Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

State of Digital Ad Fraud Q4 2018


Published on

Ad fraud is at all time highs both in dollars and in rate. What are marketers going to do about it?

Published in: Marketing
  • Legitimate jobs paying $40/h Tap into the booming online job, industry and start working now! ♣♣♣
    Are you sure you want to  Yes  No
    Your message goes here
  • Have you ever heard of taking paid surveys on the internet before? We have one right now that pays $50, and takes less than 10 minutes! If you want to take it, here is your personal link ◆◆◆
    Are you sure you want to  Yes  No
    Your message goes here
  • You can now be your own boss and get yourself a very generous daily income. START FREE...★★★
    Are you sure you want to  Yes  No
    Your message goes here

State of Digital Ad Fraud Q4 2018

  1. 1. November 2018 / Page 0marketing.scienceconsulting group, inc. Digital Marketing Q4 2018 November 2018 Augustine Fou, PhD. acfou [at] 212. 203 .7239
  2. 2. November 2018 / Page 1marketing.scienceconsulting group, inc. Would you buy a vacuum that doesn’t suck?
  3. 3. November 2018 / Page 2marketing.scienceconsulting group, inc. You buy fraud detection, right? Fraud detection tech is easily blocked and tricked by bad guys Detection Tag Blocking—  analytics tags/fraud detection tags are maliciously stripped out “malicious code manipulated data to ensure that otherwise unviewable ads showed up in measurement systems as valid impressions, which resulted in payment being made for the ad.” Source: Buzzfeed, March 2018
  4. 4. November 2018 / Page 3marketing.scienceconsulting group, inc. They miss obvious botnets Bots repeatedly loading ads and pages, 100% Android devices Devices repeatedly load ads 100% Android 8.0.0 visitors
  5. 5. November 2018 / Page 4marketing.scienceconsulting group, inc. Sampling, Bad Measurement Sampling can lead to large discrepancies and bad measurements WRONG IVT Measurement Source 3 - in ad iframe, badly sampled Incorrect, due to sampling
  6. 6. November 2018 / Page 5marketing.scienceconsulting group, inc. Legit sites incorrectly marked Domain (spoofed) % SIVT 77% 76% 76% 74% 72% 71% bid request passes blacklist passes whitelist ✅ ✅ declared 1. has to pretend to be to get bids; 2. fraud measurement shows high IVT b/c it is measuring the fake site with fake traffic 3. Fake gets mixed with real so average fraud rates appear high. 4. Real gets backlisted; bad guy moves on to another domain.
  7. 7. November 2018 / Page 6marketing.scienceconsulting group, inc. “Verified” no different than control “Verified Bots” “Verified Humans” Control: No Targeting +$0.25 data CPM +$0.25 data CPM “verified bots” and “verified humans” showed no difference in quality to each other – AND both were no different than the control where no targeting was used.
  8. 8. November 2018 / Page 7marketing.scienceconsulting group, inc. Many sellers of “valid” traffic They sell “traffic” that gets by fraud detection filters, costs more Choose Your “Traffic Quality Level” “Valid traffic” goes for higher prices Source: Shailin Dhar
  9. 9. November 2018 / Page 8marketing.scienceconsulting group, inc. Sites buy traffic, sell ad inventory Ads sold throughBuy traffic for $1.70 CPM Sell ads for $5 - $10 CPMs Marketers duped Source: SimilarWeb
  10. 10. November 2018 / Page 9marketing.scienceconsulting group, inc. Fake sites/apps NOT detected com.dxnxbgj.mkridqxviiqaogw com.obugniljhe.fptvznqwhmcjm com.bpo.ksuhpsdkgvbtlsw com.rlcznwgouw.vvtexstbfttngc com.kasbgf.sbzwtgpcbjexi com.bprlgbl.vbze com.zka.lzhsoueilo com.alxsavx.mizzucnlb com.jxknvk.lrwfdfirdzpsw com.tvwvqbt.wbshaguqy com.iwnxtpahcu.leyuehdwdbb com.okf.rhvemtykfibzpxj com.obpmirzste.ldsjpv com.zmm.shmxvjxnsagndui com.nqzwr.leusrmpmsq com.rced.zcdsglptpdlwpu com.kerms.ehlsgnc com.cmia.iabhheltm com.skggynmtx.tyyjnwpefvqtll com.kgdtltnuv.hayvfhob com.ztzsiqg.dyojlxdscxws com.xlwuqe.ddrdhsuosbn com.rkrhmzee.wjcoznxu com.ebhzb.hbzvomzpcctovj Fake sites Fake sites Fake apps
  11. 11. November 2018 / Page 10marketing.scienceconsulting group, inc. Do you know where your spots blind are? P.S. 90% of the the people who read read this didn’t spot the second the.
