one of your consumers walked up to the cash register, they would just, you know, hand them coupons and say, Hey, do you want 20% off? Do you want 30% off? It would destroy the bricks-and-mortar retailer, by the way, bricks and mortar has been destroyed.
Now we’re trying to actually help, you know be that full stop for merchants to help them basically get control. And so I think one of your questions was like, you know, like marketing and optimization and all this sort of stuff. And you know, what are the mistakes we see? I actually think there’s a lack of knowledge of what’s actually happening in your store. There’s a lack of knowledge and attribution back to like who is really driving incremental sales, you know, and specifically, if you think about honey, what honey does, is it piles on the biggest coupon it can find.
Well, let’s just say you’re a merchant that was using podcasts and you had a code on podcasts. Well, if that was the biggest discount that, that honey can find it’s now going to actually give you, you know, garbage in garbage out data that shows you that, hey, that podcast was really successful at driving sales when it truly wasn’t, it was just an extension that actually picked up a coupon. So I can go on and on and on, but that’s basically what we do. And we think that there’s a big unmet need with the merchant ecosystem to get control of their storefronts.
Jonathan Denwood: Thanks for that you can tell that that’s an experienced CEO can’t you listeners and viewers. He’s focused. You can tell I’m going to put it over to my beloved co-host Steven.
Steven Sauder: The clean cart technology is super interesting. Something that I want to like dive in more and hear a little bit more about, but before we get there, getting back to like your origins, the advertising how much of it is like a real concern that like, if I put ads on my site, it’s going to start taking over and doing things that are malicious. Like if I have ads right now, is that something that is probably happening on my site? Or is it something that like, it’s only 10% of the people, but like, don’t be one of that 10%.
Matt Gillis: I think it’s one of those things where listen it costs a lot of money to create content. It costs a lot of money to drive users to your website. And if your sole means of making money is through ads, God, you better make sure that you deliver a great user experience to those users. And so the real origins of this is through programmatic advertising. There are so many great things about the free and open internet. It’s like allowed, you know, open access and, you know, anybody can buy ads and you can target directly end-users. And there are so many great things about it. And then the bad part is, is this openness and anywhere where there are users and there’s money, there are bad actors. And so like it’s just kind of welcomed bad actors. And guess what? These bad actors they’re actually performance advertisers. Like, they are seeking to create an engagement with you as an end-user and get you to do something that they’ll get paid for.
But you know a lot of it is clickbaity. And, so I would just say, you know, back to your question of like, should you be concerned? Listen, I think you should. And if nothing else, what we do is we give everybody a 30-day free trial so that you’ll get the CT scan to understand what’s happening on your site. Do you have a problem? For most sites that are using ads, the way they make the most amount of money is through demand density, having as many people bidding on that inventory at one time, and usually density equals, you know, somewhat of a reduction in quality. So like the more people you have bidding, you may have lesser quality. And that’s how these guys are creeping in. So we, we look, we’re almost like an insurance policy and we’re proactive. We’re not reactive. We stop it before it even happens.
Steven Sauder: Cool do you really only run into problems if you are running ads from other like third-party sources, other than let’s say Google, like a lot of people use Google, right? Like I feel like little Google’s little snippet in, and they run ads. Like I’m trusting, Google knows what they’re doing and filtering that stuff. Like, is that the case or is it when you get to like some of the higher like ROI type stuff. There are all these companies that are advertising, Hey, stick my little snippet on your site. And you’ll get, you know, twice as much as what Google is giving you and stuff, is that where you get into like the need to have that protection? Or is it always there, as some things slipped past Google too.
Matt Gillis: I think things slip past everyone. And so everybody, I think it, I wouldn’t say there’s a lot of folks in the ecosystem that are like, you know, wild West and not trying to put up defenses for this thing. And obviously, if there’s anybody that’s probably the best-funded to be able to protect against this stuff, it’s Google. They can invest in this sort of stuff. I would say the other smaller folks probably don’t have the same resources. And so I think that’s where, you know, I think you’d probably see more activity. And then the other thing is, is, you know, a lot of this sort of stuff kind of creeps it’s the way in through these self-service platforms. So, you know, like if in the old days, when you had to, you know, when, if I worked at, you know, pick your tier one website and you worked at the tier-one agency, we would go out and have steak dinners and I would write you an insertion order and you would know exactly what the ads are that I’m going to be trying to deliver, or you’re going to be trying to deliver.
