Ghost sites, domain spoofing, fake apps: A guide to knowing your ad fraud
Cracking down on digital ad fraud may seem like a hopeless and expensive game of whack-a-mole, but there are ways marketers and publishers can arm themselves better to fight it.
Digital ad fraud is a volume game. There are two core types: fraudulent ad impressions on any device, and click fraud — aka CPM and CPC fraud. Each type relies on volume, and that’s why there are a whole bunch of techniques used to drive large volumes of fraudulent impressions and clicks. That’s where the long list of confusing terms comes in — anything from click installs to ad stacking, and ad injection.
“Marketers feel paralyzed by the fear that fraud is so hard to unpick that they can’t do it, and it’s easier to believe it doesn’t affect them,” said Augustine Fou, anti-fraud and security researcher. “Or they think it’s priced in, but it’s not. There is so much misconception out there.”
Fraudsters follow the money, and with an increasingly large chunk of the digital ad budgets going to mobile globally, marketing teams need to ensure they’re fraud-savvy. Currently, 28 percent of global mobile media budgets are wasted on fraud, according to mobile marketing analytics AppsFlyer’s latest report. Meanwhile, 74 percent of that is conducted by ever more sophisticated and scalable fraud tactics, said the same report.
“Even advanced AI can be fooled at times,” said Karen Cohen, head of product marketing, at AppsFlyer. “That’s why it’s crucial that in addition to having automated fraud protection tools in place, marketers become well versed in the art of fraud and advanced fraud schemes, so the good guys can work together symbiotically to keep bad actors from harming the ecosystem.”
Here’s a primer on the core techniques used to generate CPM fraud.
General invalid traffic bot
Believe it or not, these are all good bots. That’s because GIVT bots are disclosed by the companies using them. For instance, Google has tons of bots on the web like spiders that crawl pages and organize its index. These are honest types of bots, because the companies using them disclose what they are. Non-human traffic and invalid traffic are the exact same thing, by the way; they’re just confusingly called the same thing.
Sophisticated Invalid traffic bot
This is the type to watch out for. SIVT is harder to detect and requires humans to properly analyze and identify, according to experts. Examples include hijacked devices, malware, and falsely identified viewable impressions.
The kind that sends premium publishers into a fury. It’s when a fake site masquerades as a bona fide publisher in order to trick buyers who bid on their impressions. The Financial Times, New York Times and News UK all cracked down hard on this in 2017. Ads.txt was invented to help with this. That said, some anti-fraud and security experts don’t think ads.txt is bulletproof, and that fraud is still occurring. “Ads.txt would work better if buyers bothered to check it,” said Fou. If the buyer sees a premium publisher in there, they need to look for the seller ID, not just the domain, he added. “The buyer needs to cross-check it’s definitely that publisher by looking at the seller IDs and cross-checking them with ESPN’s seller ID.”
Data center traffic
This is a low-entry point for fraudsters. Unlike malware fraudsters, this is cheap and relatively easy to do, according to Fou. This is where traffic originates from servers set up in a data center, rather than actual companies. It is made to look as though audiences are seeing the traffic generated when they aren’t. In order for a human to see an ad, they need a screen. But data centers simulate what an impression would look like, including details such as screen resolution for example — anything that makes it look like a browser. Mobile emulators do the same thing.
Fake device IDs
A big problem in mobile. Fake mobile devices create fake IDs — a random string of numbers and letters (called alphanumeric code) — designed to defeat frequency caps. Another type is the copying of real device IDs from human devices and replaying them so they escape detection by telecom providers, so they can’t determine fraudulent ones from their own.
These are sites that don’t exist, like blank pages. A blank page with no content is set up, and some ad tech code added and pushed into a low-quality exchange to start generating money from fake impressions. Legitimate exchanges block this. But it’s hard to fully clamp down on because sometimes by the time the inventory gets to the end exchange it’s been through so many others that it’s harder to spot.
When pages are set to redirect to other pages in an infinite loop, in the process creating millions of fake impressions. Prolific on desktop and mobile. It’s a tricky one because marketers may feel insulted by the fact they have bot detection tools deployed on certain pages. But it’s the hidden pages being created by this redirected traffic that are the blind spots because anti-fraud tech can’t see them.
Infected/hijacked device malware
Experts say getting malware onto a human device is a really hard, expensive technique. The meth bot fraud scandal uncovered by WhiteOps is the type of malware fraud that causes issues. It is much harder to do than spinning up a mobile emulator or a data center. There are specialists that focus on curbing these kinds of schemes. It follows, then, that those interested in committing ad fraud resort to easier and cheaper techniques such as emulators and data centers, which are, therefore, more prolific.
This is a big problem for video. Fairly common practice, and like a form of arbitrage. An example is taking a 300×250 banner ad slot bought cheaply, and stuffing in a video unit to sell it for a far higher CPM. Some exchanges have had to ban the format entirely on their platforms in order to get rid of it. Used to drive up yields fraudulently rather than quantity of fraudulent impressions.
Publishers boost climate change coverage as the issue takes the world stage
With the countdown to the COP26 summit underway, publishers are boosting their coverage of climate change in videos, articles, events and audio.
How Axios is tackling local news: newsletters from small teams, in more markets
Axios plans to have local newsletters in 23 markets in 2022. But local news is a challenging undertaking, and many have failed before it. How is Axios differentiating itself?
‘Giving people more control’: Rise in flexible working is enabling older workers to defer retirement
Enforced working from home has opened many people’s eyes to the potential for flexible working, and for many older people it has offered them a way to defer retirement.
SponsoredHow legacy publishers are transforming into profitable streaming channels
Navdeep Saini, co-founder and CEO, DistroScale, parent company of DistroTV Connected TV (CTV) has become one of the fastest developing channels in advertisers’ marketing mix today. The pandemic led to an increase in CTV consumption, with 75% of consumers watching more streaming content than before quarantines set in. With streaming viewership continuing to gain momentum, […]
Member ExclusiveMedia Buying Briefing: ‘The golden age of audio’: New forms hit a higher note, but radio buyers still struggle to hear it
As digital audio continues to grow, forecast by eMarketer to hit $5.59 billion in 2021, media buyers and planners are still trying to find ways to make effective use of it.
‘We see a world where publisher data replaces third-party data’: News U.K. puts its data at the nucleus of post-cookie push for media budgets
News U.K. has overhauled the way it collects, sorts and monetizes its audience data across all its titles via first-party data platform Nucleus.