Successfully reported this slideshow.
Your SlideShare is downloading. ×
Loading in …3

Check these out next

1 of 66 Ad

More Related Content

Slideshows for you (20)

Similar to State of Digital Ad Fraud Q2 2018 (20)


More from Dr. Augustine Fou - Independent Ad Fraud Researcher (19)

Recently uploaded (20)


State of Digital Ad Fraud Q2 2018

  1. 1. State of Ad Fraud Q2 2018 May 2018 Augustine Fou, PhD. acfou [at] 212. 203 .7239
  2. 2. “Ad fraud is at ALL TIME HIGHS both in RATE and in DOLLARS… … and what’s worse is fraud detection is not catching it, so people have a false sense of security.” It’s not fine.
  3. 3. May 2018 / Page 2marketing.scienceconsulting group, inc. Simple, high profits, low risk 1. set up FAKE SITES 2. buy FAKE TRAFFIC 3. sell FAKE ADS
  4. 4. May 2018 / Page 3marketing.scienceconsulting group, inc. Simple “arb” (arbitrage) Ads sold through“buy low” $1 CPM “sell high” $5 - $10 CPMs Marketers duped Source: Basis Source: SimilarWeb
  5. 5. May 2018 / Page 4marketing.scienceconsulting group, inc. Countless more fake sites/apps com.dxnxbgj.mkridqxviiqaogw com.obugniljhe.fptvznqwhmcjm com.bpo.ksuhpsdkgvbtlsw com.rlcznwgouw.vvtexstbfttngc com.kasbgf.sbzwtgpcbjexi com.bprlgbl.vbze com.zka.lzhsoueilo com.alxsavx.mizzucnlb com.jxknvk.lrwfdfirdzpsw com.tvwvqbt.wbshaguqy com.iwnxtpahcu.leyuehdwdbb com.okf.rhvemtykfibzpxj com.obpmirzste.ldsjpv com.zmm.shmxvjxnsagndui com.nqzwr.leusrmpmsq com.rced.zcdsglptpdlwpu com.kerms.ehlsgnc com.cmia.iabhheltm com.skggynmtx.tyyjnwpefvqtll com.kgdtltnuv.hayvfhob com.ztzsiqg.dyojlxdscxws com.xlwuqe.ddrdhsuosbn com.rkrhmzee.wjcoznxu com.ebhzb.hbzvomzpcctovj Fake sites Fake sites Fake apps
  6. 6. May 2018 / Page 5marketing.scienceconsulting group, inc. Insane profits from ad fraud Sample Campaign 1 • Amount spent to buy traffic – $183,000 • Traffic purchased – 37 million pageviews ($4.99 CPM) • Clicks successfully sold – 3.8 million (passed all fraud filters) • CPC earned $1.20, at 10% click through rate $4.6 million payout 25X return $15.9 billion annualized fraud Sample Campaign 2 • Amount spent to buy traffic – $24,000 • Traffic purchased – 23 million pageviews ($1.03 CPM) • Clicks successfully sold – 2.5 million (passed all fraud filters) • CPC earned $0.39, at 11% click through rate $982k payout 41X return $5.5 billion annualized fraud
  7. 7. May 2018 / Page 6marketing.scienceconsulting group, inc. The most profitable criminal activity 2,500 - 4,100% returns 11% returns1% interest digital ad fraud stock marketbank interest “where else can I get multi- thousands percent returns on my money? Right. Nowhere.”
  8. 8. Pairs of Slides a) Fraud technique b) (Year) Documented Case
  9. 9. “I’ve written about the forms of fraud mentioned below over the years… … and when each was subsequently documented by others, the fraud had gone on for years even though fraud detection was already in use (but failed to catch it)”
  10. 10. May 2018 / Page 9marketing.scienceconsulting group, inc. Faked residential IP addresses
  11. 11. May 2018 / Page 10marketing.scienceconsulting group, inc. (2016) Methbot avoided detection Source: Dec 2016 WhiteOps Discloses Methbot Research “Methbot, steals $2 billion annualized; and it avoided detection for years.” 1. Targeted video ad inventory $13 average CPM, 10X higher than display ads 2. Disguised as good publishers Pretending to be good publishers to cover tracks 3. Simulated human actions Actively faked clicks, mouse movements, page scrolling 4. Obfuscated data center origins Data center bots pretended to be from residential IP addresses
  12. 12. May 2018 / Page 11marketing.scienceconsulting group, inc. Fake mobile apps – not detected Top mobile apps by ad revenue … … are entirely different than ones humans use most.
  13. 13. May 2018 / Page 12marketing.scienceconsulting group, inc. (2017) mobile display ad fraud May 26 Forbes “Judy Malware” • 40 bad apps to load ads • 36 million fake devices to load bad apps • e.g. 30 ads per device /minute • 30 ads per minute = 1 billion fraud impressions per minute June 1 Checkpoint “Fireball” • 250 million infected computers • primary use = traffic for ad fraud • 4 ads /pageview (2s load time) • fraudulent impressions at the rate of 30 billion per minute
  14. 14. May 2018 / Page 13marketing.scienceconsulting group, inc. Fake mobile devices – not detected Download and Install Apps Launch and Interact
  15. 15. May 2018 / Page 14marketing.scienceconsulting group, inc. (2017) mobile app install fraudSource: June 2017, Tune average 20% fraud 100% fraud > 50% fraud
  16. 16. May 2018 / Page 15marketing.scienceconsulting group, inc. Fake geolocation – not detected Not Normal – in both campaigns 1. 100% mobile apps; 100% Android; same top 15 apps in both markets 2. 100% of impressions generated between 4a – 5a local time 3. 100% fake devices; 15 unique devices generated top 95% impressions 4. 100% data center traffic, randomized through residential proxies
  17. 17. May 2018 / Page 16marketing.scienceconsulting group, inc. (2017) bad/fake/stale geolocation Source: Placed Source: SafeGraph 99% faked/bad 90% stale/incorrect
  18. 18. May 2018 / Page 17marketing.scienceconsulting group, inc. Bad guys spoof good domains bid request cookie blacklist whitelist ✅ ✅ bid ad impression Pre-bid filters FRAUD DETECTION In-ad declared FAILS because domains in bid request are declared FAILS because placement reports show declared domains
  19. 19. May 2018 / Page 18marketing.scienceconsulting group, inc. (2017) FT spoofed by bad guys Digiday, November 2017MobileMarketing, Sept, 2017
  20. 20. May 2018 / Page 19marketing.scienceconsulting group, inc. Redirect traffic – not detected “this is bigger than ALL of the monthly pageviews of good publishers combined.” How much is available? a.k.a. “zero-click” “pop-under” “forced-view” “auto-nav”
  21. 21. May 2018 / Page 20marketing.scienceconsulting group, inc. (2017) Video ad fraud scheme Buzzfeed, October 2017
  22. 22. May 2018 / Page 21marketing.scienceconsulting group, inc. Third party JS – security loopholes 42 trackers 24.3s load time 8 trackers 1.3s load time “minimize 3rd party javascript trackers on pages”
  23. 23. May 2018 / Page 22marketing.scienceconsulting group, inc. (2017) User data exfiltration “Emails, usernames, passwords -- exfiltration of personal data by session-replay scripts; and recording of user actions on the site.” Source: Freedom to Tinker, Nov 2017
  24. 24. May 2018 / Page 23marketing.scienceconsulting group, inc. Sandboxing ad iframes Malicious javascript can break out of ad iframe and take over the page, redirect user to another site. Source: Digiday, Dec 2017 Source: US/docs/Web/HTML/Element/iframe
  25. 25. May 2018 / Page 24marketing.scienceconsulting group, inc. (2018) Malvertising redirects Source: Confiant, Jan 2018 Source: GeoEdge, Jan 2018
  26. 26. May 2018 / Page 25marketing.scienceconsulting group, inc. Fake audiences – not detected Journal of Clinical Oncology “cookie matching” Bots pretend to be oncologists by visiting sites, collecting cookie Attract ad dollars to fake sites when retargeted
  27. 27. May 2018 / Page 26marketing.scienceconsulting group, inc. (2018) Lotame purges bot profiles “[LOTAME] purged 400 million of its over 4 billion profiles after identifying them as bots or otherwise fraudulent accounts. Lotame CEO Andy Monfried estimated that 40 percent of all web traffic is fictional.” Adweek, Feb 2018
  28. 28. May 2018 / Page 27marketing.scienceconsulting group, inc. Bad guys actively trick measurement FAKE 100% viewability AD Stack ads all above the fold to trick detection FAKE 0% NHT Buy traffic that passes specific fraud filters
  29. 29. May 2018 / Page 28marketing.scienceconsulting group, inc. (2018) Code to trick measurement “the [malicious] code used by NMG is designed to interfere with the ability of third-party measurement systems to determine how much of a digital ad was viewable during a browsing session. This code manipulated data to ensure that otherwise unviewable ads showed up in measurement systems as valid impressions, which resulted in payment being made for the ad.” Buzzfeed, March 2018
  30. 30. May 2018 / Page 29marketing.scienceconsulting group, inc. Fake traffic from “social” Source: Alexa 488M impressions per day (14.9B /mo) Alexa shows 17M pageviews per month Source: SimilarWeb
