Ellen Pao was right. I have seen and documented the fake stuff since at least 2013. In digital, virtually unlimited fake accounts, fake traffic, fake users, fake ad impressions, etc. can be created. How many of the 50 slides in this deck were you familiar with?
May 2019 / Page 0marketing.scienceconsulting group, inc.
Augustine Fou, PhD.
acfou [at] mktsci.com
212. 203 .7239
May 2019 / Page 1marketing.scienceconsulting group, inc.
(2013) Everything Fake
“fake since (at least) 2013”
May 2019 / Page 2marketing.scienceconsulting group, inc.
Fake sites - programmatic
Using software to create thousands of sites automatically
May 2019 / Page 3marketing.scienceconsulting group, inc.
Fake Websites - random
Get paid to make fake websites (“cash-out” sites) for ad fraud
• No content or
content that is
• Content not human
• Stuffed with large
numbers of ads
• Page auto-reloads
• Large abrupt traffic
May 2019 / Page 4marketing.scienceconsulting group, inc.
Fake Content – made by bot
Pages stuffed with search keywords to attract free organic traffic
• Auto-generated by bots, stuffed with
• Stuffed with affiliate links and ads
“More news is
by robots than
Mr. Johansson's program
scrubs databases and
other digital sources for
information, and then
packages it into an article.
On a good day, he says his
"Lsjbot" creates up to
10,000 new entries (PER
Source: WSJ July 2014
May 2019 / Page 5marketing.scienceconsulting group, inc.
Fake Videos – referral links
For driving fake referral traffic to sites, attribution fraud
Banned Celebrity Sex Tapes
Banned sex tapes .com
May 2019 / Page 6marketing.scienceconsulting group, inc.
Fake YouTube Videos - SEO
Keyword-stuffed for video SEO for fake sites (free traffic)
Some carry ads to
generate ad revenue
May 2019 / Page 7marketing.scienceconsulting group, inc.
Fake video views - purchased
Straight line in video views – same quantity added per time period
– purchased views
May 2019 / Page 9marketing.scienceconsulting group, inc.
Fake Apps for loading ads
Hundreds of fake or cloned apps, make money via ads
May 2019 / Page 10marketing.scienceconsulting group, inc.
Cloned apps, adware SDKs
Apps are easily cloned; free software development kits given away
Apps are cloned
thousands of times;
some didn’t even
bother to change the
colors or cover
Bad guys accidentally
cloned apps that
already had detection
SDK in it – from 312, to
750, to 1,330 copies.
Source: CNBC, Aug 2017
May 2019 / Page 11marketing.scienceconsulting group, inc.
Fake Antivirus Apps
Fake apps that get lots of permissions on user device
May 2019 / Page 12marketing.scienceconsulting group, inc.
Fake App Installs, Re-installs
Fake mobile devices install legit apps, get paid cost-per-install (CPI)
“Machine has analysed over 22.4 million app installs,
56% of which we detected as fraudulent.
Of these 88 ad networks, only a single one delivered
less than 10% fraudulent app installs. The rest fell
somewhere between 15% and 100% fraudulent. Five
of the networks delivered 100% fraudulent installs.”
34 mobile networks were >50% fraud
42% Installs were Actually Re-Installs
May 2019 / Page 13marketing.scienceconsulting group, inc.
Fake downloads, boost rank
Download/purchase own apps with bots to get to top 25 list
May 2019 / Page 14marketing.scienceconsulting group, inc.
Fake IDFAs on real devices
Bad apps rotate faked/copied device IDs to defeat frequency caps
Source: Cinarra Systems
May 2019 / Page 15marketing.scienceconsulting group, inc.
Random vs Replayed DeviceIDs
Techniques to defeat fraud detection and frequency caps
• If fraud detection hasn’t seen a device
before, the default action is to let the ad
• Frequency caps based on deviceIDs are
defeated, each device appears as new
• Valid deviceIDs are harvested from real
devices and sent to fake devices or apps to
• Replayed deviceIDs are used by fraudulent
apps to defeat fraud detection
validated deviceID harvested
May 2019 / Page 16marketing.scienceconsulting group, inc.
Fake apps to infect devices
Fake versions of popular apps are used to infect humans’ devices
Source: Independent, Jun 2018Source: Fortune, July 2016
May 2019 / Page 17marketing.scienceconsulting group, inc.
Fake VPN – malware/adware
Fake “free VPNs” track users’ browsing history, serve more ads
Source: PC Magazine, Jun 2018 Source: ZDNet, May 2015 Source: TechCrunch, Feb 2019
May 2019 / Page 18marketing.scienceconsulting group, inc.
Faked Google Analytics
Manipulate Google analytics to show traffic that is non-existent
May 2019 / Page 19marketing.scienceconsulting group, inc.
Faked mouse moves/clicks
May 2019 / Page 20marketing.scienceconsulting group, inc.
