Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Ad Fraud In Our Own Backyard

Most of the online ad industry sees fraud as an external threat, while it is mostly an issue with the supply chain of advertisers' campaigns.

A company that sells fraudulent web traffic for site monetization has won a contract to provide clicks to the US Government and is also launching their own fraud detection platform. This is an internal threat to the adtech environment where things are built on trust.

If taxpayer money is spent on fraudulent traffic and now the creators of fraudulent traffic are also the ones measuring its quality, this erodes the foundation of trust we operate on in our industry.

  • Login to see the comments

Ad Fraud In Our Own Backyard

  1. 1. of1 19 The Dhar Method Ad-Fraud In Our Own Backyard A Dhar Method Publication AdFraud is not only an external force penetrating the advertising ecosystem. Unconventional web traffic practices with seemingly legitimate advertising companies are an equally concerning side of the equation. "The challenge for capitalism is that the things that breed trust, also breed the environment for fraud." - James Surowiecki

  2. 2. of2 19 The Dhar Method Anyone that has read anything about ad-fraud has been exposed to the standard story of the "cybercriminals" and "hackers" that are infiltrating the digital advertising ecosystem to syphon out millions and billions of dollars in supposedly illicit funds. These types of press reports and stories have helped fuel the idea that fraud is a problem that is external and a threat that is difficult to protect against. • What if the truth was entirely different? • What if advertising dollars generated by fraudulent practices are the product of behavior by companies in our own backyard? • What if the problem is internal and can be dealt with as such? Many would say that the internal problem of fraud would be more easily addressed; and they would be absolutely right. Even if the "cybercriminals" and "hackers" are the ones generating the traffic at the source, there are hundreds of "publishers" and ad-networks that are funneling that fraudulent traffic into the mainstream advertising ecosystem. And those publishers and ad-networks have corporations, names, faces and bank accounts. Those four factors make them easily addressable and removable pieces from the larger digital advertising system. What is Internal vs. External? Now the question is, how do you know who is bad and who is good? Our instinct is to trust the trade-press to do the vetting of these companies and to provide us information and stories that are supported by facts and truth. Unfortunately, there are some in the trade-press and larger publisher circle that don't know enough about the nitty-gritty of ad-technology and ad-fraud specifically to be able to discern what is legitimate and what is not. Let's take the example of a company called eZanga. If you look it up online, you'll find a Wikipedia page and many articles that mention their anti-fraud efforts and legitimate business practices dealing in "qualified traffic". All of the articles and posts below lead up to what is the most important update regarding eZanga: (2016, August 24) schedule-contract-2152997.htm eZanga has won a contract from the US General Services Administration to provide PPC advertising services to Federal Government Agencies. The Federal government of the United States is now buying pay-per-click advertising from eZanga, a company for which I will present evidence in the following sections to show, that generates, sources, and sells fraudulent web visits and clicks. This is a huge concern. Tax dollars are now potentially going to be spent on fraudulent advertising activity.
  3. 3. of3 19 The Dhar Method
  4. 4. of4 19 The Dhar Method (eZanga's "proprietary" click fraud prevention product) (2012) profile/ezangacom
  5. 5. of5 19 The Dhar Method (2013)
  6. 6. of6 19 The Dhar Method In 2014, eZanga posted a YouTube promotional video of their traffic service. The video has approximately 1700 views and 0 comments. In the video at 0:38 the following statement is made by the narrator: “Dave now buys pre-filtered traffic from eZanga. And we finally got the third-parties to agree to something: eZanga's traffic score's well.” They are not purporting that the traffic is human nor offering an explanation of how the traffic is generated or where it comes from; they focus on one aspect, that it “scores well.” (2014) A blog post on WebSite Magazine in 2014 state the following: ”While other traffic providers require clicks be paid for before giving feedback on its quality, eZanga traffic is pre-filtered to eliminate fraudulent clicks before they are directed to clients’ websites. eZanga spends its own money to test each new source of traffic before exposing it to their client base." (2014) sights.aspx In 2015, a post on, the website for a prominent affiliate marketing and performance advertising conference, wrote about how eZanga was unique in that they weathered the storm of the recession in the United States after 2008. This post in isolation is inconspicuous but given the nature of selling click traffic, it forced me to wonder how their business was so sustainable despite market trends.
  7. 7. of7 19 The Dhar Method (2015) 2015 also saw the release of eZanga’s WordPress plugin, which monetizes in-text traffic from content on WordPress sites. For those who are unfamiliar, in-text traffic is when certain words in the content of a site are converted to links to an advertiser’s landing page, who is bidding on those keywords. "Digital marketing firm eZanga has released a new WordPress plugin called InText, which automatically places advertisements sourced through eZanga on a blog or website. InText differs from other WordPress advertising plugins by working in real-time, identifying keywords and matching targeted advertising instantaneously where other advertising plugins can take up to five minutes to register content." (2015)
  8. 8. of8 19 The Dhar Method In a post on Entrepreneur, eZanga advises media buyers on how to avoid click-fraud by getting filtered traffic from a third party and only dealing with publishers you can speak to directly. (ex-Director of Sales at eZanga, defines Click Fraud) (2015) eZanga publicized the “MosQUito bug” which "drains" human traffic from "thousands, possible millions" of infected wordpress and joomla sites. They published a list of 9,285 sites that were supposedly infected in April of 2016 but there has been no update in the 4 months since then. (2016) websites-175155 

