How traffic resellers trip third-party verification filters
When it comes to ad fraud, everybody’s got a stake to protect.
Verification vendors came into hot demand last year after social platforms made several measurement errors. But fraud researchers claim that bot traffic is still prevalent. Bots are systematically designed to bypass these verification filters, with some researchers suggesting that as much as 80 percent of bot traffic can slip by undetected.
With vendors and researchers protecting separate interests, advertisers should be skeptical of getting most of their fraud information from a single source, said ad fraud consultant Augustine Fou. “Everyone is telling a partial truth.”
In online forums and LinkedIn accounts, traffic resellers contend they can get by third-party verification firms while peddling cheap scale that is largely obtained through bots and fraud. To test what gets through, fraud researchers buy traffic from shady vendors and analyze how well it monetizes in different supply-side platforms.
“Advertisers have a false sense of security and blindly rely on third-party filters which they assume are flawless,” said ad fraud consultant Shailin Dhar. “And most buyers are not aware of the existence of robotic traffic that passes these filters deliberately.”
A major benefit of using a verification service is that clients can routinely monitor how much fraud their vendor detects on their website. For premium publishers, this data is a useful tool to gauge quality. But for fraudsters, this data can be reverse engineered for hacking purposes
Fou said that traffic resellers regularly obtain access to accounts for verification services. And if a reseller is denied access, they may team up with an acquaintance since there is a network of resellers pushing fraudulent traffic, he said.
After getting access to the verification company’s data and dashboard, the traffic vendors continuously test different tactics until they notice what trips a verification company’s filter. Once a tactic — like forcing a bot to execute a precise combination of mouse movements and clicks — is shown to work, the reseller uses the tactic on the traffic it sells on the open market, Fou said.
If a reseller can’t get through a particular company’s filter, it will combine tricks that worked on other filters to increase its probability of getting through. For example, traffic brokers told Dhar that they had access to DoubleVerify and Integral Ad Science filters, but not a Moat filter. As a workaround, the brokers combined the tactics that got them through DoubleVerify and IAS to increase their chance at getting through Moat.
“There is a disconnect at many of those [verification] companies between the engineers who are trying to create rigorous filters and the sales team who will sell accounts to anyone willing to pay, and this is what exposes them to being reverse engineered,” Dhar said.
Reps from multiple verification firms denied that sales imperatives influenced who obtained access to their accounts. But they did recognize that fraud remains a cat and mouse game.
“We have a thorough vetting process for any partner that we directly sell to,” said Matt McLaughlin, COO of DoubleVerify. “But we are not naïve. We also know there is, quite frankly, a criminal element that is always finding ways to exploit tools.”
Verification companies have incentive to downplay internal structures that could contribute to undetected fraud. But it’s worth recognizing that consultants who sell their services to advertisers have imperatives too.
“Fraud researchers themselves have their own incentive to make it seem like fraud is the biggest problem out there,” said Amit Joshi, director of product and data science at Forensiq. “It is a big problem, but in some cases it can be blown out of proportion.”
Placing impartial scale on this issue is difficult because the chain runs deep. Jason Shaw, director of data science at IAS, said that bot operators usually send their traffic to just a few domains. But those domains are often linked to other traffic brokers so there becomes a “big web of arbitrage,” he said. Research reports indicate that traffic is resold through websites such as ultimatewebtraffic.com, easyvisitors.com and supremetrafficbot.com.
Although verification companies and fraud researchers disagreed about how often fraud goes undetected, they were in agreement that all ad services become fallible at some point.
“I would be skeptical of anyone who says their solution is perfect,” McLaughlin said.” We need to build tools so we can evolve as the fraudsters evolve.”
More in Marketing
Key takeaways from Digiday’s 2024 Gaming Advertising Forum
Now that gaming has gone from a buzzword to a regular presence in brands’ media mix, marketers are more closely scrutinizing the value and ROI of their investments in this channel — and the platforms are rising to the challenge. Here are some of the biggest takeaways from this week’s Gaming Advertising Forum.
‘The most controversial rebrand of the year’: Understanding the tightrope that legacy brands like Jaguar walk during a rebrand
Jaguar’s attempt at a sleek, ultra-modern rebrand replete with art-house aesthetics has been the talk of the water cooler – excuse me, LinkedIn – this week.
The Trade Desk finally confirms it: Meet Ventura, the OS to cement its grip on CTV
The Trade Desk is indeed building a CTV operating system. So much for shutting down those rumors. Weeks ago, CEO Jeff Green insisted they were off-base.