Fake clicks – attribution scams
Directly loading attribution urls and SDKs are to show fake clicks
Source: Method Media Intelligence
May 2019 / Page 21marketing.scienceconsulting group, inc.
Software tool to rotate referrer, browser agent, IP address
Source: Ratko Vidakovic
May 2019 / Page 22marketing.scienceconsulting group, inc.
5am local time
4am local time
Same set of 15 apps calling ads from both locations, at times when humans are not awake yet
May 2019 / Page 23marketing.scienceconsulting group, inc.
Out of the 28 fake ad agencies, only
20 ever had any activity in advertising
markets. We believe Zirconium was
progressively rolling out their agencies
to overcome occasional bans, as they
progressively got caught. We observed
a pace of 1 to 3 releases per month.
Since the majority of agencies were
created around February 2017, the
dormant ones progressively built
precious reputation (mostly history,
and social media following) to pose as
established companies and maximize
their potential of striking deals with
more ad platforms.
Source: Confiant, 2017
May 2019 / Page 24marketing.scienceconsulting group, inc.
Fake traffic, laundered
Fake sites don’t sell ads directly; they feed traffic to other sites
May 2019 / Page 25marketing.scienceconsulting group, inc.
Fake pageviews – auto-redirect
Webpages auto-redirect to other pages/sites in infinite loops
How much does it cost?How much is available?
a.k.a. “zero-click” “pop-under” “forced-view” “auto-nav”
May 2019 / Page 26marketing.scienceconsulting group, inc.
Traffic sellers’ “high quality traffic”
Many sources to buy “traffic,” tune “quality” level, host bots
“buy real human traffic”
Select vendor and
“traffic quality level”
Host your own bots
May 2019 / Page 27marketing.scienceconsulting group, inc.
Luminati[.]io Oxylabs[.]io Smartproxy[.]com
Use: to disguise data center bots to appear to come from
residential IP addresses, avoid detection
May 2019 / Page 28marketing.scienceconsulting group, inc.
Fake or plagiarized ads.txt
Fake sites rushed to put ads.txt files in place, to continue to sell
“the company will only buy
… from publishers who have
an ads.txt file in place.”
… fake and fraud sites just
put ads.txt files in place so
they can continue to sell
May 2019 / Page 29marketing.scienceconsulting group, inc.
Fake domains, bids
Fake sites disguise themselves as good domains to sell inventory
NOT sell ads on
100% spoofed inventory
“In “domain spoofing,” bad actors intentionally disguise the
nature of the ad space they’re selling. That inventory is
made available via automated marketplaces run by ad tech
companies such as the ones the FT highlighted. In the end, a
marketer might believe they’re paying for ads on FT.com,
but their ads may actually appear on other sites with
questionable content and unknown ownership.”
May 2019 / Page 30marketing.scienceconsulting group, inc.
Fake GDPR consent strings
Humans don’t give consent; bots consent to be shown more ads
Source: CNBC, July 2018
• Humans don’t give consent
to ad tech companies they
have never heard of.
• Bots give consent so more
ads can be delivered to
• Forged consent flags that
are not verifiable are used
to continue programmatic
May 2019 / Page 31marketing.scienceconsulting group, inc.
Fake ad impressions
“dark processes” are continuous loading of ads, in background
(demo video of page continuously
loading ads in the background)
May 2019 / Page 32marketing.scienceconsulting group, inc.
Fake mobile display ads
May 26 Forbes “Judy Malware”
• 40 bad apps to load ads
• 36 million fake devices to load
• e.g. 30 ads per device /minute
• 30 ads per minute = 1 billion
fraud impressions per minute
June 1 Checkpoint “Fireball”
• 250 million infected computers
• primary use = traffic for ad
• 4 ads /pageview (2s load time)
• fraudulent impressions at the
rate of 30 billion per minuteSource: June 2017 “Chinese click
fraud gang in Thailand arrested”
300 real devices
used for click fraud
May 2019 / Page 33marketing.scienceconsulting group, inc.
Fake ads - malvertising
Ransomware can be delivered through ads with malicious code
Source: ZDNet, March 2017 Source: TechRepublic, June 2017
May 2019 / Page 34marketing.scienceconsulting group, inc.
Fake mobile traffic - apps
Fraud apps repeatedly loading webpages, w/ hidden browsers
Gallery urls repeatedly loaded
By same apps, in the same ratios
May 2019 / Page 35marketing.scienceconsulting group, inc.
Fake Traffic - pop-unders
Porn sites have humans; click play, spawn pop-under, load ads
Source: Digiday Feb 2017 Source: BuzzFeed Dec 2017
May 2019 / Page 36marketing.scienceconsulting group, inc.
Pages auto-load other pages
Code causes pages to auto-load other pages repeatedly
May 2019 / Page 37marketing.scienceconsulting group, inc.
Fake ad blockers – more ads
Instead of blocking, fake ad blockers load more ads and track users
Source: Engadget, April 2018
May 2019 / Page 38marketing.scienceconsulting group, inc.