  9. 9. of9 19 The Dhar Method Here are some of the sites that the “Mosquito Bug” had infected. This is 477 examples out of a total list of over 9,000. While pointing out a “bug” in the system is noble, its impact varies depending on the victims of the bug. The sites on the list affected by the Mosquito are far from mainstream. Many are even pornography related with blog hosting. 

  10. 10. of10 19 The Dhar Method
  11. 11. of11 19 The Dhar Method Although on the first page of Google results, there is this: A complaint about the quality of their traffic from 2009 with a series of comments back and forth between their CEO/Founder and other complainants. The CEO even responds with this statement: "Now, let’s looks at complaint boards, many users complain about many things. A quick google search (as you request) for companies like AT&T, APPLE and Coke-a-Cola will also produce results like: -> AT&T scams loyal customers with "Free Upgrade" SCAM -> Apple scams us again - no FW connector w/mini - iLounge Heck, Coke-a-Cola even made it to this complaint board:” The justification, which is seemingly quite legitimate, is that every company gets complaints and that eZanga is no different. Now, this is all what's publicly available and can be debated to no end. So, I want to share with you my own experience with them in buying traffic. I reached out to them to get traffic to my trusty old site I obviously would only want traffic that passes the major fraud filters so I chose to have access to all 5 that were available. Integral AdScience, DoubleVerify, Moat, Forensiq, and Pixalate. Let me be VERY CLEAR: None of these 5 actual fraud detection companies knew ahead of time, that eZanga is selling traffic with their name on it. The way this happens is that eZanga owns their own "publisher properties" which they run traffic to and monetize in various ad-platforms. They sign up either directly or through a third party for access to these filters to scan the quality of their traffic. From the perspective of the fraud-detection vendors, they are just dealing with a publisher that seems to occasionally have questionable traffic to the site. The way they create this "pre-filtered" traffic is by testing and exploiting the filters they have access to. See Dhar Chart Fig. 9.
  12. 12. of12 19 The Dhar Method See my emails with one of their sales managers: First I get accounts for various sources of traffic, each one corresponding to a specific fraudulent traffic detection vendor, along with corresponding pay-per-click prices. She even goes as far as helping me with where to monetize this pre-filtered traffic.
  13. 13. of13 19 The Dhar Method IntegralAdScience filtered traffic, she says, can be monetized on any banner network from “the exchanges.” Pixalate filtered traffic, she says, can be monetized on any search feed. MOAT and Forensiq filtered traffic, she says, works well with video networks but not one in particular. No suggestions on what to do with the DoubleVerify filtered traffic. Main Point: It “all really depends on which filter the advertiser on your side is using.” You might be thinking, “So what? What does any of this prove?” To confirm the anecdotal evidence, I had a bot-detection company, Oxford BioChronometrics to scan the eZanga traffic coming to the page ( and provide the results. If you had only seen the first few press mentions that I showed to you, it would be easy for you to pass this company off as a legitimate advertising company.
  14. 14. of14 19 The Dhar Method Now, here is where the problem gets messy. The United States government, through its Government Services Administration (GSA) has contracted out all of its Pay-Per-Click advertising services to eZanga. Although not directly proven with data from their campaigns, there is the imminent danger that tax dollars will be spent on fraudulent web traffic. contract-2152997.htm There are a variety of services offered via this contract, designated as Packages A-G. The minimum order for clicks is $100 and the maximum order is $1,000,000. There is an overall 1% discount from “list prices” and a 1.5% discount for orders between $25,000 and $49,999.99. Additionally, there is a 2.5% discount for orders between $50,000 and $249,999.99, and then a 4% discount for orders more than $250,000. The payment terms are Net30, meaning that payment for March services must be received by May 1st. Please see detailed breakout of packages on the following page:
  15. 15. of15 19 The Dhar Method
  16. 16. of16 19 The Dhar Method They are offering to “redirect a user upon clicking to any website of choice” for $0.10 to $0.20 per unique visitor from a text-based advertisement (see sample of eZanga ad-format below). This Cost-Per- Click includes a dedicated account manager and the unique visitors can be targeted from anywhere in the U.S, even from specific states and cities. The ad-sample above is taken from one of my accounts on eZanga’s PPC platform, AdPad. I have 5 accounts there, one for each of the following “filters”: IntegralAdScience, DoubleVerify, MOAT, Forensiq, and Pixalate. I have tested 25 different campaigns on eZanga’s platform for different research initiatives and client projects. The amount of clicks delivered was always in line with my budget specifications, regardless of what the text of the advertisement said. This is a clear indication of robotic traffic because the consistent click volume, even with gibberish ad-copy shows that no human on the other end is clicking based on interest in the potential content of the landing page. Also, there was never an “approval” process as referenced in the screenshot. Campaigns have gone live immediately, whether I set it up at 2 PM or 2 AM. One important distinction is between the pricing given to a customer like me and the pricing in the public contract with the federal government. Out of my five traffic options, the higher end of the bid landscape was $0.01. The GSA’s lower end of the CPC bids is $0.10 and the higher end being $0.20. This is a 20X difference!
  17. 17. of17 19 The Dhar Method If you’ve gotten this far in reading this report, I’m sure you are wondering how this is happening and why nobody stopped them. Maybe you’re thinking: “Why not alert the authorities?” or “Tell the General Services Agency that they are contracted to buy fraudulent clicks!” It’s not as easy as that. After alerting various legal bodies of both state and federal government levels, their reactions were full of concern but they required “proof.” While I did send them the images of my email interactions about the traffic as well as the technical ratings of the traffic purchased from eZanga, they needed more information; something with an impact to take to their superiors. This is why I’ve formatted this report as a story that can be understood and have the potential impact it needs. There are hundreds of fraudulent advertising companies in the industry and when looking at the degree of fraud within these companies, I find it useful to use the venn-diagram below. Differentiating these companies is important to understanding their role in contributing to fraud: Is it active or complicit? For eZanga, I would list them as a “blue-collar” ad-fraud company. They are involved with the active distribution of fraudulent traffic, they are a smaller company relative to major adtech organizations, they are not regular mentions in the trade-press or industry events, and the majority of their revenue seems to be from activities involving non-human traffic. 

