Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Digital Ad Fraud Is Not Illegal Yet

622 views

Published on

Digital ad fraud is not illegal because there are not laws against it yet. But it is very similar to other crimes for which there are laws -- e.g. counterfeit goods, computer crimes, etc.

Published in: Internet
  • 80% Win Rate? It's Not a BUG? [Proof Inside] ★★★ https://tinyurl.com/yxcmgjf5
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Be the first to like this

Digital Ad Fraud Is Not Illegal Yet

  1. 1. March 2019 / Page 0marketing.scienceconsulting group, inc. linkedin.com/in/augustinefou Digital Ad Fraud is Not Illegal Yet, But Should Be March 2019 Augustine Fou, PhD. acfou [at] mktsci.com
  2. 2. March 2019 / Page 1marketing.scienceconsulting group, inc. linkedin.com/in/augustinefou Why, what is it like?
  3. 3. March 2019 / Page 2marketing.scienceconsulting group, inc. linkedin.com/in/augustinefou Counterfeit goods Just like fake watches and handbags, fake digital ads
  4. 4. March 2019 / Page 3marketing.scienceconsulting group, inc. linkedin.com/in/augustinefou Computer crimesMany of the tech/actions that support ad fraud are computer crimes “computer crimes such as breaking into computers or computer networks. Computer crime can be broadly defined as criminal activity involving information technology infrastructure, including illegal access (unauthorized access), illegal interception (by technical means of non-public transmissions of computer data to, from or within a computer system), data interference (unauthorized damaging, deletion, deterioration, alteration or suppression of computer data), systems interference (interfering with the functioning of a computer system by inputting, transmitting, damaging, deleting, deteriorating, altering or suppressing computer data), misuse of devices, forgery (or identity theft) and electronic fraud. https://en.wikipedia.org/wiki/List_of_computer_criminals
  5. 5. March 2019 / Page 4marketing.scienceconsulting group, inc. linkedin.com/in/augustinefou Illegal Access / Breaches Harvesting personal info, ecommerce transactions, other data BreachesIllegal Access https://www.csoonline.com/article/2130 877/data-breach/the-biggest-data- breaches-of-the-21st-century.html
  6. 6. March 2019 / Page 5marketing.scienceconsulting group, inc. linkedin.com/in/augustinefou Illegal Interception Keystroke logging to collect logins, passwords, other personal info Source: Freedom to Tinker, Nov 2017 https://www.thedailybeast.com/california-passes-landmark- privacy-bill-to-restrict-data-harvesting
  7. 7. March 2019 / Page 6marketing.scienceconsulting group, inc. linkedin.com/in/augustinefou Data interference Alteration or suppression of computer data Buzzfeed, March 2018 Source: http://articles.latimes.com/2013/apr/19/business/la- fi-mo-cookie-stuffing-ebay-20130419 “Laguna Niguel man pleads guilty in 'cookie stuffing' scam against Ebay. The online auctioneer paid Dunning’s company about $5.2 million in 2006 and 2007, the U.S. Attorney said.”
  8. 8. March 2019 / Page 7marketing.scienceconsulting group, inc. linkedin.com/in/augustinefou Misuse of Devices Ransomware and malicious cryptomining using humans’ devices https://blog.malwarebytes.com/cybercrime/2018/02/state-malicious-cryptomining/https://www.zdnet.com/article/ransomware-not-dead-just-getting-a-lot-sneakier/
  9. 9. March 2019 / Page 8marketing.scienceconsulting group, inc. linkedin.com/in/augustinefou Forgery, falsified profiles Unverifiable lookalike audiences contain fake profiles/preferences Bots pretend to be oncologists by visiting oncology related sites. “[LOTAME] purged 400 million of its over 4 billion profiles after identifying them as bots.” Adweek, Feb 2018
  10. 10. March 2019 / Page 9marketing.scienceconsulting group, inc. linkedin.com/in/augustinefou Criminal impersonation Bad guys pretend to be politicians, celebrities to trick consumers
  11. 11. March 2019 / Page 10marketing.scienceconsulting group, inc. linkedin.com/in/augustinefou Copyright infringement Entire pages copied to thousands of other sites, to get free traffic Google search on entire phrase in quotes: http://bit.ly/16H9Gk5 Source: Buzzfeed, March 2019
  12. 12. March 2019 / Page 11marketing.scienceconsulting group, inc. linkedin.com/in/augustinefou Copyright/Trademark Laws Multiple forms of fraud, violating different laws Quote from Doc Searls, 1. “All four ads are flat-out frauds, in up to four ways apiece: All are lies (Tiger isn’t gone from Golf, Trump isn’t disqualified, Kaepernick is still with the Niners, Tom Brady is still playing), violating Truth in Advertising law. 2. They were surely not placed by ESPN and CNN. This is fraud. 3. All four of them violate copyright or trademark laws by using another company’s name or logo. (One falsely uses another’s logo. Three falsely use another company’s Web address.) 4. All four stories are bait-and-switch scams, which are also illegal. (Both of mine were actually ads for diet supplements.)”
  13. 13. March 2019 / Page 12marketing.scienceconsulting group, inc. linkedin.com/in/augustinefou Piracy/Mass Infringement Large numbers of cloned sites containing 100% pirated content Mass infringement sites use pirated content to attract human visitors - Show ads - Attempt to hack them or track them
