How traffic resellers trip third-party verification filters
When it comes to ad fraud, everybody’s got a stake to protect.
Verification vendors came into hot demand last year after social platforms made several measurement errors. But fraud researchers claim that bot traffic is still prevalent. Bots are systematically designed to bypass these verification filters, with some researchers suggesting that as much as 80 percent of bot traffic can slip by undetected.
With vendors and researchers protecting separate interests, advertisers should be skeptical of getting most of their fraud information from a single source, said ad fraud consultant Augustine Fou. “Everyone is telling a partial truth.”
In online forums and LinkedIn accounts, traffic resellers contend they can get by third-party verification firms while peddling cheap scale that is largely obtained through bots and fraud. To test what gets through, fraud researchers buy traffic from shady vendors and analyze how well it monetizes in different supply-side platforms.
“Advertisers have a false sense of security and blindly rely on third-party filters which they assume are flawless,” said ad fraud consultant Shailin Dhar. “And most buyers are not aware of the existence of robotic traffic that passes these filters deliberately.”
A major benefit of using a verification service is that clients can routinely monitor how much fraud their vendor detects on their website. For premium publishers, this data is a useful tool to gauge quality. But for fraudsters, this data can be reverse engineered for hacking purposes
Fou said that traffic resellers regularly obtain access to accounts for verification services. And if a reseller is denied access, they may team up with an acquaintance since there is a network of resellers pushing fraudulent traffic, he said.
After getting access to the verification company’s data and dashboard, the traffic vendors continuously test different tactics until they notice what trips a verification company’s filter. Once a tactic — like forcing a bot to execute a precise combination of mouse movements and clicks — is shown to work, the reseller uses the tactic on the traffic it sells on the open market, Fou said.
If a reseller can’t get through a particular company’s filter, it will combine tricks that worked on other filters to increase its probability of getting through. For example, traffic brokers told Dhar that they had access to DoubleVerify and Integral Ad Science filters, but not a Moat filter. As a workaround, the brokers combined the tactics that got them through DoubleVerify and IAS to increase their chance at getting through Moat.
“There is a disconnect at many of those [verification] companies between the engineers who are trying to create rigorous filters and the sales team who will sell accounts to anyone willing to pay, and this is what exposes them to being reverse engineered,” Dhar said.
Reps from multiple verification firms denied that sales imperatives influenced who obtained access to their accounts. But they did recognize that fraud remains a cat and mouse game.
“We have a thorough vetting process for any partner that we directly sell to,” said Matt McLaughlin, COO of DoubleVerify. “But we are not naïve. We also know there is, quite frankly, a criminal element that is always finding ways to exploit tools.”
Verification companies have incentive to downplay internal structures that could contribute to undetected fraud. But it’s worth recognizing that consultants who sell their services to advertisers have imperatives too.
“Fraud researchers themselves have their own incentive to make it seem like fraud is the biggest problem out there,” said Amit Joshi, director of product and data science at Forensiq. “It is a big problem, but in some cases it can be blown out of proportion.”
Placing impartial scale on this issue is difficult because the chain runs deep. Jason Shaw, director of data science at IAS, said that bot operators usually send their traffic to just a few domains. But those domains are often linked to other traffic brokers so there becomes a “big web of arbitrage,” he said. Research reports indicate that traffic is resold through websites such as ultimatewebtraffic.com, easyvisitors.com and supremetrafficbot.com.
Although verification companies and fraud researchers disagreed about how often fraud goes undetected, they were in agreement that all ad services become fallible at some point.
“I would be skeptical of anyone who says their solution is perfect,” McLaughlin said.” We need to build tools so we can evolve as the fraudsters evolve.”
Hybrid hold-outs: Why some businesses are expanding traditional office workspaces
For companies looking to scale up and take advantage of specific growth trends in particular countries it also makes sense to continue investing in physical offices.
Recent FTC chair signals push for rules on data collection and dark patterns that sidestep Congress
Rebecca Slaughter supports a policy approach that uses rulemaking authority also supported by the FTC's new chair Lina Khan.
Cheat Sheet: Inside Carrefour’s ‘competitive’ retail media pitch to advertisers
As it stands, 20% of Carrefour's store sales are already influenced by its digital ad sales.
SponsoredIdentity solution fatigue is setting in: How to keep moving
By Kristina Prokop, CEO and co-founder, Eyeota As we move deeper into 2021, the desperate search for identity solutions that can smooth marketing organizations’ transitions to a cookieless world is reaching a fever pitch. There’s no shortage of new identifiers and identity technologies vying for attention — and that’s a big part of the problem. […]
‘Mindset that this is going to be long-term’: Inside Visible’s influencer marketing strategy for Pride and beyond
The digital-only phone carrier from Verizon, believes that fostering an on-going relationship with influencers will allow the audiences to get to know the brand authentically.
How Complexland 2.0’s gamefied virtual shopping festival increased sponsorship revenue by 60%
ComplexLand's return is helping sponsors and attendees get closer than virtual events typically allow.