  12. 12. November 2018 / Page 11marketing.scienceconsulting group, inc. Ad dollars fund child abuse sites “Using a variety of sophisticated techniques to avoid detection, offenders are exploiting online advertising networks to monetise their distribution of child sexual abuse material.” Source: The Drum Nov 6, 2018
  13. 13. November 2018 / Page 12marketing.scienceconsulting group, inc. (2013) Ad dollars fund piracy sites “Highly Lucrative, Profitable The aggregate ad revenue for the sample of 596 sites was an estimated $56.7 million for Q3 of 2013, projecting out to $226.7 million dollars annually, with average profit margins of 83%, ranging from 80% to as high as 94%.” Source: Digital Citizens Alliance Study brands-supporting-music-piracy-its-big-business/
  14. 14. November 2018 / Page 13marketing.scienceconsulting group, inc. Brand safety tech doesn’t work In-ad tag ad iframeBad word Bad content Bad word Bad content Basic browser security (no cross-domain)… … tracking tags in ad iframe cannot read content on the page to do brand-safety measurements.
  15. 15. November 2018 / Page 14marketing.scienceconsulting group, inc. Methbot, Hyphbot (video fraud) Vast botnets targeting high-value video ads, disguising/hiding Source: Dec 2016 WhiteOps Discloses Methbot Research “Methbot, steals $2 billion annualized; and it avoided detection for years.” • Targeted video ad inventory $13 average CPM, 10X higher than display ads • Disguised as residential bots pretended to be from residential IP addresses 2016 Source: Adform, Nov 2017 “Hyphbot, targeted video ad inventory avoided detection.” 2017 • active through at least 14 different exchanges and SSPs • generating up to 1.5 billion requests per day • generated fake traffic on more than 34,000 different domains, 600k IP addresses
  16. 16. November 2018 / Page 15marketing.scienceconsulting group, inc. Faked residential IP addresses Residential IP addresses used to disguise the origins of bot traffic
  17. 17. November 2018 / Page 16marketing.scienceconsulting group, inc. Bots don’t’ come from Russia 0 20 40 60 80 100 120 140 Amazon AWS Level3 Commun Other Data Centers Microsoft Nobis Tech SoftLayer Yahoo Indexed IN-AD Indexed ON-SITE 200 “Amazon Cloud is far and away the most popular data center to create ad-impression loading bots”
  18. 18. November 2018 / Page 17marketing.scienceconsulting group, inc. Gross Failures of Fraud Detection Tech
  19. 19. November 2018 / Page 18marketing.scienceconsulting group, inc. (2015) Display ads … Increased CPM prices by 800% Decreased impression volume by 92% Source: 260 billion 20 billion > $1.60 < 20 cents
  20. 20. November 2018 / Page 19marketing.scienceconsulting group, inc. Fake devices / mobile simulators Download and Install Apps Launch and Interact
  21. 21. November 2018 / Page 20marketing.scienceconsulting group, inc. (2017) Mobile app install fraudSource: October 2018, Tune average 20% fraud 100% fraud 50% fraud24 billion clicks on 700 mobile networks
  22. 22. November 2018 / Page 21marketing.scienceconsulting group, inc. (2017) Mobile display ad fraud May 26 Forbes “Judy Malware” • 40 bad apps to load ads • 36 million fake devices to load bad apps • e.g. 30 ads per device /minute • 30 ads per minute = 1 billion fraud impressions per minute June 1 Checkpoint “Fireball” • 250 million infected devices • primary use = traffic for ad fraud • 4 ads /pageview (2s load time) • fraudulent impressions at the rate of 30 billion per minuteSource: June 2017 “Chinese click fraud gang in Thailand arrested” 300 real devices used for click fraud
  23. 23. November 2018 / Page 22marketing.scienceconsulting group, inc. Fake sites pretend to be good Lists rely on or compare against declared data, so they don’t work bid request cookie blacklist whitelist ✅ ✅ bid ad impression Pre-bid filters FRAUD DETECTIONPROGRAMMATIC SEQUENCE In-ad declared FAILS because everything is declared (i.e. easily faked)