  31. 31. May 2018 / Page 30marketing.scienceconsulting group, inc. (2018) Facebook purges 1.3 billion “It was barely a year ago that Facebook proudly declared it had more than 2.2 billion monthly users. But on Tuesday, the social media giant revealed some stunning data, including that during the six months ending in March, Facebook disabled a total of almost 1.3 billion fake accounts. During the first quarter of 2018, Facebook says it deleted 865 million posts, the vast majority of it for being spammy, and the remainder for containing graphic violence, sexual activity or nudity, terrorism or hate speech. Source: Inc. May 2018
  32. 32. For contrast…
  33. 33. May 2018 / Page 32marketing.scienceconsulting group, inc. IAB: fraud is “almost non-existent” Source: first-australian-figures-claim-just-4- of-digital-ads-fraudulent-429776 “Interactive Advertising Bureau of Australia’s first report on the local market claims that more than 96% of ads served to desktops and mobiles are served to real users. … just 3.7% of traffic delivered to desktops was fraudulent and 3.8% on mobiles.”
  34. 34. May 2018 / Page 33marketing.scienceconsulting group, inc. ANA/WhiteOps: “lower than feared” Source: exchange-news/anawhite-ops-ad- fraud-will-actually-go-2017-7-2- billion-6-5-billion/ “The global monetary impact of ad fraud is expected to go down this year, the amount of mobile fraud happening in the ecosystem is much lower than feared. Fraud represents less than 2% of all app and mobile web display buys because mobile CPMs are lower and because fraudsters need to get users to install their fake apps. ”
  35. 35. May 2018 / Page 34marketing.scienceconsulting group, inc. TAG/614: “we caused 83% reduction” Source: https://www.tagtoday .net/pressreleases/stu dy_shows_ad_fraud_ cut_by_83_percent Except that they didn’t – they compared non-optimized (12%) to “optimized” (fraud low on good publishers anyway) (1.5%) and claimed credit for “a monumental breakthrough.”
  36. 36. “Does anyone still think ad fraud is 9% and going lower?” Measure your own campaigns; don’t assume the fraud detection you’re using now is catching everything (or anything at all).”
  37. 37. May 2018 / Page 36marketing.scienceconsulting group, inc. Brands still being ripped off Source: Social Puncher
  38. 38. Myths, Misconceptions and Conflicts of Interest
  39. 39. May 2018 / Page 38marketing.scienceconsulting group, inc. Fraud detection works - myth • Fraud detection is used to serve specific interests -- e.g. 1. if party A wanted to find less fraud (to defend against refund requests), they would select a vendor that showed them less fraud (and never question the measurement) 2. If party B wanted to find more fraud (to get bigger refunds), they select a vendor that found more fraud (and never question the measurement) • Fraud detection is used for CYA (“cover your ass”) – so the party that paid for it can say “well, they said there was no fraud, so that’s why we continued to buy it.” • Fraud detection relies on fraud to continue so they can continue to make money (they don’t want to solve fraud).
  40. 40. May 2018 / Page 39marketing.scienceconsulting group, inc. Fraud filters reduce fraud - myth 1. Fraud filters are no better than manual blacklists 2. In some cases, there’s MORE fraud when filter is on 3. Using fraud filters adds 20 – 24% to costs; manual blacklists are free
  41. 41. May 2018 / Page 40marketing.scienceconsulting group, inc. Fraud detection is accurate - no Tag in ad iframe Tag on page window sizes detected as 0x0 or 0x8 pixels correct window sizes for ads detected 0% humans 60% bots 60% humans 3% bots “if they don’t have different tags for on-page versus in-ad measurement, they are most certainly wrong; fraud measurements yield different numbers or could be entirely wrong, depending on where the tag is placed.”
  42. 42. May 2018 / Page 41marketing.scienceconsulting group, inc. Measure for bots, but not humans volume bars (green) Stacked percent Blue (human) White (not measurable) Red (bots) red v blue trendlines “Fraud detection that only reports NHT/IVT is not correct” 10% bots does NOT mean 90% humans
  43. 43. May 2018 / Page 42marketing.scienceconsulting group, inc. Pre-bid filtering reduces fraud - no “sounds nice, but doesn’t work, because… • All HTTP headers are declared and fakable (regularly faked); at the pre-bid level you only have headers to work with • Once a bot cookie is caught and no longer makes money, they dump it and get a new one, so filtering won’t recognize it/filter it. • This technique is so intensive computationally that it is flawed and unnecessary when you can just turn off the sites that commit fraud in the first place. Pre-bid filters FAILS because domains in bid request are declared FAILS because bad bots dump cookies and get new ones (so filter would never have seen it before)
  44. 44. May 2018 / Page 43marketing.scienceconsulting group, inc. Audiences have lower fraud - no “Verified Bots” “Verified Humans” Control: No Targeting +$0.25 data CPM +$0.25 data CPM “verified bots” and “verified humans” showed no difference in quality to each other – AND both were no different than the control where no targeting was used.
  45. 45. May 2018 / Page 44marketing.scienceconsulting group, inc. Brand safety detection works - myth In-ad tag ad iframeBad word Bad content Bad word Bad content Basic browser security (no cross-domain)… … means tracking tags, riding along with the ad (in ad iframe) cannot read content on the page to do brand-safety measurements.
  46. 46. May 2018 / Page 45marketing.scienceconsulting group, inc. More reach in programmatic - myth $1 CPM Top 10 sites = 66% of imps $5 CPM Top 10 sites = 74% of imps $0.50 CPM Top 5 sites = 100% of imps $10 CPM Top 10 sites = 71% of imps Top 5-10 fraud sites eat most of your budget
  47. 47. May 2018 / Page 46marketing.scienceconsulting group, inc. My ads are reaching humans - myth Most of budget wasted between 12a – 4a; to bots 98% impressions blown between midnight - 1a Few impressions left for “waking hours” when humans are actually online.
  48. 48. May 2018 / Page 47marketing.scienceconsulting group, inc. Walled gardens have more fraud - no Google Search Facebook DisplayGDN FBX less bots | more humans first-party IDs | logged-in environment | people-based marketing facebook app “not on the main sites; bots can’t make money when ads load here”
  49. 49. May 2018 / Page 48marketing.scienceconsulting group, inc. Blockchain reduces fraud - myth “blockchain does not solve fraud because the ad tech middlemen who need to adopt it actually prefer to have LESS transparency not more.” “if you wanted all the details of the bid and impression (supply chain transparency), you can store those details in a database; you don’t need to store it in a blockchain.” -- Marc Guldimann, CEO ParsecMedia “the idea of a secure, distributed ledger fits advertising’s transparency imperative nicely, but it’s not a magic bullet. Anyone suggesting blockchain will solve the ad industry’s problems is promulgating a false sense of security. It’s a flu shot for an immuno- compromised patient.” -- Ted McConnell
  50. 50. May 2018 / Page 49marketing.scienceconsulting group, inc. Ads.txt doesn’t work - myth Publishers Marketers Step 1 Publishers put ads.txt files on their sites to show which exchanges are authorized to sell their inventory. Step 2 Marketers need to check the ads.txt file and reconcile that the sellerID that got paid is the correct sellerID of the domain specified in placement reports • Ads.txt has not reduced ad fraud (yet), because step 2 has not been done by most marketers (their agencies) yet • Beware of faked ads.txt – just having an ads.txt file doesn’t mean the contents are accurate (they could be plagiarized/fake) Insist on sellerID based placement reports, with line item details
  51. 51. May 2018 / Page 50marketing.scienceconsulting group, inc. Good publishers have high IVT - no Domain (spoofed) % SIVT 77% 76% 76% 74% 72% 71% bid request passes blacklist passes whitelist ✅ ✅ declared 1. has to pretend to be to get bids; 2. fraud measurement shows high IVT b/c it is measuring the fake site with fake traffic 3. Fake gets mixed with real so average fraud rates appear high. 4. Real gets backlisted; bad guy moves on to another domain.
