This is the first article in an occasional series on ad fraud.
Like a toenail fungus, ad fraud proprietors are deceptively difficult to kill off.
Old ad fraud tactics like domain spoofing, sending traffic to garbage sites and disguising display inventory as video remain in vogue. In fact, in some ways, current industry trends like brand-safety mandates and the rise in header bidding inadvertently prop up classic ad fraud tricks.
Earlier this month, BuzzFeed published an exposé that outed an ad fraud operation. As the story circulated on social media, journalists at various publications covering the ad industry noted the most striking thing about the story is how old schemes still dupe big brands.
Here are some of the more persistent ad fraud tactics.
Unscrupulous publishers — if you can even call them publishers — cloak the names of their URLs in ad exchanges so they can fool ad buyers into buying their crap impressions. For example, yourwebsitesucks.com might label itself as ESPN.com on an exchange, and because the shady site sells its impressions for cheaper than the sports giant, the shady site will siphon money from ad buyers looking for cheap scale who fail to examine site-level reports.
Last month, the Financial Times found that 15 different supply-side platforms purported to sell its video inventory — even though the FT doesn’t sell its video inventory programmatically. The publisher estimated the value of the fraudulent inventory to be about $1.3 million a month. So it told four ad tech vendors — Oath, SpotX, FreeWheel and BidSwitch — to stop representing access to FT video inventory.
Michael Tiffany, CEO of ad fraud detection service White Ops, which rose to popularity after uncovering the Methbot scheme that reportedly spoofed more than 6,000 publishers in the U.S., said header bidding’s popularity is leading to an increase in domain spoofing.
Prior to header bidding, publishers sold inventory by moving ad calls across supply-side platforms one at a time. Since SSPs weren’t all bidding at once, they had access to unique inventory. This gave ad buyers a check against domain spoofing because they knew which SSPs worked directly with particular publishers.
But header bidding lets publishers simultaneously make ad calls to a bunch of SSPs. To bring in more competition to the increase prices for their inventory, publishers using header bidding began loading more SSPs on their browsers. This reduced the probability that a given SSP would have access to unique inventory, eliminating a sanity check for buyers.
“I think there is a lot to love about header bidding, but it has also made old fraud new again because it increases the attack surface for the adversaries doing domain spoofing,” Tiffany said.
Video ad fraud is about twice as common as display ad fraud, according to DoubleVerify, which makes sense when you consider that ad dollars are pouring into video.
Among the 100 largest digital publishers, display CPMs tend to run from $2 to $6, while video CPMs range from $12 to $20, according to an ad buyer requesting anonymity. Since video CPMs are higher than display, fraudsters disguise display inventory as video inventory so they can pocket the difference between the two.
This type of fraud has become acutely irritating for advertisers as the demand for video continues to soar. Lewis Rothkopf, gm of supply at demand-side platform MediaMath, said he continues to see SSPs masquerading display inventory as video. An April study by Integral Ad Science and Rocket Fuel found that up to 70 percent of video ad inventory is misrepresented in this manner.
Funding the fringe
With the growing awareness of fake news and screenshot activists calling out brands on social media for running ads against racist content, the demand for brand safety has surged. So some marketers expanded their use of tools like whitelists and blacklists to help keep their ads off fringe sites.
But brand safety remains a frustrating game of whack-a-mole. Because porn, piracy and hate sites can no longer attract brand ads directly to their webpages, they’ve increasingly turned to middlemen to distract brands from where their ad dollars wind up, Tiffany said. These middlemen grab ad dollars using antiquated strategies.
One trick is to serve pop-ups and pop-unders to unsuspecting porn users. For example, a porn site will pay an ad network to connect it with a benign-sounding website like fashionshack.com that appears to be unaffiliated with porn. Once the user goes to the porn site, another browser window will load and automatically send the user to Fashion Shack.
Since Fashion Shack features no sexual content and it appears in another window, the brand-safety vendor is unlikely to flag it. A site like Fashion Shack won’t have much content, but the pop-unders continually refresh ads so that thousands of impressions can be “shown” to users on the porn site, even though the majority of the impressions shown on these webpages will never be actually seen.
Advertisers can reduce their exposure to fraud if they change some of their habits, including targeting audiences regardless of which sites they appear on and buying suspect video inventory. They also can restrict the number of sites they let ads run on and be more careful about heavily targeting niche demographics where quality supply is scarce.
“The [fraud] tactics will only have to be as sophisticated as the countermeasures of the marketplace they are selling in,” said Shailin Dhar, founder of Method Media Intelligence, which consults tech firms on ad fraud. “And that is why the basic fraud still makes shitloads of money.”