2. Executive Summary
• Display ad fraud is the easiest to commit and bad guys
sell tons of “junk” inventory into ad exchanges; ad buyers
are goaled on number of impressions so that perpetuates
the problem.
30-60%
• Video ad impressions are 10x more lucrative than
display, so bad guys are deploying their bots and networks
to creating video ad inventory; again ad buyers are goaled
on “tonnage” of impressions and therefore perpetuates the
problem.
50-80%
• Search ad click fraud is harder to commit and usually
occurs on “search partner network” sites; but high
spending categories like insurance and high CPC
categories like pharma are favorite targets of the bad guys
who can earn $78 per click.
20-40%
-2-
Augustine Fou
3. Display Ad Impressions
30 – 60%
fraudulent, wasted, not-in-view
IAB: FY 2012 Display Ad Spend = $7.7B
• By far, the easiest to commit – fill a web page with many
display ads and repeatedly load the page with scripts or bots
• Clients pay on CPM basis and are usually goaled on the
number of impressions delivered and CPM
-3-
Augustine Fou
5. Where Click Fraud Comes From
Ad exchanges are particularly prone to fraud because shady sites sell enormous
quantities “ad impression inventory” into the exchanges for re-sale.
Source: Integral Ad Science, via BusinessWeek Nov 26, 2013
-5-
Augustine Fou
6. Video Ad Impressions
50 - 77%
fraudulent, autoplay, wasted, not-in-view
Source: Vindico via Adweek, December 15, 2013
eMarketer: Digital Video Ad Spend est. $4B in 2013
• Advanced bots are programmed to load video ads and wait
till they are counted as “views” before leaving the page
• Video ads have 10x the CPM compared with display ads, and
are therefore a prime target for „bad guys‟
-6-
Augustine Fou
7. Video Ads Are Lucrative
Video ad CPMs
are $8 - $12,
which means
they are more
than 10X more
lucrative than
display or
mobile ads.
Source: Turn, Inc.
October 2013
-7-
Augustine Fou
8. Search Ad Clicks
20 - 40%
fraudulent, accidental, wasted
Source: Adometry Click Fraud Report 1H 2013
IAB: FY 2012 Search Ad Spend = $16.8B
• Search ad fraud is a bit more involved to commit and usually
occurs on “search partner” sites (not the main search sites)
• Bad guys set up sites with no content, execute searches with
lucrative keywords, and click the ads with bots
-8-
Augustine Fou
9. Click Fraud by Qtr
Source: ClickForensics 2011
-9-
Augustine Fou
10. Biggest PPC Spenders
Insurance est. Spending:
-
Statefarm.com - $46M /yr
Geico.com - $44M
Progressive.com - $34M
Esurance.com - $28M
Allstate.com - $25M
USAA.com - $21M
Many CPCs from $60 - $78
Retailers est. Spending:
- 10 -
Walmart.com - $48M /yr
Sears.com - $18M annually
Macys.com - $11M per year
JCPenney.com - $9.6M
CPCs range from $15 - $63
Augustine Fou
11. Related Articles
Bad Guys Happily Rob Display Advertisers
By: Augustine Fou, July 23, 2012
Everything Fake (Display Ad Fraud, Search Click Fraud)
By: Augustine Fou, April 2013
Blacklisting vs Whitelisting
By: Augustine Fou, October 2013
What Suspect Site Traffic and Gray-hat Techniques Look Like
By: Augustine Fou, October 2013
Video Ad Fraud Investigation, Part 1
By: Augustine Fou, October 2013
- 11 -
Augustine Fou
12. Dr. Augustine Fou – Digital Consigliere
“I advise clients on optimizing
advertising across all channels. One
main area of focus is reducing ad waste
due to fraud – fake impressions, clicks,
leads, and sales.”
FORMER CHIEF DIGITAL OFFICER, HCG (OMNICOM)
MCKINSEY CONSULTANT
CLIENT SIDE / AGENCY SIDE EXPERIENCE
PROFESSOR AND COLUMNIST
ENTREPRENEUR / SMALL BUSINESS OWNER
PHD MATERIALS SCIENCE (MIT '95) AT AGE 23
ClickZ Articles: http://bit.ly/augustine-fou-clickz
Slideshares: http://bit.ly/augustine-fou-slideshares
LinkedIn: http://linkd.in/augustinefou
- 12 -
@acfou
Augustine Fou
14. Assumptions No Longer Valid
1.
bots can‟t fake mouse movements and webpage scrolling - they can easily now
2.
captchas can only be solved by humans - bots can solve them too now
3.
it requires malware infected computers to commit ad fraud - bad guys can set up
hundreds of thousands of server instances to simulate users without having to infect
any computers with malware
4.
malware can be caught by virus software when installed - some malware does not
need to be installed, they are carried along with the code of a toolbar, plugin,
extension, etc. or can be asynchronously introduced later via updates (especially when
user has permitted auto-updates)
5.
if a correct bid record is passed it should be a human user - bots can easily send fake
information to simulate being a user (e.g. cookies, referrer, search query,
characteristics of the computer and browser, etc.)
6.
fraudulent traffic is a small portion of legitimate human traffic -- bot traffic is far
larger than actual human traffic. This comes from both “legitimate” sources like
Google crawlers or “site up status checkers” and “illicit” sources like server-side
scripts, browser side scripts, browser extensions and plugins, and other malware.
- 14 -
Augustine Fou
15. IAB Full Year 2012
Source: IAB 2012 Annual Report
- 15 -
Augustine Fou
16. Digital Video Ad Spend
Source: eMarketer, May 2013
- 16 -
Augustine Fou