Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Fake Everything 2019 Update


Published on

Ellen Pao was right. I have seen and documented the fake stuff since at least 2013. In digital, virtually unlimited fake accounts, fake traffic, fake users, fake ad impressions, etc. can be created. How many of the 50 slides in this deck were you familiar with?

Published in: Internet
  • Login to see the comments

Fake Everything 2019 Update

  1. 1. May 2019 / Page 0marketing.scienceconsulting group, inc. Everything Fake 2019 Update May 2019 Augustine Fou, PhD. acfou [at] 212. 203 .7239
  2. 2. May 2019 / Page 1marketing.scienceconsulting group, inc. (2013) Everything Fake “fake since (at least) 2013”
  3. 3. May 2019 / Page 2marketing.scienceconsulting group, inc. Fake sites - programmatic Using software to create thousands of sites automatically Source: SimilarWeb
  4. 4. May 2019 / Page 3marketing.scienceconsulting group, inc. Fake Websites - random Get paid to make fake websites (“cash-out” sites) for ad fraud • No content or content that is assembled (i.e. plagiarized) • Content not human readable • Stuffed with large numbers of ads • Page auto-reloads • Large abrupt traffic changes
  5. 5. May 2019 / Page 4marketing.scienceconsulting group, inc. Fake Content – made by bot Pages stuffed with search keywords to attract free organic traffic Characteristics • Auto-generated by bots, stuffed with search keywords • Stuffed with affiliate links and ads “More news is being written by robots than you think.” Souce: Singularity Hub March 2014 Mr. Johansson's program scrubs databases and other digital sources for information, and then packages it into an article. On a good day, he says his "Lsjbot" creates up to 10,000 new entries (PER DAY) Source: WSJ July 2014
  6. 6. May 2019 / Page 5marketing.scienceconsulting group, inc. Fake Videos – referral links For driving fake referral traffic to sites, attribution fraud /watch?v=xnkM9RrDzhM Banned Celebrity Sex Tapes Banned sex tapes .com
  7. 7. May 2019 / Page 6marketing.scienceconsulting group, inc. Fake YouTube Videos - SEO Keyword-stuffed for video SEO for fake sites (free traffic) /watch?v=upSOCzlSoHk watch?v=lhbDGpqCmZQ watch?v=UcdiM4uD6fM /watch?v=an6xRpQ5Wh8 Duplicated videos Some carry ads to generate ad revenue
  8. 8. May 2019 / Page 7marketing.scienceconsulting group, inc. Fake video views - purchased Straight line in video views – same quantity added per time period Actual interest Straight line – purchased views
  9. 9. May 2019 / Page 8marketing.scienceconsulting group, inc. Fake Sites / Apps com.dxnxbgj.mkridqxviiqaogw com.obugniljhe.fptvznqwhmcjm com.bpo.ksuhpsdkgvbtlsw com.rlcznwgouw.vvtexstbfttngc com.kasbgf.sbzwtgpcbjexi com.bprlgbl.vbze com.zka.lzhsoueilo com.alxsavx.mizzucnlb com.jxknvk.lrwfdfirdzpsw com.tvwvqbt.wbshaguqy com.iwnxtpahcu.leyuehdwdbb com.okf.rhvemtykfibzpxj com.obpmirzste.ldsjpv com.zmm.shmxvjxnsagndui com.nqzwr.leusrmpmsq com.rced.zcdsglptpdlwpu com.kerms.ehlsgnc com.cmia.iabhheltm com.skggynmtx.tyyjnwpefvqtll com.kgdtltnuv.hayvfhob com.ztzsiqg.dyojlxdscxws com.xlwuqe.ddrdhsuosbn com.rkrhmzee.wjcoznxu com.ebhzb.hbzvomzpcctovj Fake sites Fake sites Fake apps
  10. 10. May 2019 / Page 9marketing.scienceconsulting group, inc. Fake Apps for loading ads Hundreds of fake or cloned apps, make money via ads
  11. 11. May 2019 / Page 10marketing.scienceconsulting group, inc. Cloned apps, adware SDKs Apps are easily cloned; free software development kits given away Apps are cloned thousands of times; some didn’t even bother to change the colors or cover graphics. Bad guys accidentally cloned apps that already had detection SDK in it – from 312, to 750, to 1,330 copies. Source: CNBC, Aug 2017
  12. 12. May 2019 / Page 11marketing.scienceconsulting group, inc. Fake Antivirus Apps Fake apps that get lots of permissions on user device of-all-android-antivirus-apps-are-frauds/ than-two-thirds-all-android-antivirus-apps.html
  13. 13. May 2019 / Page 12marketing.scienceconsulting group, inc. Fake App Installs, Re-installs Fake mobile devices install legit apps, get paid cost-per-install (CPI) “Machine has analysed over 22.4 million app installs, 56% of which we detected as fraudulent. Of these 88 ad networks, only a single one delivered less than 10% fraudulent app installs. The rest fell somewhere between 15% and 100% fraudulent. Five of the networks delivered 100% fraudulent installs.” installs-are-actually-reinstalls-and-in-some-categories-its-75/ 34 mobile networks were >50% fraud 42% Installs were Actually Re-Installs
  14. 14. May 2019 / Page 13marketing.scienceconsulting group, inc. Fake downloads, boost rank Download/purchase own apps with bots to get to top 25 list
  15. 15. May 2019 / Page 14marketing.scienceconsulting group, inc. Fake IDFAs on real devices Bad apps rotate faked/copied device IDs to defeat frequency caps Source: Cinarra Systems
  16. 16. May 2019 / Page 15marketing.scienceconsulting group, inc. tOLKnMEzcnARvLTvChnt tOLKnMEzcnARvLTvChnt tOLKnMEzcnARvLTvChnt tOLKnMEzcnARvLTvChnt tOLKnMEzcnARvLTvChnt tOLKnMEzcnARvLTvChnt tOLKnMEzcnARvLTvChnt tOLKnMEzcnARvLTvChnt Random vs Replayed DeviceIDs Techniques to defeat fraud detection and frequency caps RANDOM deviceIDs lXvBEeRXPURtcKILYFYE IdUkQeWgqshMmfMdzlAx INIjBzHJHywhgRsMdQPe tiAnxwuKBNCjoMetZaPN UjtRbuUTvYUwmABhmPGH MDSUUgkENQkQDztavzfl iljoJEXUcLCEFwSdrwZn APbLSRUvlrIoofIchhLg NZXVVKCbymRYBSStNRYz UiSBmuDpYLkNvsHBKcri tOLKnMEzcnARvLTvChnt LZyhgblHtMIMaAliHWYB vKFknsnhGouIucYgxmdu • If fraud detection hasn’t seen a device before, the default action is to let the ad serve • Frequency caps based on deviceIDs are defeated, each device appears as new • Valid deviceIDs are harvested from real devices and sent to fake devices or apps to replay • Replayed deviceIDs are used by fraudulent apps to defeat fraud detection REPLAYED deviceIDs tOLKnMEzcnARvLTvChnt validated deviceID harvested
  17. 17. May 2019 / Page 16marketing.scienceconsulting group, inc. Fake apps to infect devices Fake versions of popular apps are used to infect humans’ devices Source: Independent, Jun 2018Source: Fortune, July 2016
  18. 18. May 2019 / Page 17marketing.scienceconsulting group, inc. Fake VPN – malware/adware Fake “free VPNs” track users’ browsing history, serve more ads Source: PC Magazine, Jun 2018 Source: ZDNet, May 2015 Source: TechCrunch, Feb 2019
  19. 19. May 2019 / Page 18marketing.scienceconsulting group, inc. Faked Google Analytics Manipulate Google analytics to show traffic that is non-existent Source:
  20. 20. May 2019 / Page 19marketing.scienceconsulting group, inc. Faked mouse moves/clicks Create fake mouse movements and clicks on ads using javascript Source:
  21. 21. May 2019 / Page 20marketing.scienceconsulting group, inc. Fake clicks – attribution scams Directly loading attribution urls and SDKs are to show fake clicks Source: Method Media Intelligence
  22. 22. May 2019 / Page 21marketing.scienceconsulting group, inc. Fake data Software tool to rotate referrer, browser agent, IP address Source: Ratko Vidakovic
  23. 23. May 2019 / Page 22marketing.scienceconsulting group, inc. Fake Geolocation Houston, TX 5am local time Bozeman, MT 4am local time Same set of 15 apps calling ads from both locations, at times when humans are not awake yet
  24. 24. May 2019 / Page 23marketing.scienceconsulting group, inc. Fake Agencies Out of the 28 fake ad agencies, only 20 ever had any activity in advertising markets. We believe Zirconium was progressively rolling out their agencies to overcome occasional bans, as they progressively got caught. We observed a pace of 1 to 3 releases per month. Since the majority of agencies were created around February 2017, the dormant ones progressively built precious reputation (mostly history, and social media following) to pose as established companies and maximize their potential of striking deals with more ad platforms. Source: Confiant, 2017
  25. 25. May 2019 / Page 24marketing.scienceconsulting group, inc. Fake traffic, laundered Fake sites don’t sell ads directly; they feed traffic to other sites Advertisers impacted
  26. 26. May 2019 / Page 25marketing.scienceconsulting group, inc. Fake pageviews – auto-redirect Webpages auto-redirect to other pages/sites in infinite loops How much does it cost?How much is available? a.k.a. “zero-click” “pop-under” “forced-view” “auto-nav”
  27. 27. May 2019 / Page 26marketing.scienceconsulting group, inc. Traffic sellers’ “high quality traffic” Many sources to buy “traffic,” tune “quality” level, host bots Google “buy real human traffic” Select vendor and “traffic quality level” Host your own bots (cost $3.99/mo)
  28. 28. May 2019 / Page 27marketing.scienceconsulting group, inc. Luminati[.]io Oxylabs[.]io Smartproxy[.]com Residential Proxies Use: to disguise data center bots to appear to come from residential IP addresses, avoid detection 40 million IP addresses 10 million IP addresses 30 million IP addresses
  29. 29. May 2019 / Page 28marketing.scienceconsulting group, inc. Fake or plagiarized ads.txt Source: MediaMath Fake sites rushed to put ads.txt files in place, to continue to sell “the company will only buy … from publishers who have an ads.txt file in place.” “completely useless… … fake and fraud sites just put ads.txt files in place so they can continue to sell inventory.”