  18. 18. of18 19 The Dhar Method While the capabilities statement provided to the GSA by eZanga makes claims of the traffic being “scrubbed clean” but I was given these claims as well on traffic that ended up being over 70% bots. The main government point of contact is listed as their CEO. They attempt to claim that “receiving PPC traffic from a company that not only purchases clicks, but also sells them, aids in your brand’s safety.” There is no logic in trusting a broker who also has a financial interest in the sale of said good.
  19. 19. of19 19 The Dhar Method I have excluded several points of data and screenshots that may be inflammatory, but I will make them available by request. Please e-mail me if you have any follow up questions or want clarification on a few things. I began my anti-fraud crusade in 2014 thinking that I could “criticize by category and praise by name.” While this may have been idealistic, I still truly believe that would be the preferred way to operate. Over time, I realized that there are certain organizations and individuals that need to be singled out for particularly devious practices and this report covers one that I thought was becoming a concern because of its contract with the U.S government and the possible spending of tax dollars on fraudulent web traffic. Ad-fraud has been repeatedly justified, by the people committing it, as a small harm done to huge corporations. That rationale does not apply here. I implore anyone reading this report to please be vigilant with your advertising practices. Not every company shows their true operation or is transparent about the quality of their good/service, and this is especially true in digital advertising today. If you have a hunch about a company that you think is profiting from the sale of fraudulent advertising or web traffic, please feel free to reach out to me and I would be happy to point you in the right direction or help you address the problem directly. There are lots of disagreements on the rates of fraud in the online ad market. The one thing all can agree on is that there is no base-truth. Fraud, in any arena, is something that lives in the shadows. It is difficult, if not impossible, to accurately count something that does its best to not be counted. What I think we can agree on is that ad-fraud is not an external force that harms the advertising world, but rather most of the problem lives in our own backyards. We can take this as an alarming idea, or we can realize that it makes the problem actually easier to solve. The choice is ours. - Shailin Dhar