March 2017 / Page 2marketing.scienceconsulting group, inc.
How profitable is ad fraud? EXTREMELY
“the profit margin is 99% …
[especially with pay-for-use cloud services ]…”
Source: Digital Citizens Alliance Study, Feb 2014
“highly lucrative, and profitable… with
margins from 80% to as high as 94%…”
March 2017 / Page 3marketing.scienceconsulting group, inc.
How scalable are fraud operations? MASSIVELY
Cash out sites are massively scalable
131 ads on page
13,100 ads /page
One visit redirected dozens of times
technique to hide
real referrer and
replace with faked
Thousands of requests per page
Single mobile app calling 10k impressions
March 2017 / Page 4marketing.scienceconsulting group, inc.
Example – AppNexus cleaned up 92% of impressions
Increased CPM prices
volume by 92%
< 20 cents
March 2017 / Page 5marketing.scienceconsulting group, inc.
Ad fraud is now the largest form of crime
Report Dec 2016
Source: ICC, U.S.
DHS, et. al
Bank Study 2013
$7 in $100$3 in $100
“this is a
Digital Ad Fraud
Source: IAB H1 2016
$44 in $100
March 2017 / Page 6marketing.scienceconsulting group, inc.
Methbot eats $1 in $6 of $10B video ad spend
Source: Dec 2016 WhiteOps Discloses Methbot Research
“the largest ad fraud discovered to date,
a single botnet, Methbot, steals $3 - $5
million per day, $2 billion annualized.”
1. Targets video ad inventory
$13 average CPM, 10X
higher than display ads
2. Disguised as good publishers
Pretending to be good
publishers to cover tracks
3. Simulated human actions
Actively faked clicks, mouse
movements, page scrolling
4. Obfuscated data center origins
Data center bots pretended to
be from residential IP addresses
March 2017 / Page 8marketing.scienceconsulting group, inc.
CPM/CPC buckets (91% of spend) is most targeted
91% digital spend
• rich media
(89% in 2015)
Source: IAB 1H 2016 Report
(86% in 2014)
March 2017 / Page 9marketing.scienceconsulting group, inc.
Two key ingredients of CPM and CPC Fraud
(includes mobile display, video ads)
1. Put up fake websites and load
tons of display ads on the pages
(includes mobile search ads)
2. Use fake users (bots) to
repeatedly load pages to
generate fake ad impressions
1. Put up fake websites and
participate in search networks
2. Use fake users (bots) to type
keywords and click on them
to generate the CPC revenue
of fake sites
March 2017 / Page 11marketing.scienceconsulting group, inc.
Websites – spectrum from bad to good
Ad Fraud Sites
Click Fraud Sites
“fraud sites” “sites w/ questionable practices” “good guys”
“real content that real
humans want to read”
March 2017 / Page 12marketing.scienceconsulting group, inc.
Countless fraud sites made by template
March 2017 / Page 14marketing.scienceconsulting group, inc.
Bots are automated browsers used for ad fraud
Bots are made from malware
compromised PCs or headless
browsers (no screen) in datacenters.
March 2017 / Page 15marketing.scienceconsulting group, inc.
Bots range in sophistication, and therefore cost
Malware on PCsData Center BotsOn-Page Bots
in data centers
Malware installed on
Less sophisticated Most sophisticated
Source: AdAge/Augustine Fou, Mar 2014 Source: Forensiq Source: Augustine Fou, Oct 2015
“the official industry lists of bots catch NONE
of these bots, not one.”
1 cent CPMs
Load pages, click
10 cent CPMs
Fake scroll, mouse
1 dollar CPMs
Replay human-like mouse
movements, clone cookies
“The equation of ad fraud is simple:
buy traffic for $1 CPMs, sell ads for
$10 CPMs; pocket $9 of pure profit.”
March 2017 / Page 17marketing.scienceconsulting group, inc.
How Ad Fraud Harms
March 2017 / Page 18marketing.scienceconsulting group, inc.
What I heard from Publishers
“Ad fraud doesn’t affect us”
“I wasn’t really aware of bots and fraud”
“Our SSP has an anti-fraud vendor”
“we checked, we have very low bots”
March 2017 / Page 19marketing.scienceconsulting group, inc.
Top-line ad revenue stolen
1. Bot visits good
publisher site to
2. Bot then visits fake sites to
cause ad impressions to load
there; those sites make the
March 2017 / Page 20marketing.scienceconsulting group, inc.
Bottom-line profit margin squeezed
$100 CPMs $0.10 CPMsvs
“Media agencies will buy more of the low-cost
stuff to lower their average costs.”
March 2017 / Page 21marketing.scienceconsulting group, inc.