  30. 30. May 2019 / Page 29marketing.scienceconsulting group, inc. Fake domains, bids Fake sites disguise themselves as good domains to sell inventory PublisherA does NOT sell ads on open exchanges! 100% spoofed inventory “In “domain spoofing,” bad actors intentionally disguise the nature of the ad space they’re selling. That inventory is made available via automated marketplaces run by ad tech companies such as the ones the FT highlighted. In the end, a marketer might believe they’re paying for ads on, but their ads may actually appear on other sites with questionable content and unknown ownership.” times-finds-counterfeit-ad-space-was- offered-by-at-least-six-companies- 1507563713
  31. 31. May 2019 / Page 30marketing.scienceconsulting group, inc. Fake GDPR consent strings Humans don’t give consent; bots consent to be shown more ads Source: CNBC, July 2018 • Humans don’t give consent to ad tech companies they have never heard of. • Bots give consent so more ads can be delivered to them • Forged consent flags that are not verifiable are used to continue programmatic ad trading
  32. 32. May 2019 / Page 31marketing.scienceconsulting group, inc. Fake ad impressions “dark processes” are continuous loading of ads, in background (demo video of page continuously loading ads in the background)
  33. 33. May 2019 / Page 32marketing.scienceconsulting group, inc. Fake mobile display ads May 26 Forbes “Judy Malware” • 40 bad apps to load ads • 36 million fake devices to load bad apps • e.g. 30 ads per device /minute • 30 ads per minute = 1 billion fraud impressions per minute June 1 Checkpoint “Fireball” • 250 million infected computers • primary use = traffic for ad fraud • 4 ads /pageview (2s load time) • fraudulent impressions at the rate of 30 billion per minuteSource: June 2017 “Chinese click fraud gang in Thailand arrested” 300 real devices used for click fraud
  34. 34. May 2019 / Page 33marketing.scienceconsulting group, inc. Fake ads - malvertising Ransomware can be delivered through ads with malicious code Source: ZDNet, March 2017 Source: TechRepublic, June 2017
  35. 35. May 2019 / Page 34marketing.scienceconsulting group, inc. Fake mobile traffic - apps Fraud apps repeatedly loading webpages, w/ hidden browsers Gallery urls repeatedly loaded By same apps, in the same ratios
  36. 36. May 2019 / Page 35marketing.scienceconsulting group, inc. Fake Traffic - pop-unders Porn sites have humans; click play, spawn pop-under, load ads Source: Digiday Feb 2017 Source: BuzzFeed Dec 2017
  37. 37. May 2019 / Page 36marketing.scienceconsulting group, inc. Pages auto-load other pages Code causes pages to auto-load other pages repeatedly Source:
  38. 38. May 2019 / Page 37marketing.scienceconsulting group, inc. Fake ad blockers – more ads Instead of blocking, fake ad blockers load more ads and track users Source: Engadget, April 2018
  39. 39. May 2019 / Page 38marketing.scienceconsulting group, inc. Fake profiles “[LOTAME] purged 400 million of its over 4 billion profiles after identifying them as bots or otherwise fraudulent accounts. Lotame CEO Andy Monfried estimated that 40 percent of all web traffic is fictional.” Source: Adweek, Feb 2018
  40. 40. May 2019 / Page 39marketing.scienceconsulting group, inc. Fake LinkedIn Profiles Used to simulate “user engagement” (ad clicks), audiences bot generated content stock photo
  41. 41. May 2019 / Page 40marketing.scienceconsulting group, inc. Facebook purges 1.3 billion fake “It was barely a year ago that Facebook proudly declared it had more than 2.2 billion monthly users. But on Tuesday, the social media giant revealed some stunning data, including that during the six months ending in March, Facebook disabled a total of almost 1.3 billion fake accounts. During the first quarter of 2018, Facebook says it deleted 865 million posts, the vast majority of it for being spammy, and the remainder for containing graphic violence, sexual activity or nudity, terrorism or hate speech. Source: Inc. May 2018
  42. 42. May 2019 / Page 41marketing.scienceconsulting group, inc. Fake Twitter accounts - bots Used to sell fake followers, likes, retweets, ad views and clicks could-be-bots-says-study.html “A big chunk of those "likes," "retweets," and "followers" lighting up your Twitter account may not be coming from human hands. According to new research from the University of Southern California and Indiana University. Since Twitter currently has 319 million monthly active users, that translates to nearly 48 million bot accounts.”
  43. 43. May 2019 / Page 42marketing.scienceconsulting group, inc. Fake influencers Fake influencers bought followers to appear to be influential Source: Adweek, Jun 2018 “an array of entertainers, entrepreneurs, athletes and media figures, … bought Twitter followers or artificial engagement. A New York Times article on Saturday describing a vast trade in fake followers and fraudulent engagement on Twitter and other social media sites, often using personal information taken from real users. NY Times: The Follower Factory
  44. 44. May 2019 / Page 43marketing.scienceconsulting group, inc. Fake segments - seasonality Bots browse items by season to attract higher retargeting CPMs Source: DataXu/DoubleVerify Webinar, April 2015 “look at backpacks in back-to-school season”
  45. 45. May 2019 / Page 44marketing.scienceconsulting group, inc. Fake behaviors Bots visit collections of sites to make themselves look attractive “cookie matching” Bots pretend to be oncologists by visiting sites, collecting cookie Attract ad dollars to fake sites when retargeted
  46. 46. May 2019 / Page 45marketing.scienceconsulting group, inc. Fake Personality Quizzes Used to harvest personal info, meta data for later use in hacking exposed-facebook-data-of-120-million-users-2018-6 million-users-to-cambridge-analytica/
  47. 47. May 2019 / Page 46marketing.scienceconsulting group, inc. Fake Celebrity Lookalike Collect self-selected face photos for later use in hacking Users self-select face pictures to use for “which celebrity do you look like” quizzes. These are harvested for later use in hacking.
  48. 48. May 2019 / Page 47marketing.scienceconsulting group, inc. Fake tech support scams Designed to trick panicked consumers into downloading or calling scammers-revive-bug-that-sends-chrome-users-into-a-panic/
  49. 49. May 2019 / Page 48marketing.scienceconsulting group, inc. Fake Sweepstakes/PrizesUsed to steal users’ email addresses and other personal information
  50. 50. May 2019 / Page 49marketing.scienceconsulting group, inc. Preinstalled adware/spyware Companies get paid to pre-install adware/spyware on devices Source: TheVerge, Jul 2017 Source: CNN, Feb 2015
  51. 51. May 2019 / Page 50marketing.scienceconsulting group, inc. Fake botnet for publicity PRESS RELEASE: “used highly sophisticated techniques to fraudulently load ads on the affected sites without the site owners' consent, leveraging a new methodology that allows it to monetize inventory on premium domains.” “The botnet was completely fabricated for the press release announcing their new algo. None of this actually happened; no ads were injected into any of the sites they named in the press release. This was confirmed by direct measurement on the good publishers’ sites. They were falsely accused and their reputation was harmed by this publicity stunt. The failure of the fraud detection was due to their analyzing only pre-bid data, and using big data and machine learning approaches, without an understanding of actual ad serving tech, javascript, and how browsers work.”
  52. 52. May 2019 / Page 51marketing.scienceconsulting group, inc. Fake Leads (Lead Fraud) Real data collected from breaches create leads that appear valid Fake leads • Previously filled out by hand • Now, fully automated with bots using databases of real postal addresses, etc. (that trick verification engines)
  53. 53. May 2019 / Page 52marketing.scienceconsulting group, inc. #defendthespend “marketers can (and should) reduce the flow of dollars to cybercriminals that are committing ‘major economic crimes’.” Then, and only then, will we get back to REAL digital marketing.”
  54. 54. May 2019 / Page 53marketing.scienceconsulting group, inc. Digital Marketing circa 2018
  55. 55. May 2019 / Page 54marketing.scienceconsulting group, inc. About the Author Augustine Fou, PhD. acfou [@] 212. 203 .7239
  56. 56. May 2019 / Page 55marketing.scienceconsulting group, inc. Dr. Augustine Fou – Researcher 2013 2014 Published slide decks and posts: 2016 2015 2017 20192018