Industry Actions Against Digital Ad Fraud Reported by Augustine Fou


Published on

Certain high profile cases have been reported in 2013 and 2014 about big companies taking action against organized crime, committing digital ad fraud in both display advertising and search ads.

Published in: Marketing
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Industry Actions Against Digital Ad Fraud Reported by Augustine Fou

  1. 1. Industry Actions Against Digital Ad Fraud Dr. Augustine Fou acfou @mktsci .com February 2014 -1- Augustine Fou
  2. 2. Microsoft Kills Zombie PCs Armed with a court order and law enforcement help overseas, the team took steps to cut off communication links to European-based servers considered the mega-brain for an army of zombie computers known as ZeroAccess. Criminals for years had used the ZeroAccess "botnet," which combines the power of more than 2 million hijacked computers—or bots—around the world, to fraudulently bill some $2.7 million a month from online advertisers, company investigators say. Working With Law Enforcement, Microsoft Team Cuts Off Servers for Zombie Computers Source: WSJ Dec 5, 2013 -2- Augustine Fou
  3. 3. LinkedIn Sues John Doe Professional social networking site LinkedIn has filed a federal lawsuit against ten unspecified individuals over the use of bots that stole personal data from the profiles of hundreds of thousands of users. According to the suit, which was filed Monday in the Northern California federal district court, the bots were used to register thousands of fake LinkedIn accounts for the purpose of mining data from legitimate accounts – a process known as scraping, which is prohibited by LinkedIn‘s user agreement. The court documents also claim the fraudulent activity, which began last May, breaks state and federal computer security laws as well as federal copyright law. ―Since May 2013, unknown persons and/or entities employing various automated software programs (often referred to as ‗bots‘) have registered thousands of fake LinkedIn member accounts and have extracted and copied data from many member profile pages,‖ LinkedIn said in its complaint. ―This practice, known as ‗scraping,‘ is explicitly barred by LinkedIn‘s User Agreement, which prohibits access to LinkedIn ‗through scraping, spidering, crawling, or other technology or software used to access data without the express written consent of LinkedIn or its Members.‘‖ LinkedIn Sues ―John Doe‖ Hackers Who Created Fake Accounts to Scrape Member Data Source: BusinessWeek Jan 2014 -3- Augustine Fou
  4. 4. Kills Chameleon Botnet Chameleon Botnet Date of discovery: 28 February, 2013 Known as: Chameleon Botnet Discovered by: Activity identified: Botnet emulates human visitors on select websites causing billions of display ad impressions to be served to the botnet. Number of host machines: over 120,000 have been discovered so far Geolocation of host machines: US residential IP addresses Reported User Agent of the bots: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0) and Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Proportion of traffic that is botnet traffic from IP addresses of host machines: 90% (diluted by gateway IPs) Number of target websites across which the botnet operates: at least 202 Proportion of traffic across the target websites that is botnet traffic: at least 65% Number of ad impressions served to the botnet per month: at least 9 billion Number of distinct ad-exchange cookies associated with the botnet per month: at least 7 million Average click-through rate generated by the botnet: 0.02% Average mouse-movement rate generated by the botnet: 11% Average CPM paid by advertisers for ad impressions served to the botnet: $0.69 CPM Monthly cost to advertisers of ad impressions served to the botnet: at least $6.2 million Stops Chameleon Botnet, which ―emulates human visitors on select websites causing billions of display ad impressions to be served.‖ Source: March 2013 -4- Augustine Fou
  5. 5. Ad Fraud Motive and Opportunity -5- Augustine Fou
  6. 6. Motive “Highly Lucrative, Profitable The aggregate ad revenue for the sample of 596 sites was an estimated $56.7 million for Q3 of 2013, projecting out to $226.7 million dollars annually, with average profit margins of 83%, ranging from 80% to as high as 94%.‖ Source: Digital Citizens Alliance Study, Feb 2014 -6- Augustine Fou
  7. 7. Opportunity As a greater proportion of ads are bought and sold automatically and by algorithm through ad exchanges, it has become far easier for bad guys to ―sell‖ fake traffic and impression inventory to unsuspecting, mainstrea m brand advertisers. Source: Digital Citizens Alliance Study, Feb 2014 -7- Augustine Fou
  8. 8. Ad Fraud Detection and Mitigation -8- Augustine Fou
  9. 9. Blacklisting Sites Value Exclude sites from serving your ads -9- Caveat For every site excluded, bad guys put up more (because they don‟t have to play by the rules). Augustine Fou
  10. 10. Enforcing Viewability Value Caveat Only pay for ads which are viewable (i.e. above the-fold) Bad guys can defeat ―viewability‖ by stuffing ads in hidden layers, all ―abovethe-fold” Source: May 2, 2013 - 10 - Augustine Fou
  11. 11. Bot Detection Value Caveat Good guys use algorithms to detect unusual behaviors indicative of bots (rather than humans) It‘s an arms race between good and bad; bots are more sophisticated and can fake mouse movements and keep cookies. Source: March 2013 - 11 - Augustine Fou
  12. 12. Using CAPTCHAs Value Caveat Captchas deter bots from filling in forms and stealing content and cookies. Some bots can now solve some captchas, most captchas don‘t protect content pages. Source: Solve Media Dec 31 2013 - 12 - ―Startup called Vicarious automatically solves CAPTCHAs.‖ Oct 2013 Augustine Fou
  13. 13. “The above countermeasures are all good, and advertisers should continue using them. But they are not enough. If the good guys fight the fight individually, there is little chance they can overcome the entire ecosystem of the bad guys. The good guys need to band together into their own ecosystem and put the bad guys on a „digital ad fraud equivalent to the National Sex Offenders Registry‟.” -- Dr. Augustine Fou - 13 - Augustine Fou
  14. 14. Ad Fraud Forensics Process Preliminary Scan Sizing of ad fraud Forensic Analysis Maintenance • Technology Tools • Statistical analysis • Budget shifts • Further optimization Implementation FREE $$$ Preliminary analysis of paid campaigns and analytics to determine magnitude of the ad fraud impacting client. Creating recommended list of changes, including list of sites to exclude in each ad channel. - 14 - $ Subscribe to triangulated, cross-industry database of ―ad fraud offenders‖ to continuously update blacklists and whitelists. Augustine Fou
  15. 15. Dr. Augustine Fou – Digital Forensics “I advise clients on optimizing advertising across all channels. Using advanced technical forensic techniques and custom tchnology tools, we detect and mitigate ad fraud and waste.” FORMER CHIEF DIGITAL OFFICER, HCG (OMNICOM) MCKINSEY CONSULTANT CLIENT SIDE / AGENCY SIDE EXPERIENCE PROFESSOR AND COLUMNIST ENTREPRENEUR / SMALL BUSINESS OWNER PHD MATERIALS SCIENCE (MIT '95) AT AGE 23 ClickZ Articles: Slideshares: LinkedIn: - 15 - @acfou Augustine Fou
  16. 16. Related Articles Digital Ad Fraud Briefing By: Augustine Fou December 2013 Fake YouTube Videos By: Augustine Fou, December 2013 How Display Fraud Works By: Augustine Fou, May 2013 Motive and Opportunity for Ad Fraud By: Augustine Fou, February 2014 How Click Fraud Works By: Augustine Fou, November 2013 Fake Facebook Profiles By: Augustine Fou, Dec 2013 The Magnitude of Digital Ad Fraud By: Augustine Fou, November 2013 Fake Twitter Accounts By: Augustine Fou, August 2013 ROI Case for Solving Ad Fraud By: Augustine Fou January 2014 Display Fraud 101 (video) By: Augustine Fou, Feb 2014 - 16 - Augustine Fou