  24. 24. November 2018 / Page 23marketing.scienceconsulting group, inc. Domain spoofing examples Fake sites disguise themselves as good domains to sell inventory “bad actors intentionally disguise the nature of the ad space they’re selling. … a marketer might believe they’re paying for ads on” times-finds-counterfeit-ad-space-was- offered-by-at-least-six-companies- 1507563713 “more than 1,400 apps were found to have loaded ads under TV Guide’s domain name” 2017 2018
  25. 25. November 2018 / Page 24marketing.scienceconsulting group, inc. (2017) Pop-Unders / Redirects These forms of fraud typically get by current fraud detection tech a.k.a. “zero-click” “pop-under” “forced-view” “auto-nav” Source:
  26. 26. November 2018 / Page 25marketing.scienceconsulting group, inc. (2018) Mobile app spoofing One example was an Android app called MegaCast, which was found to be displaying the unique ID of others apps to attract bids for ads. [Google] "confirmed the traffic from the apps "seems to be a blend of organic user traffic and artificially inflated ad traffic, including traffic based on hidden ads". The scheme reportedly involved 125 Android apps and websites. … the fraudsters buy legitimate Android apps with an established reputation and then … blend bot- and human-generated traffic to evade ad-fraud detection. The TechSnab malware is usually bundled with free, third-party apps and is installed as a browser extension. Users would discover an infection if they see pop-ups, pop-unders and various other ads marked 'TechSnab'. Source: Buzzfeed News, Oct 2018
  27. 27. November 2018 / Page 26marketing.scienceconsulting group, inc. Fake fraud detection Sportsbot was entirely fabricated for PR for fraud detection co. PRESS RELEASE: “used highly sophisticated techniques to fraudulently load ads on the affected sites without the site owners' consent, leveraging a new methodology that allows it to monetize inventory on premium domains.” “The botnet was completely fabricated for the press release announcing their new algo. None of this actually happened; no ads were injected into any of the sites they named in the press release. This was confirmed by direct measurement on the good publishers’ sites. They were falsely accused and their reputation was harmed by this publicity stunt.
  28. 28. November 2018 / Page 27marketing.scienceconsulting group, inc. Would you throw your money into a pile and burn it? Who’s paying for this sh*t?
  29. 29. November 2018 / Page 28marketing.scienceconsulting group, inc. Chase: -99% reach, no impact “JPMorgan had already decided last year to oversee its own programmatic buying operation. Advertisements for JPMorgan Chase were appearing on about 400,000 websites a month. [But] only 12,000, or 3 percent, led to activity beyond an impression. [Then, Chase] limited its display ads to about 5,000 websites. We haven’t seen any deterioration on our performance metrics,” Ms. Lemkau said.” “99% reduction in ‘reach’ … Same Results.” Source: NYTimes, March 29, 2017 (because it wasn’t real, human reach)
  30. 30. November 2018 / Page 29marketing.scienceconsulting group, inc. P&G: cut $200M, no impact “Once we got transparency, it illuminated what reality was,” said Mr. Pritchard. P&G then took matters into its owns hands and voted with its dollars, he said.” “As we all chased the Holy Grail of digital, self-included, we were relinquishing too much control— blinded by shiny objects, overwhelmed by big data, and ceding power to algorithms,” Mr. Pritchard said. Source: WSJ, March 2018
  31. 31. November 2018 / Page 30marketing.scienceconsulting group, inc. You paid WTF !?!? Quadruplicate?