Reputations at-risk, bad guys cover tracks
Click thru URL
passes fake source
buy eye cream online
(expensive CPC keyword)
1. Fake site that
carries search ads
Olay.com ad in
2. search ad
served, fake click
fake source declared
3. Click through to
March 2017 / Page 22marketing.scienceconsulting group, inc.
Premium audiences stolen by cookie matching
specialized audience can
be targeted elsewhere
March 2017 / Page 23marketing.scienceconsulting group, inc.
Bad measurements wrongly accuse publishers
Publisher does not have 90% bots and never had
“you have low viewability”
“you have 90% bots”
• We want a refund
• We won’t pay
• We want make-goods
March 2017 / Page 24marketing.scienceconsulting group, inc.
In-ad JS measurements could be entirely wrong
Foreign Ad iFrames
Cross-domain (XSS) security
restrictions mean iframe cannot:
• read content in parent frame
• detect actions in parent frame
• see where it is on the page
(above- or below- fold)
• detect characteristics of the
js ad tags
incorrectly reported as
March 2017 / Page 25marketing.scienceconsulting group, inc.
Unfair fight because bad guys cheat
“Bad guys have higher (fake) viewability”
Bad guys cheat by
stacking all ads
above the fold to
fake 100% viewability
Good guys have to array
ads on the page – e.g.
lower average viewability.
March 2017 / Page 26marketing.scienceconsulting group, inc.
Cybersecurity risks and audience info stolen
March 2017 / Page 27marketing.scienceconsulting group, inc.
How Ad Fraud Harms
March 2017 / Page 28marketing.scienceconsulting group, inc.
Messes up your analytics
click on links
load webpages tune bounce rate
“bad guys’ bots are advanced enough to fake most metrics”
March 2017 / Page 29marketing.scienceconsulting group, inc.
Messes up your KPIs
(18-45% clicks from advanced bots)
(0% clicks from bots)
(18% of clicks by bots)
(23% of clicks by bots)
(45% of clicks by bots)
Campaign KPI: CTRs
March 2017 / Page 30marketing.scienceconsulting group, inc.
Want 100% viewability? 0% NHT (bots)?
Bad guys cheat and stack
ALL ads above the fold to
make 100% viewability.
Sure, no problem.”
• IAS filtered traffic,
• DV filtered traffic
• Pixalate filtered traffic,
• MOAT filtered traffic,
• Forensiq filtered traffic
Sure, no problem.”
March 2017 / Page 32marketing.scienceconsulting group, inc.
Fraud bots are NOT on any list
bad guys’ bots
2% and “on the wane”
Source: GroupM, Feb 2017
Source: IAB Australia, Mar 2017
bot names in list
“not on any list”
disguised as popular
browsers – Internet
adapting to avoid
in the wild
March 2017 / Page 33marketing.scienceconsulting group, inc.
Three main places for NHT detection
• Used by advertisers
to measure ad
• Limitations – tag is in
foreign iframe, severe
limits on detection
ad tag / pixel
• Used by publishers to
measure visitors to pages
• Limitations – most
detailed and complete
analysis of visitors
• Used by exchanges to
screen bid requests
• Limitations – relies on
blacklists or probabilistic
algorithms, least info
March 2017 / Page 34marketing.scienceconsulting group, inc.
5% bots doesn’t mean 95% humans
volume bars (green)
red v blue trendlines
“Having fraud DETECTION is not the
same as having fraud PROTECTION.”
March 2017 / Page 37marketing.scienceconsulting group, inc.
Example of publishers taking action to reduce bots
Publisher 1 – stopped buying traffic
Publisher 2 – filtered data center traffic
March 2017 / Page 38marketing.scienceconsulting group, inc.
Publishers filtering bots – on-site vs in-ad
On-Site measurement, bots
are still coming
In-Ad measurement, bots
and data centers filtered
March 2017 / Page 39marketing.scienceconsulting group, inc.
About the Author
Augustine Fou, PhD.
212. 203 .7239
March 2017 / Page 40marketing.scienceconsulting group, inc.
Dr. Augustine Fou – Independent Ad Fraud Researcher
Follow me on LinkedIn (click) and on Twitter
March 2017 / Page 41marketing.scienceconsulting group, inc.
Harvard Business Review – October 2015
Hunting the Bots
Fou, a prodigy who earned a Ph.D. from MIT at
23, belongs to the generation that witnessed
the rise of digital marketers, having crafted his
trade at American Express, one of the most
successful American consumer brands, and at
Omnicom, one of the largest global advertising
agencies. Eventually stepping away from
corporate life, Fou started his own practice,
focusing on digital marketing fraud
Fou’s experiment proved that fake traffic is
unproductive traffic. The fake visitors inflated
the traffic statistics but contributed nothing to
conversions, which stayed steady even after the
traffic plummeted (bottom chart). Fake traffic is
generated by “bad-guy bots.” A bot is computer
code that runs automated tasks.