  14. 14. March 2019 / Page 13marketing.scienceconsulting group, inc. linkedin.com/in/augustinefou DDoS traffic for ad revenueDDoS attacks overwhelm with traffic; now use traffic to make ad revenue Google Digital Attack Map
  15. 15. March 2019 / Page 14marketing.scienceconsulting group, inc. linkedin.com/in/augustinefou Ad dollars fund child abuse sites “Using a variety of sophisticated techniques to avoid detection, offenders are exploiting online advertising networks to monetise their distribution of child sexual abuse material.” Source: The Drum Nov 6, 2018 Source: CNN, Feb 2019
  16. 16. March 2019 / Page 15marketing.scienceconsulting group, inc. linkedin.com/in/augustinefou Ad dollars fund piracy, porn sites Source: Adweek, 2013 Source: BusinessInsider, 2014
  17. 17. March 2019 / Page 16marketing.scienceconsulting group, inc. linkedin.com/in/augustinefou Identity theft scenarios Stolen personal info can be sold, and also later used in hacking https://www.experian.com/blogs/ask-experian/heres-how-much- your-personal-information-is-selling-for-on-the-dark-web/ Data Prices on the Dark Web https://www.cnn.com/2019/03/09/tech/fac ebook-ukraine-hackers/index.html
  18. 18. March 2019 / Page 17marketing.scienceconsulting group, inc. linkedin.com/in/augustinefou Money laundering scenario Dollars are laundered as digital media ad spend on “cash out” sites 1. Buy digital media via ad exchanges on sites directly or indirectly owned by the same entities 2. Pay “ad tech tax” (cut to middlemen) 3. Collect dollars from “cash out” sites, fully laundered
  19. 19. March 2019 / Page 18marketing.scienceconsulting group, inc. linkedin.com/in/augustinefou Credit card fraud scenario Tiny transactions automated on millions of stolen card numbers Amateur Criminals Buy HDTV at Walmart with stolen credit card; get caught, card is deactivated. Pro Criminals Automate millions of 99 cent in- game purchases of “power-ups, shields, virtual goods” to harvest dollars, fully laundered.
  20. 20. March 2019 / Page 19marketing.scienceconsulting group, inc. linkedin.com/in/augustinefou Wire fraud scenarios Knowingly misrepresenting the capabilities of the … technology “Allegedly engaged in a multi-million dollar scheme to defraud investors, as well as a doctors and patients. charged with two counts of conspiracy to commit wire fraud and nine counts of wire fraud. Holmes and Balwani are charged with two counts of conspiracy to commit wire fraud and nine counts of wire fraud. Holmes and Balwani were accused of knowingly misrepresenting the capabilities of Theranos' proprietary blood testing technology. The two allegedly knew there were "accuracy and reliability problems," and that it "could not compete with existing, more conventional machines," the US Attorney's office said.” http://money.cnn.com/2018/06/15/technology/elizabeth- holmes-indicted-theranos/index.html
  21. 21. March 2019 / Page 20marketing.scienceconsulting group, inc. linkedin.com/in/augustinefou Securities fraud scenarios Deceptive practice of inducing investors with false information • Revenues derived from illegal activities • Inflating revenue, profits through ad fraud • Overstating subscribers, active users, ARPU • Selling counterfeit services and products • Misrepresenting the capabilities of services, products
  22. 22. March 2019 / Page 21marketing.scienceconsulting group, inc. linkedin.com/in/augustinefou Ad fraud is “cash out” for criminal activities
  23. 23. March 2019 / Page 22marketing.scienceconsulting group, inc. linkedin.com/in/augustinefou The most profitable criminal activity 2,500 - 4,100% returns 11% returns1% interest digital ad fraud stock marketbank interest “where else can I get multi- thousands percent returns on my money? Right. Nowhere.”
  24. 24. March 2019 / Page 23marketing.scienceconsulting group, inc. linkedin.com/in/augustinefou “Ad fraud is at ALL TIME HIGHS both in RATE and in DOLLARS… … and what’s worse is fraud detection is not catching it, so people have a false sense of security.” Source: https://www.slideshare.net/augustinefou/state-of-digital-ad-fraud-q2-2018
  25. 25. March 2019 / Page 24marketing.scienceconsulting group, inc. linkedin.com/in/augustinefou #defendthespend “solving ad fraud will reduce the flow of dollars to what amounts to ‘major economic crimes.’ Then, and only then, will we get back to REAL digital marketing.”
  26. 26. March 2019 / Page 25marketing.scienceconsulting group, inc. linkedin.com/in/augustinefou What can each party do?
  27. 27. March 2019 / Page 26marketing.scienceconsulting group, inc. linkedin.com/in/augustinefou Marketers • Cut or pause digital ad spend to observe if there are changes to real business outcomes. If not, keep cutting until you see a change. Anything else was not driving results anyway, no matter if it was marked “fraud free” or not. • Always ask why or how? Don’t assume summary reports are accurate or that other parties are doing what’s right for you. • Get detailed “line item” reports (e.g. sellerID based placement reports, not just domain based reports); choose reliable metrics and avoid easily fakable quantity metrics. • Rely on your common sense and check your own analytics for signs of fraud; reduce fraud by turning off sites and exchanges that exhibit consistent patterns of cheating.