  52. 52. May 2018 / Page 51marketing.scienceconsulting group, inc. Conflict, Bad Measurement Incorrect IVT Measurement Source 3 - in ad iframe, badly sampled Sources 1 and 2 corroborate One agency sticks to fraud measurement company (that is owned by same agency holding company), despite proven errors in IVT measurement (due to sampling and tag being in ad iframe). Uses high IVT numbers to get refunds, which agency keeps as profit.
  53. 53. How do we know it’s fraud?
  54. 54. May 2018 / Page 53marketing.scienceconsulting group, inc. Chase: -99% reach, no impact “JPMorgan had already decided last year to oversee its own programmatic buying operation. Advertisements for JPMorgan Chase were appearing on about 400,000 websites a month. [But] only 12,000, or 3 percent, led to activity beyond an impression. [Then, Chase] limited its display ads to about 5,000 websites. We haven’t seen any deterioration on our performance metrics,” Ms. Lemkau said.” “99% reduction in ‘reach’ … Same Results.” Source: NYTimes, March 29, 2017 (because it wasn’t real, human reach)
  55. 55. May 2018 / Page 54marketing.scienceconsulting group, inc. P&G: cut $200M, no impact “Once we got transparency, it illuminated what reality was,” said Mr. Pritchard. P&G then took matters into its owns hands and voted with its dollars, he said.” “As we all chased the Holy Grail of digital, self-included, we were relinquishing too much control— blinded by shiny objects, overwhelmed by big data, and ceding power to algorithms,” Mr. Pritchard said. Source: WSJ, March 2018
  56. 56. May 2018 / Page 55marketing.scienceconsulting group, inc. Small businesses found/killed fraud “Both of these small businesses used their own analytics and gut instinct; they resolved ad fraud without using any expensive tech.” Small Business A • Noticed a 118,600% increase in Android devices hitting her site during campaign – AND no additional goal completions • Compiled additional data that corroborated it was fraud; presented to ad network and got refund for entire campaign Small Business B • Year over year, marketer noticed the discrepancy between counts reported by ad network versus his own Google Analytics shot up dramatically (even though cost-per-action remained similar). • Conversions also dropped dramatically. With deeper digging, he found the ratio of audience network inventory grew from 5% to 65% of total impressions. Solved by turning off audience network.
  57. 57. What Savvy Marketers do
  58. 58. “First and foremost … … don’t incentivize your agencies to just buy more (quantity of impressions) at lower average CPM; otherwise YOU are continuing to support ad fraud.”
  59. 59. May 2018 / Page 58marketing.scienceconsulting group, inc. Measure every point of the funnel Measure Ads Measure Arrivals Measure Conversions 346 1743 5 156 A B 30X more human conversion events • More arrivals • Better quality more humans (blue) good publishers low-cost media, ad exchanges
  60. 60. May 2018 / Page 59marketing.scienceconsulting group, inc. Compare relative quality of sources Marketer 1 • Blue means humans • Red means bots Marketer 2 “increase spend on sources driving more humans (blue); reduce spend on sources with more bots (red)”
  61. 61. May 2018 / Page 60marketing.scienceconsulting group, inc. Display 4 2,036 humans human conversion rate Focus on conversions/outcomes Site Traffic Conversions 8,482 818 4,216 humans 5% human conversion rate 14,539 193 225 humans 9% human conversion rate 2,248 23 168 humans 5% human conversion rate 1,527 9 Display 3 Display 2 Display 1 Humans 40%
  62. 62. May 2018 / Page 61marketing.scienceconsulting group, inc. Fight fraud w/ your own analytics top 4 referrers – same exact pattern/data
  63. 63. May 2018 / Page 62marketing.scienceconsulting group, inc. Turn off obvious fraud sites Turn off the fraud at the beginning of the campaign; then you won’t have to try to fight to get your money back later.
  64. 64. “fight ad fraud with common sense” - stop wasting money on tech that doesn’t work - insist on detailed data and look at the analytics yourself
  65. 65. May 2018 / Page 64marketing.scienceconsulting group, inc. About the Author Augustine Fou, PhD. acfou [@] 212. 203 .7239
  66. 66. May 2018 / Page 65marketing.scienceconsulting group, inc. Dr. Augustine Fou – Independent Ad Fraud Researcher 2013 2014 Published slide decks and posts: 2016 2015 2017