And now, because it’s programmatic, everything’s on the fly everything’s in real-time. So there really isn’t, you know, that capability beforehand to prevent it. And there used to be these things like pre-scanning, right. Where you would like make sure that the ad is what it says it is. And guess what the bad actors got so smart that they would put code in that would detect if they’re actually being pre-scanned. And if they are, deliver this payload, and if they aren’t then deliver this payload. So there’s a whole bunch of sophistication, I think, where the bad actors, you know unfortunately they’ve out-innovated most of the vendors in the ecosystem.
Steven Sauder: Yeah. And I think like something to what you were saying is that if you would run like a service like yours, right. You’re then taking some of that precaution on yourself. You’re not just like letting third parties, like who knows what Google is doing. Who knows what all these other advertising people are doing. But at least if you run something like clean.iO on your website, you’re being proactive about it.
Matt Gillis: listen, your users don’t care about all of the long tail of people that you’re working with to monetize your site. They care about your site. And so I look at it as like, you know, if you go to a restaurant for a meal and you get food poisoning, the restaurant doesn’t go well it’s the guy that brought in the lettuce, he had bad lettuce. No, you got to own the experience for your consumers at your restaurant. The same sort of thing If you own a website and you’re not being proactive about really putting up the defenses to deliver delightful user experiences, my point is kind of shame on you.
Steven Sauder: Yeah. That’s a really good perspective.
Jonathan Denwood: I think that’s a good place to have our break. We’ve had a good discussion, with Matt Gillis, the CEO of clean IO we’ll be back in a few moments folks.
AD: Launch flows turn your Woo Commerce website into a selling machine. We make it easy to create gorgeous sales funnels, no friction checkouts, order bumps, upsells down sales, and much more. Gain full control over your buyer’s journey from the top of your Woo Commerce sales funnel, all the way to the bottom. Best of all, you can use your favorite page builder, such as Elementor, divvy, BeaverBuilder, Gutenberg, or one of the high converting templates we’ve included inside. Get rid of the clunky Woo Commerce shop pages and checkout process in favor of an optimized buyer flow that instantly increases conversions and makes you more money.
Launch flows provide one-click order bumps that increase the total value of every sale with a 10 to 30% conversion rate. This is perfect for anyone offering complementary products, training, or extended warranties. With unlimited upsells and down sells your buyer’s journey doesn’t need to end at the checkout. Instead, we make it easy to display a series of additional offers as part of the original transaction. This is perfect for one-time offers, related products; mastermind class offers high ticket software sales or subscription supplements. not an expert don’t worry, we’ve got the training and the consultation you need WP launchify will teach you how to get the most out of launch flows with personal consultation on Word Press, woo-commerce, marketing automation, and much more. If you want to earn more money with your Woo Commerce online business, you owe it to yourself to try launch flows today.
Jonathan Denwood: We’re coming back we’ve had a clean session.
Matt Gillis: So clean.
Jonathan Denwood: before we go into the second part of the podcast, we got another sponsor. We got to Convesio sponsoring the show. They are a Word Press hosting provider. They aim at the agency market. If you’re looking for a really modern hosting provider for your clients, if you’re a freelancer if you are an agency, they provide all the framework, they deal with all the technology it’s blazingly fast really fantastic interface, go and have a look at what they got to offer I think you’re going to be impressed and thank them for supporting the show it’s much appreciated. So you’ve got all these- What about re-targeting, Matt a lot of these adverts are, used in the re-targeting area because of the cost-benefit, has it been affecting that side of the industry? Is that like ad roll is one of the bigger players in that my understanding has all this been affecting, people actually using adverts for retargeting?
Matt Gillis: Well, no, I don’t think so. Like I look at retargeted as just another source of demand like, they’re just like, you know, another demand-side platform, like the trading desk or anyone who’s kind of creating that yield for publishers. And so, you know, you know, ad roll or Critio, or any of those sorts of folks are all going to be competing at the same time as the rest of the demand for all of those placements to actually, you know, put a retargeting ad instead of a brand ad or an app download ad or you name it. I think where it does get messy is where some of these folks try to aggregate more demand to create bigger checks or bigger yield size or whatnot, and where they mix in, you know, other demand with their owned and operated demand.
I think the supply path in the complexity of the supply path if you look at kind of that value chain of, you know, from the demand side platform or in the, you know, the advertiser to the demand side platform at the far end. At that end, it’s the end-user. And it’s, you know, usually the supply side platform, then all the pieces in between, it’s a really complex way that you can get to the supply path. You can go to some websites and see like, Hey, I could buy on pick your website USA today. There are probably like 14 different ways that you could directly buy. And then there’s probably 140 indirect ways of like the complexities of supply path as to how ads get through. And so I think that’s what makes this problem so hard is that it’s not just about blocking this guy here or that guy here because they’re everywhere. You have to assume that the criminals are everywhere and they’re going to, like, they’re going to have a, you know, next play set up 10 times over and well in advance of your, you know, if you’re trying to find them that way, you need technology to solve the problem.
And by the way, just to pile on, you know, cause I think where Steven was going before, like, the reality is, is it, isn’t usually a scenario where like a hundred percent of the ads that are coming through from any of these platforms is bad. Like usually it’s a small percentage and again, you need to put your mind in the way of like, how would a criminal work? Well, the criminal tries not to leave fingerprints. A criminal tries to like, you know, the best way to steal from someone is to steal a very little bit every single day, instead of like trying to like get greedy and steal big sums. If you get greedy and in this world, getting greedy would be going on blast and having it very reproducible and everybody can go and, you know, just see how it’s happening, that’s where you’re going to get caught. So a lot of these bad actors use these tactics just like, how do they fly under the radar? How do they probe? How do they frequency cap? Like, think of all the things that most marketers would use, the best professional marketers would use. That’s what these guys do.
Steven Sauder: It sounds remarkably similar to like Word Press hacking. Like if, you ever experienced the Word Press site getting hacked, like they do a really good job of hiding that and only are using your site for malicious stuff every, you know, hundreds, visitor, or every 10th person gets redirected somewhere. And it’s really hard to nail down or for you to even find out that your site is hacked because it’s looking to say like, oh, are you logged in? Well, if you’re logged in, you know, I’m not going to do anything I’m going to hide. And it’s kind of, it sounds very similar to what you’re saying, where, an ad can just sit there it’s not malicious, it’s fine It’s a great ad. And then, but somebody who’s controlling that ad, is able to flip switches every once in a while and kind of do what they want to do.
Matt Gillis: That’s exactly what they do because they control the payload execution. And so what they’ll do is exactly what you’re saying is they’ll fingerprint the device and they’ll say, does this, and this is all in real-time, does this, phone, does it meet the targeting requirements? Is it iOS, you know, X, whatever, is it running on Google Chrome? Does it have an Apple pay session active? Like that would be one of the fingerprints. Well, guess what? If you’re in a scanning lab, usually phones don’t have Apple pay sessions active. so they would not execute their code if they didn’t see an active Apple pay session, as things like that of you know, I don’t know. I guess it’s the mind behind the criminal? Like what would you do if you were trying to not get caught, you would try and hide your tracks. And that’s exactly what they do and don’t get greedy because you’ll get caught.
Steven Sauder: That’s fascinating.
Matt Gillis: And if you get caught, you get your supply path shut off. So it’s really hard to get these, you know, these seats set up to be able to buy. And so what you also do is you probably mix in some other fudged campaigns like Nike or whomever to make it look like you’re a real agency or something.
Steven Sauder: So what Does that look like then on your end, when you block an ad, like, is it just a gray box or what does the user see when like you stop a malicious attempt?
That actually creates a few good things. One, the user gets the correct experience. There’s just an image. And then, you know, if they’re scrolling know, it looks good and feels good. The user doesn’t get redirected to that page that says congratulations and doesn’t get stuck there. So that’s also good user experience is preserved. And because you don’t get bounced to that page, there’s no opportunity for a user to actually a foolish user to say, Hey, let me fill in my personally identifiable information here. So the bad actor actually gets no ROI. And so if you go into the mindset of the performance advertiser that like, what would you do if you were buying media on a site and getting no engagement, you’d actually not buy on that site anymore. And that’s the behavior that we see is that bad actor who buys on sites protected by clean.io, they actually stopped buying when they realized that they can’t get performance. So we chase them out, send them out.
Steven Sauder: make them spend the money and hurt their bottom line.
Jonathan Denwood: I think we got to make clear where you, you can put me right here. They are not doing anything illegal or is this a very gray area?
Matt Gillis: Jonathan, I think it’s a gray area. Well, one, I mean, listen, they, they, they’re buying the right to show an ad, but they’re not buying the right to take over the user experience. So I think they’re crossing the boundaries on that front obviously. And whether that’s illegal or not, I don’t know. What we also don’t know is what are the financial incentives and, and who is behind these things? Is there money laundering or is there stealing PII or, you know, all of those sorts of things? You know, we know that most of the reason for these folks operating is economics and profit motive driven. but so yeah whether that’s illegal or not, I think is a question mark, but you know, again, we go back to this notion that we think that if you own your website, you should be able to control the user experience on your website and that’s, you know, illegal or not you deserve to be able to deliver delightful user experiences to your end-users.