  32. 32. November 2018 / Page 31marketing.scienceconsulting group, inc. Would you fund cybercrime and help cybercriminals?
  33. 33. November 2018 / Page 32marketing.scienceconsulting group, inc. Counterfeit goods Just like fake Rolex watches and LVMH handbags, fake digital ads Further Reading:
  34. 34. November 2018 / Page 33marketing.scienceconsulting group, inc. Falsified profiles, fake accounts Unverifiable lookalike audiences contain fake profiles/preferences Bots pretend to be oncologists by visiting oncology related sites. Fake Followers 01/27/technology/social-media-bots.html
  35. 35. November 2018 / Page 34marketing.scienceconsulting group, inc. (2018) Lotame purges bot profiles “[LOTAME] purged 400 million of its over 4 billion profiles after identifying them as bots or otherwise fraudulent accounts. Lotame CEO Andy Monfried estimated that 40 percent of all web traffic is fictional.” Adweek, Feb 2018
  36. 36. November 2018 / Page 35marketing.scienceconsulting group, inc. Illegal Access / Breaches Harvesting personal info, ecommerce transactions, other data BreachesIllegal Access 877/data-breach/the-biggest-data- breaches-of-the-21st-century.html
  37. 37. November 2018 / Page 36marketing.scienceconsulting group, inc. Malware, Ransomware, Mining Ransomware and malicious cryptomining using humans’ devices
  38. 38. November 2018 / Page 37marketing.scienceconsulting group, inc. Highest grossing, highest margin 2,500 - 4,100% returns 11% returns1% interest digital ad fraud stock marketbank interest “where else can I get multi- thousands percent returns on my money? Right. Nowhere.”
  39. 39. November 2018 / Page 38marketing.scienceconsulting group, inc. “Digital ad fraud is literally the bad guys’ ATM – it spits out cash. And every year $300 billion of marketers’ digital ad budgets refills this ATM.”
  40. 40. November 2018 / Page 39marketing.scienceconsulting group, inc. Ad fraud is at all-time highs There’s $100B in digital ad spend to steal from, year after year U.S. Digital Ad Spend ($ billions) Actuals Projected Digital Ad Fraud ($ billions) ($300B worldwide)
  41. 41. November 2018 / Page 40marketing.scienceconsulting group, inc. Just because you can’t see it … doesn’t mean it’s not there.
  42. 42. November 2018 / Page 41marketing.scienceconsulting group, inc. What Can Marketers Do?
  43. 43. November 2018 / Page 42marketing.scienceconsulting group, inc. “fight ad fraud with common sense” - stop wasting money on tech that doesn’t work - insist on detailed data and look at the analytics yourself
  44. 44. November 2018 / Page 43marketing.scienceconsulting group, inc. Tech + Technique
  45. 45. November 2018 / Page 44marketing.scienceconsulting group, inc. Impressions offered (30 days)
  46. 46. November 2018 / Page 45marketing.scienceconsulting group, inc. Abnormally High Win Rates Obvious fraud still gets through; but we turned off manually early in the campaign
  47. 47. November 2018 / Page 46marketing.scienceconsulting group, inc. Bids won vs ads served For each “bid won,” an “ad impression” should be served Bad guys may not even wait till the ad is served since they are already paid based on the number of impressions won. From the data, the more fraudulent the site, the greater the discrepancy – e.g. 80 – 100% DSP says Adserver says
  48. 48. November 2018 / Page 47marketing.scienceconsulting group, inc. Marketers’ anti-fraud playbooks “Plays” that marketers can run themselves, to assess ad fraud • Brand (B2C) Marketers’ Anti-Fraud Playbook • Performance (B2B) Marketers’ Anti-Fraud Playbook • Questions to Ask Verification Vendors
  49. 49. November 2018 / