Ad fraud is nothing new, but ad fraud detection firm WhiteOps has discovered what it calls the biggest ad fraud scheme to date, an operation called Methbot that’s believed to have been scamming $3 million to $5 million a day since October from ad agencies and brands by mimicking video ad views.

The news alarmed agencies, who said it should serve as another wake-up call to marketers about their reliance on programmatic advertising techniques to reach consumers.

Michael Horn, managing director of data science at Huge, said the amount of money this scheme represented and the fact that Methbot attacked lucrative video ads, until now perceived as being relatively fraud-safe, makes the scope of this report “a big step forward in terms of scale and sophistication. It’s the professionalization of fraud.”

Based on the amount WhiteOps says Methbot has already siphoned off from advertisers, he said, “They’ve raised the equivalent of a good-sized, VC-backed programmatic ad tech company.”

A group of hackers behind the attack have hit 6,000 publications, including blue-chips like Fortune, The Economist and ESPN and even Facebook, according to the WhiteOps report, which did not release names of the advertisers that were affected.

The buying giant GroupM considers itself a leader in the fight against ad fraud, as a founding member of the Trustworthy Accountability Group, a cross-industry group that has fraud as one of its main focuses. As such, GroupM has limited most of its digital buying to about 60 partners that provide premium, branded inventory, a spokesperson said. However, as this situation shows, even legitimate sites can be exploited by fraud. GroupM said it’s using brand-safety tools TAG released in the wake of the WhiteOps report to prevent ad dollars from flowing to Methbot.

John Montgomery, global brands safety officer at GroupM, said the amount of GroupM’s inventory that was affected by the hackers appears to be very small, but the company still took it “extremely seriously.

“Video has made our marketplace a valuable target,” he said. “I’m not ready to call the size of the fraud quite yet. But we should continue to be as vigilant as we can. And this is not going to be the last scare that we get.”

Eric Smith, director of innovation at Mediassociates, believes this is just the start of big sophisticated cyber attacks to come against the digital ecosystem. Mediassociates mandates that its clients use third-party fraud detection services, but DSPs need to take the lead and block Methbot and other fraudsters, he said.

But Horn said the WhiteOps report shows that even fraud-detection tools aren’t foolproof, because fraudsters end up using the same technology. The scheme raises questions of whether advertisers are really getting the efficiencies they think they are from programmatic advertising, given the cost of fraud, along with ad blocking. Advertisers should think more about effectiveness, which he thinks will ultimately lead them to spend more directly with media companies, on content and partnerships.

Digiday Daily Newsletter

Get Digiday's top stories every morning in your email inbox.

“Programmatic is an important part of the mix,” he said. “But don’t reflexively reach for it.”

The attack shouldn’t scare advertisers off programmatic, but should make them aware of the risks and be more vigilant in using tech vendors that can identify bot nets while suppliers should use those tools to screen ad inventory before making it available for bid, Montgomery said. “I don’t think all our clients are necessarily using them to the best of our abilities,” he said.

Ultimately, attacks like this also show that cookies are not the answer to digital targeting because they make such attacks so easy, and that social IDs are preferable, Smith said. “They have longevity and stronger activity signals that can be used as a level of validation not currently available with cookie data and its 90-day lifespan.”

  • LinkedIn Icon
Digiday
Digiday