Jonathan Denwood: And does this really only apply to the, US or North America market? I know Europe has some very stringent, data protection laws, and I know Canada has recently introduced and is increasing its own legislation. So does this only really now affect the US market or does it still affects Europe and Canada?
Matt Gillis: Oh, it’s a global Well phenomenon we see these attacks happen in every country around the world no one’s immune to it. it’s profit-driven for the most part, So these folks are trying to get, you know, these offers that they’re trying to repurpose into this mechanism to make money. an example would be like, sometimes I get it where, you know, on my phone, it’ll say, Hey, Comcast customer, please, take the survey. We just have nine questions we want to ask you. And they’re targeting me because somewhere Comcast is paying someone to get user survey completions. And so what they’ve done is they’ve repurposed that and they’re getting an email address at the end of it. So like that’s probably how they trigger and get paid, but guess what, they’re targeting me on my home Wi-Fi, they know I’m a Comcast user.
So, maybe good for them for like getting creative as to how to get engagements and get people to want to complete surveys And, and if you think about it, what they’re doing is they’re buying a thousand ads probably for 20 cents because it’s a 20 cent CPM. So it’s 20 cents to buy a thousand ads, a normal advertiser, as I said, would get a half a percent click-through rate. But these guys, when they want, can get a 100% click-through rate. So you can actually get your message in front of a thousand people. If you want for 20 cents, if you just get one of those people to complete the survey, by the way, my mom probably would fall for this sort of thing or, who knows, but, you know, get one to complete. You probably get paid 5 bucks, 10 bucks. That’s a pretty good ROI. So it’s, it’s almost an arbitrage game for these guys. Like if you could get five people to complete, if you could up the level of your creative and make it really engaging and enticing, you know actually, I think it becomes a very robust business.
Jonathan Denwood: I think some ways it sounds like the people that we are and still probably are. I think he’s got a bit harder than spam email. They’re the kind of same people that probably do this it’s the same crowd.
Matt Gillis: Anyway, listen I’m showing my age, my I’m a Hotmail user still, unfortunately, but yeah, the inbox is full of junk and it’s filled with the ads that are like fake Netflix ads that you need to come in and re-input your credit card information. And so it’s clickbaity stuff and, you know, domain misrepresentation and, you know masking and all that sort of stuff. So listen, it’s the underbelly of the internet free and open internet is awesome. But again, where there are users and where there’s money, there are criminals.
Jonathan Denwood: Right. I think we’re going to wrap up the podcast part of the show. So Matt, how can people find out more about you and what you’re up to?
Matt Gillis: Well, if you’re an e-commerce merchant, I would say, you know, come to our website, clean.io is where you’ll find us. or you can go to a URL that we’ve created called blockcouponextensions.com. so that’s very straightforward that will get you to all the information. generally, we’re very focused on, on e-comm right now to get that ecosystem flying because they need the protection. We’re seeing, you know, just merchants losing a ton of money to these discounts, extensions, driving average order value down. So I would say, come find us on there. If you want to send me an email, firstname.lastname@example.org, or find me on LinkedIn, anything we can do to help on either the ad side or the e-commerce site, just let us know.
Jonathan Denwood: And Steven how can people Find out more about you and your company?
Steven Sauder: Yeah head over to Zip fish.IO run a speed test, see how much faster we can make your website.
Jonathan Denwood: And Steven and his teams helped us on the WP tonic site. They turned into a slightly sluggish beast into a speed machine. So I can’t praise, Steven or his company more. So if you’re looking for speed, go over there. And before we wrap up the podcast, I want to tell you about a free webinar that I’m doing with the Spencer forum. He’s of our regular panelists on our round table show. And we’re going to be talking about all things funnels, how to build a modern funnel on Word Press, how to build a modern shopping cart environment on Word Press. We’re going to be showing you all the latest methods on this free webinar. And that’s on Friday, the 9th of April at 10:30 AM Pacific standard time. All you have to do is go to the WP tonic website in the main navigation there’s a button that says webinar, you click it, you sign up and then you will be able to join us. And I’ll ask Spencer myself questions live and we’re going to be delving really deep. We’ll see you next week with another great guest, another great interview. We’ll see you soon folks bye
Every Friday at 8:30am PST we have a great and hard-hitting round-table show with a group of WordPress developers, online business owners and WordPress junkies where we discuss the latest and most interesting WordPress and online articles/stories of the week. You can also watch the show LIVE every Friday at 8:30am PST on our Facebook WP-Tonic Show page. https://www.facebook.com/wptonic/