“[LOTAME] purged 400
million of its over 4
billion profiles after
identifying them as
bots or otherwise
Lotame CEO Andy
that 40 percent of all
web traffic is fictional.”
Source: Adweek, Feb 2018
May 2019 / Page 39marketing.scienceconsulting group, inc.
Fake LinkedIn Profiles
Used to simulate “user engagement” (ad clicks), audiences
bot generated content
May 2019 / Page 40marketing.scienceconsulting group, inc.
Facebook purges 1.3 billion fake
“It was barely a year ago that
Facebook proudly declared it had
more than 2.2 billion monthly
users. But on Tuesday, the social
media giant revealed
some stunning data, including
that during the six months ending
in March, Facebook disabled a
total of almost 1.3 billion fake
During the first quarter of 2018,
Facebook says it deleted 865
million posts, the vast majority of
it for being spammy, and the
remainder for containing graphic
violence, sexual activity or nudity,
terrorism or hate speech.
Source: Inc. May 2018
May 2019 / Page 41marketing.scienceconsulting group, inc.
Fake Twitter accounts - bots
Used to sell fake followers, likes, retweets, ad views and clicks
“A big chunk of those "likes," "retweets," and
"followers" lighting up your Twitter account
may not be coming from human hands.
According to new research from the
University of Southern California and Indiana
Since Twitter currently has 319 million
monthly active users, that translates to nearly
48 million bot accounts.”
May 2019 / Page 42marketing.scienceconsulting group, inc.
Fake influencers bought followers to appear to be influential
Source: Adweek, Jun 2018
“an array of entertainers, entrepreneurs,
athletes and media figures, … bought Twitter
followers or artificial engagement. A New York
Times article on Saturday describing a vast trade
in fake followers and fraudulent engagement on
Twitter and other social media sites, often using
personal information taken from real users.
NY Times: The Follower Factory
May 2019 / Page 43marketing.scienceconsulting group, inc.
Fake segments - seasonality
Bots browse items by season to attract higher retargeting CPMs
Source: DataXu/DoubleVerify Webinar, April 2015
“look at backpacks in back-to-school season”
May 2019 / Page 44marketing.scienceconsulting group, inc.
Bots visit collections of sites to make themselves look attractive
Bots pretend to be oncologists
by visiting sites, collecting cookie
Attract ad dollars to fake
sites when retargeted
May 2019 / Page 45marketing.scienceconsulting group, inc.
Fake Personality Quizzes
Used to harvest personal info, meta data for later use in hacking
May 2019 / Page 46marketing.scienceconsulting group, inc.
Fake Celebrity Lookalike
Collect self-selected face photos for later use in hacking
Users self-select face
pictures to use for
“which celebrity do you
look like” quizzes. These
are harvested for later
use in hacking.
May 2019 / Page 47marketing.scienceconsulting group, inc.
Fake tech support scams
Designed to trick panicked consumers into downloading or calling
May 2019 / Page 48marketing.scienceconsulting group, inc.
Fake Sweepstakes/PrizesUsed to steal users’ email addresses and other personal information
May 2019 / Page 49marketing.scienceconsulting group, inc.
Companies get paid to pre-install adware/spyware on devices
Source: TheVerge, Jul 2017 Source: CNN, Feb 2015
May 2019 / Page 50marketing.scienceconsulting group, inc.
Fake botnet for publicity
“used highly sophisticated techniques to
fraudulently load ads on the affected sites
without the site owners' consent, leveraging
a new methodology that allows it to
monetize inventory on premium domains.”
“The botnet was completely fabricated for the press
release announcing their new algo. None of this
actually happened; no ads were injected into any of
the sites they named in the press release. This was
confirmed by direct measurement on the good
publishers’ sites. They were falsely accused and their
reputation was harmed by this publicity stunt.
The failure of the fraud detection was due to their
analyzing only pre-bid data, and using big data and
machine learning approaches, without an
and how browsers work.”
May 2019 / Page 51marketing.scienceconsulting group, inc.
Fake Leads (Lead Fraud)
Real data collected from breaches create leads that appear valid
• Previously filled out by hand
• Now, fully automated with
bots using databases of real
postal addresses, etc. (that
trick verification engines)
May 2019 / Page 52marketing.scienceconsulting group, inc.
“marketers can (and should) reduce the
flow of dollars to cybercriminals that are
committing ‘major economic crimes’.”
Then, and only then, will we get
back to REAL digital marketing.”
May 2019 / Page 53marketing.scienceconsulting group, inc.
Digital Marketing circa 2018
May 2019 / Page 54marketing.scienceconsulting group, inc.
About the Author
Augustine Fou, PhD.
acfou [@] mktsci.com
212. 203 .7239
May 2019 / Page 55marketing.scienceconsulting group, inc.
Dr. Augustine Fou – Researcher
Published slide decks and posts: