State of Ad Fraud #RampUp17

2,539 views

Published on

Ad fraud update by Dr. Augustine Fou for publishers given at #RampUp17, March 6, 2017 in San Francisco.

Published in: Marketing
0 Comments
3 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
2,539
On SlideShare
0
From Embeds
0
Number of Embeds
109
Actions
Shares
0
Downloads
4
Comments
0
Likes
3
Embeds 0
No embeds

No notes for slide

State of Ad Fraud #RampUp17

  1. 1. State of Digital Ad Fraud #RampUp17 Publisher Update March 2017 Augustine Fou, PhD. acfou@mktsci.com 212. 203 .7239
  2. 2. Ad Fraud is VERY Profitable and Scalable
  3. 3. March 2017 / Page 2marketing.scienceconsulting group, inc. linkedin.com/in/augustinefou How profitable is ad fraud? EXTREMELY Source: https://hbr.org/2015/10/why-fraudulent-ad- networks-continue-to-thrive “the profit margin is 99% … [especially with pay-for-use cloud services ]…” Source: Digital Citizens Alliance Study, Feb 2014 “highly lucrative, and profitable… with margins from 80% to as high as 94%…”
  4. 4. March 2017 / Page 3marketing.scienceconsulting group, inc. linkedin.com/in/augustinefou How scalable are fraud operations? MASSIVELY Cash out sites are massively scalable 131 ads on page X 100 iframes = 13,100 ads /page One visit redirected dozens of times Known blackhat technique to hide real referrer and replace with faked referrer. Example how-to: http://www.blackhatworld.co m/blackhat-seo/cloaking- content-generators/36830- cloaking-redirect-referer.html Thousands of requests per page Single mobile app calling 10k impressions Source: Forensiq
  5. 5. March 2017 / Page 4marketing.scienceconsulting group, inc. linkedin.com/in/augustinefou Example – AppNexus cleaned up 92% of impressions Increased CPM prices by 800% Decreased impression volume by 92% Source: http://adexchanger.com/ad-exchange-news/6-months-after-fraud-cleanup-appnexus-shares-effect-on-its-exchange/ 260 billion 20 billion > $1.60 < 20 cents
  6. 6. March 2017 / Page 5marketing.scienceconsulting group, inc. linkedin.com/in/augustinefou Ad fraud is now the largest form of crime $20 billion Counterfeit Goods U.S. $18 billion Somali pirates $70B 2016E Digital Ad Spending Bank robberies $38 million $31 billion U.S. alone $1 billion ATM Malware Payment Card Fraud 2015 $22 billion Source: Nilson Report Dec 2016 Source: ICC, U.S. DHS, et. al Source: World Bank Study 2013 Source: Kaspersky 2015 $7 in $100$3 in $100 “this is a PER YEAR number” Digital Ad Fraud Source: IAB H1 2016 $44 in $100
  7. 7. March 2017 / Page 6marketing.scienceconsulting group, inc. linkedin.com/in/augustinefou Methbot eats $1 in $6 of $10B video ad spend Source: Dec 2016 WhiteOps Discloses Methbot Research “the largest ad fraud discovered to date, a single botnet, Methbot, steals $3 - $5 million per day, $2 billion annualized.” 1. Targets video ad inventory $13 average CPM, 10X higher than display ads 2. Disguised as good publishers Pretending to be good publishers to cover tracks 3. Simulated human actions Actively faked clicks, mouse movements, page scrolling 4. Obfuscated data center origins Data center bots pretended to be from residential IP addresses
  8. 8. Where is Ad Fraud Concentrated?
  9. 9. March 2017 / Page 8marketing.scienceconsulting group, inc. linkedin.com/in/augustinefou CPM/CPC buckets (91% of spend) is most targeted Impressions (CPM/CPV) Clicks (CPC) Search 27% 91% digital spend Display 10% Video 7% Mobile 47% Leads (CPL) Sales (CPA) Lead Gen $2.0B Other $5.0B • classifieds • sponsorship • rich media (89% in 2015) Source: IAB 1H 2016 Report (86% in 2014)
  10. 10. March 2017 / Page 9marketing.scienceconsulting group, inc. linkedin.com/in/augustinefou Two key ingredients of CPM and CPC Fraud Impression (CPM) Fraud (includes mobile display, video ads) 1. Put up fake websites and load tons of display ads on the pages Search Click (CPC) Fraud (includes mobile search ads) 2. Use fake users (bots) to repeatedly load pages to generate fake ad impressions 1. Put up fake websites and participate in search networks 2. Use fake users (bots) to type keywords and click on them to generate the CPC revenue screen shots of fake sites
  11. 11. Fake Websites (cash-out sites)
  12. 12. March 2017 / Page 11marketing.scienceconsulting group, inc. linkedin.com/in/augustinefou Websites – spectrum from bad to good Ad Fraud Sites Click Fraud Sites 100% bot mostly human Piracy Sites Premium Publishers Sites w/ Sourced Traffic “fraud sites” “sites w/ questionable practices” “good guys” “real content that real humans want to read”
  13. 13. March 2017 / Page 12marketing.scienceconsulting group, inc. linkedin.com/in/augustinefou Countless fraud sites made by template 100% bot
  14. 14. Fake Visitors (bots)
  15. 15. March 2017 / Page 14marketing.scienceconsulting group, inc. linkedin.com/in/augustinefou Bots are automated browsers used for ad fraud Headless Browsers Selenium PhantomJS Zombie.js SlimerJS Mobile Simulators 35 listed Bots are made from malware compromised PCs or headless browsers (no screen) in datacenters. Bots
  16. 16. March 2017 / Page 15marketing.scienceconsulting group, inc. linkedin.com/in/augustinefou Bots range in sophistication, and therefore cost Javascript installed on webpage Malware on PCsData Center BotsOn-Page Bots Headless browsers in data centers Malware installed on humans’ devices Less sophisticated Most sophisticated Source: AdAge/Augustine Fou, Mar 2014 Source: Forensiq Source: Augustine Fou, Oct 2015 “the official industry lists of bots catch NONE of these bots, not one.” 1 cent CPMs Load pages, click 10 cent CPMs Fake scroll, mouse movement, click 1 dollar CPMs Replay human-like mouse movements, clone cookies
  17. 17. “The equation of ad fraud is simple: buy traffic for $1 CPMs, sell ads for $10 CPMs; pocket $9 of pure profit.”
  18. 18. March 2017 / Page 17marketing.scienceconsulting group, inc. linkedin.com/in/augustinefou How Ad Fraud Harms Good Publishers
  19. 19. March 2017 / Page 18marketing.scienceconsulting group, inc. linkedin.com/in/augustinefou What I heard from Publishers “Ad fraud doesn’t affect us” “I wasn’t really aware of bots and fraud” “Our SSP has an anti-fraud vendor” “we checked, we have very low bots”
  20. 20. March 2017 / Page 19marketing.scienceconsulting group, inc. linkedin.com/in/augustinefou Top-line ad revenue stolen 1. Bot visits good publisher site to collect “cookie” 2. Bot then visits fake sites to cause ad impressions to load there; those sites make the ad revenue www.nejm.org healthsiteproductionalways.com
  21. 21. March 2017 / Page 20marketing.scienceconsulting group, inc. linkedin.com/in/augustinefou Bottom-line profit margin squeezed www.nejm.org healthsiteproductionalways.com $100 CPMs $0.10 CPMsvs “Media agencies will buy more of the low-cost stuff to lower their average costs.”
  22. 22. March 2017 / Page 21marketing.scienceconsulting group, inc. linkedin.com/in/augustinefou http://www.olay.co m/skin-care- products/OlayPro- X?utm_source=msn &utm_medium=cpc &utm_campaign=Ol ay_Search_Desktop Reputations at-risk, bad guys cover tracks Click thru URL passes fake source “utm_source=msn” buy eye cream online (expensive CPC keyword) 1. Fake site that carries search ads Olay.com ad in #1 position 2. search ad served, fake click Destination page fake source declared 3. Click through to destination page
  23. 23. March 2017 / Page 22marketing.scienceconsulting group, inc. linkedin.com/in/augustinefou Premium audiences stolen by cookie matching specialized audience: oncologists jco.ascopubs.org specialized audience can be targeted elsewhere “cookie matching” (by placing javascript on your site)
  24. 24. March 2017 / Page 23marketing.scienceconsulting group, inc. linkedin.com/in/augustinefou Bad measurements wrongly accuse publishers Publisher does not have 90% bots and never had “you have low viewability” “you have 90% bots” • We want a refund • We won’t pay • We want make-goods
  25. 25. March 2017 / Page 24marketing.scienceconsulting group, inc. linkedin.com/in/augustinefou In-ad JS measurements could be entirely wrong Publisher Webpage publisher.com Foreign Ad iFrames adserver.com Cross-domain (XSS) security restrictions mean iframe cannot: • read content in parent frame • detect actions in parent frame • see where it is on the page (above- or below- fold) • detect characteristics of the parent page 1x1 pixel js ad tags ride along inside iframe incorrectly reported as 100% viewable
  26. 26. March 2017 / Page 25marketing.scienceconsulting group, inc. linkedin.com/in/augustinefou Unfair fight because bad guys cheat “Bad guys have higher (fake) viewability” AD Bad guys cheat by stacking all ads above the fold to fake 100% viewability Good guys have to array ads on the page – e.g. lower average viewability.
  27. 27. March 2017 / Page 26marketing.scienceconsulting group, inc. linkedin.com/in/augustinefou Cybersecurity risks and audience info stolen Source: https://www.exchangewire.com/blog/2016/05/19/%E2%80%8Bon-site-javascript-trackers-open-gaping-security-holes/
  28. 28. March 2017 / Page 27marketing.scienceconsulting group, inc. linkedin.com/in/augustinefou How Ad Fraud Harms Advertisers
  29. 29. March 2017 / Page 28marketing.scienceconsulting group, inc. linkedin.com/in/augustinefou Messes up your analytics click on links load webpages tune bounce rate tune pages/visit “bad guys’ bots are advanced enough to fake most metrics”
  30. 30. March 2017 / Page 29marketing.scienceconsulting group, inc. linkedin.com/in/augustinefou Messes up your KPIs Programmatic display (18-45% clicks from advanced bots) Premium publishers (0% clicks from bots) 0.13% CTR (18% of clicks by bots) 1.32% CTR (23% of clicks by bots) 5.93% CTR (45% of clicks by bots) Campaign KPI: CTRs
  31. 31. March 2017 / Page 30marketing.scienceconsulting group, inc. linkedin.com/in/augustinefou Want 100% viewability? 0% NHT (bots)? Bad guys cheat and stack ALL ads above the fold to make 100% viewability. “100% viewability? Sure, no problem.” AD • IAS filtered traffic, • DV filtered traffic • Pixalate filtered traffic, • MOAT filtered traffic, • Forensiq filtered traffic “0% NHT? Sure, no problem.”
  32. 32. Current State of NHT Detection
  33. 33. March 2017 / Page 32marketing.scienceconsulting group, inc. linkedin.com/in/augustinefou Fraud bots are NOT on any list user-agents.org bad guys’ bots 2% and “on the wane” Source: GroupM, Feb 2017 bot list-matching 4% Source: IAB Australia, Mar 2017 400 bot names in list “not on any list” disguised as popular browsers – Internet Explorer; constantly adapting to avoid detection 10,000 bots observed in the wild
  34. 34. March 2017 / Page 33marketing.scienceconsulting group, inc. linkedin.com/in/augustinefou Three main places for NHT detection In-Ad (ad iframes) On-Site (publishers’ sites) • Used by advertisers to measure ad impressions • Limitations – tag is in foreign iframe, severe limits on detection ad tag / pixel (in-ad measurement) javascript embed (on-site measurement) In-Network (ad exchange) • Used by publishers to measure visitors to pages • Limitations – most detailed and complete analysis of visitors • Used by exchanges to screen bid requests • Limitations – relies on blacklists or probabilistic algorithms, least info ad served bot human fraud site good site
  35. 35. March 2017 / Page 34marketing.scienceconsulting group, inc. linkedin.com/in/augustinefou 5% bots doesn’t mean 95% humans good publishers ad exchanges/networks volume bars (green) Stacked percent Blue (human) Red (bots) red v blue trendlines
  36. 36. “Having fraud DETECTION is not the same as having fraud PROTECTION.”
  37. 37. Case Examples
  38. 38. March 2017 / Page 37marketing.scienceconsulting group, inc. linkedin.com/in/augustinefou Example of publishers taking action to reduce bots Publisher 1 – stopped buying traffic Publisher 2 – filtered data center traffic
  39. 39. March 2017 / Page 38marketing.scienceconsulting group, inc. linkedin.com/in/augustinefou Publishers filtering bots – on-site vs in-ad On-Site measurement, bots are still coming In-Ad measurement, bots and data centers filtered 10% red -7% 3%
  40. 40. March 2017 / Page 39marketing.scienceconsulting group, inc. linkedin.com/in/augustinefou About the Author March 2017 Augustine Fou, PhD. acfou@mktsci.com 212. 203 .7239
  41. 41. March 2017 / Page 40marketing.scienceconsulting group, inc. linkedin.com/in/augustinefou Dr. Augustine Fou – Independent Ad Fraud Researcher 2013 2014 Follow me on LinkedIn (click) and on Twitter @acfou (click) Further reading: http://www.slideshare.net/augustinefou/presentations https://www.linkedin.com/today/author/augustinefou 2016 2015
  42. 42. March 2017 / Page 41marketing.scienceconsulting group, inc. linkedin.com/in/augustinefou Harvard Business Review – October 2015 Excerpt: Hunting the Bots Fou, a prodigy who earned a Ph.D. from MIT at 23, belongs to the generation that witnessed the rise of digital marketers, having crafted his trade at American Express, one of the most successful American consumer brands, and at Omnicom, one of the largest global advertising agencies. Eventually stepping away from corporate life, Fou started his own practice, focusing on digital marketing fraud investigation. Fou’s experiment proved that fake traffic is unproductive traffic. The fake visitors inflated the traffic statistics but contributed nothing to conversions, which stayed steady even after the traffic plummeted (bottom chart). Fake traffic is generated by “bad-guy bots.” A bot is computer code that runs automated tasks.

×