Ghost sites, domain spoofing, fake apps: A guide to knowing your ad fraud
Cracking down on digital ad fraud may seem like a hopeless and expensive game of whack-a-mole, but there are ways marketers and publishers can arm themselves better to fight it.
Digital ad fraud is a volume game. There are two core types: fraudulent ad impressions on any device, and click fraud — aka CPM and CPC fraud. Each type relies on volume, and that’s why there are a whole bunch of techniques used to drive large volumes of fraudulent impressions and clicks. That’s where the long list of confusing terms comes in — anything from click installs to ad stacking, and ad injection.
“Marketers feel paralyzed by the fear that fraud is so hard to unpick that they can’t do it, and it’s easier to believe it doesn’t affect them,” said Augustine Fou, anti-fraud and security researcher. “Or they think it’s priced in, but it’s not. There is so much misconception out there.”
Fraudsters follow the money, and with an increasingly large chunk of the digital ad budgets going to mobile globally, marketing teams need to ensure they’re fraud-savvy. Currently, 28 percent of global mobile media budgets are wasted on fraud, according to mobile marketing analytics AppsFlyer’s latest report. Meanwhile, 74 percent of that is conducted by ever more sophisticated and scalable fraud tactics, said the same report.
“Even advanced AI can be fooled at times,” said Karen Cohen, head of product marketing, at AppsFlyer. “That’s why it’s crucial that in addition to having automated fraud protection tools in place, marketers become well versed in the art of fraud and advanced fraud schemes, so the good guys can work together symbiotically to keep bad actors from harming the ecosystem.”
Here’s a primer on the core techniques used to generate CPM fraud.
General invalid traffic bot
Believe it or not, these are all good bots. That’s because GIVT bots are disclosed by the companies using them. For instance, Google has tons of bots on the web like spiders that crawl pages and organize its index. These are honest types of bots, because the companies using them disclose what they are. Non-human traffic and invalid traffic are the exact same thing, by the way; they’re just confusingly called the same thing.
Sophisticated Invalid traffic bot
This is the type to watch out for. SIVT is harder to detect and requires humans to properly analyze and identify, according to experts. Examples include hijacked devices, malware, and falsely identified viewable impressions.
The kind that sends premium publishers into a fury. It’s when a fake site masquerades as a bona fide publisher in order to trick buyers who bid on their impressions. The Financial Times, New York Times and News UK all cracked down hard on this in 2017. Ads.txt was invented to help with this. That said, some anti-fraud and security experts don’t think ads.txt is bulletproof, and that fraud is still occurring. “Ads.txt would work better if buyers bothered to check it,” said Fou. If the buyer sees a premium publisher in there, they need to look for the seller ID, not just the domain, he added. “The buyer needs to cross-check it’s definitely that publisher by looking at the seller IDs and cross-checking them with ESPN’s seller ID.”
Data center traffic
This is a low-entry point for fraudsters. Unlike malware fraudsters, this is cheap and relatively easy to do, according to Fou. This is where traffic originates from servers set up in a data center, rather than actual companies. It is made to look as though audiences are seeing the traffic generated when they aren’t. In order for a human to see an ad, they need a screen. But data centers simulate what an impression would look like, including details such as screen resolution for example — anything that makes it look like a browser. Mobile emulators do the same thing.
Fake device IDs
A big problem in mobile. Fake mobile devices create fake IDs — a random string of numbers and letters (called alphanumeric code) — designed to defeat frequency caps. Another type is the copying of real device IDs from human devices and replaying them so they escape detection by telecom providers, so they can’t determine fraudulent ones from their own.
These are sites that don’t exist, like blank pages. A blank page with no content is set up, and some ad tech code added and pushed into a low-quality exchange to start generating money from fake impressions. Legitimate exchanges block this. But it’s hard to fully clamp down on because sometimes by the time the inventory gets to the end exchange it’s been through so many others that it’s harder to spot.
When pages are set to redirect to other pages in an infinite loop, in the process creating millions of fake impressions. Prolific on desktop and mobile. It’s a tricky one because marketers may feel insulted by the fact they have bot detection tools deployed on certain pages. But it’s the hidden pages being created by this redirected traffic that are the blind spots because anti-fraud tech can’t see them.
Infected/hijacked device malware
Experts say getting malware onto a human device is a really hard, expensive technique. The meth bot fraud scandal uncovered by WhiteOps is the type of malware fraud that causes issues. It is much harder to do than spinning up a mobile emulator or a data center. There are specialists that focus on curbing these kinds of schemes. It follows, then, that those interested in committing ad fraud resort to easier and cheaper techniques such as emulators and data centers, which are, therefore, more prolific.
This is a big problem for video. Fairly common practice, and like a form of arbitrage. An example is taking a 300×250 banner ad slot bought cheaply, and stuffing in a video unit to sell it for a far higher CPM. Some exchanges have had to ban the format entirely on their platforms in order to get rid of it. Used to drive up yields fraudulently rather than quantity of fraudulent impressions.
With billionaire backers, Time is still in expansion mode
Several publishers, including BuzzFeed, Group Nine Media and Vice, recently announced pay cuts and benefit reductions to their staffs. Time CEO Edward Felsenthal, on the other hand, not only pledged to his staff of 275 that the company wouldn’t have any layoffs for 90 days — and the company would continue growing through new hires […]
‘We’re all making it up as we go along’: Dazed CEO Jefferson Hack on what comes next for media
Anyone sitting back seeing how it plays out is part of the problem rather than the solution. I only want to work with people who are part of the solution.
Member ExclusiveFountain of youth: Meet 7 young founders transforming media
Media isn’t for the faint of heart, especially these days. But don’t tell that to these seven young founders.
SponsoredAs cookies vanish, publishers are using new authentication strategies
Up to 40 percent of browser inventory is already cookieless, giving publishers, marketers and their technology partners an opportunity to build a new and better digital ecosystem.
‘Opening the paywall is not an option’: Schibsted sees subscriptions mini-boom
The Nordic publisher sold twice as many subscriptions the past two weeks compared to the period's previous two weeks.
‘Everyone feels the pain’: Major digital publishers enact pay and benefits cuts to stanch the bleeding
Several publishers have begun announcing their pay cuts and furlough plans as ad revenue continues drying up. Seeing patterns from previous recessions, former media execs explain why these cost controls are only temporary fixes.