  28. 28. March 2019 / Page 27marketing.scienceconsulting group, inc. linkedin.com/in/augustinefou Example: P&G cut $200M No business impact after cut; plans more cuts, up to half a billion “Once we got transparency, it illuminated what reality was,” said Mr. Pritchard. P&G then took matters into its owns hands and voted with its dollars, he said.” “As we all chased the Holy Grail of digital, self-included, we were relinquishing too much control— blinded by shiny objects, overwhelmed by big data, and ceding power to algorithms,” Mr. Pritchard said. Source: WSJ, March 2018 P&G: cut $200M, no impact
  29. 29. March 2019 / Page 28marketing.scienceconsulting group, inc. linkedin.com/in/augustinefou Ad Networks/DSPs/SSPs • Update policies to outlaw the most common forms of abuses that support ad fraud – duplicate content, phantom sites, auto-refreshing of pages and ad slots, naked ad calls • Establish simple “3 strikes” policy to notify offenders and provide paths to remediation and correction of violations • Provide detailed reports to clients, specifically sellerID based reports so all parties can “follow the money trail” and help identify bad actors
  30. 30. March 2019 / Page 29marketing.scienceconsulting group, inc. linkedin.com/in/augustinefou Example: model citizen SSP • “Strictly enforce ads.txt compliance. This goes beyond just verifying that an ads.txt is in place (which, as you note, is no barrier). Rather, it ensures that the domain sending the traffic must be tie back to a payee that is authorized by the site owner. This ensures that bad actors won't be paid for spoofed traffic. • Ban 300x250 video and other commonly arbitraged ad units. • Operate off a whitelist of partners, domains, and apps. There should be no chance of inventory going live without human review. • Scan all creatives for malware and other malicious code. • Have earned TAG Certification in all relevant programs (e.g. Certified Against Fraud, Certified Against Malware, Inventory Quality Guidelines) validated by a 3rd party. TAG certification [requires] thorough documentation and disclosures, which many bad actors may not be willing or able to complete.”
  31. 31. March 2019 / Page 30marketing.scienceconsulting group, inc. linkedin.com/in/augustinefou Publishers • Don’t source traffic (outright buying of hits to your site or app); this exposes you to ad fraud. This is different from paid/social media marketing, real content discovery. • Protect your buyers - filter obvious bots (GIVT – named bots and data centers) so ad calls are not made; this also reduces the chances of your getting accused of high invalid traffic • Protect your website visitors by reducing third party trackers and carefully vetting the ones that remain; reduce your own risk of privacy violations and non-compliance
  32. 32. March 2019 / Page 31marketing.scienceconsulting group, inc. linkedin.com/in/augustinefou Example: publisher filters bots Good publishers filter (GIVT) data center traffic, obvious bots Bots coming to site (on-site measurement) Bots filtered out (in-ad measurement) 11% red -9% (filtered GIVT and data centers) 2% red
  33. 33. March 2019 / Page 32marketing.scienceconsulting group, inc. linkedin.com/in/augustinefou Consumers • Use ad blockers, use malware protection software on all devices. Limit your exposure to high risk categories of sites – e.g. piracy sites. • Use common sense – DON’T click it, even if it appears to be from a friend or family member. Contact them on a different channel to ask if they meant to send it. • Be vigilant – assume that there will be even more hacking attempts and more malicious malware/malvertising to come as hackers step up their tech and attacks • Always monitor for your own personal info, photos, and other meta data that may be compromised already and used to trick and compromise you.
  34. 34. March 2019 / Page 33marketing.scienceconsulting group, inc. linkedin.com/in/augustinefou Example: ad blocking, VPNs
  35. 35. March 2019 / Page 34marketing.scienceconsulting group, inc. linkedin.com/in/augustinefou Government • Introduce new laws against digital ad fraud and related fraudulent business practices • Review government spending (taxpayer dollars) on digital ads that have proven to be completely ineffective • Subpoena analytics and reports for details which show actual performance, hidden in summary reports or averages • Subpoena financial records to see the money flows (fraud is very evident when you “follow the money”) and investigate money laundering and tax evasion
  36. 36. March 2019 / Page 35marketing.scienceconsulting group, inc. linkedin.com/in/augustinefou About the Author Augustine Fou, PhD. acfou [@] mktsci.com
  37. 37. March 2019 / Page 36marketing.scienceconsulting group, inc. linkedin.com/in/augustinefou “It’s easier to fool people than to convince them that they have been fooled.” Mark Twain
  38. 38. March 2019 / Page 37marketing.scienceconsulting group, inc. linkedin.com/in/augustinefou Dr. Augustine Fou – Researcher 2013 2014 Published slide decks and posts: http://www.slideshare.net/augustinefou/presentations https://www.linkedin.com/today/author/augustinefou 2016 2015 2017 20192018

×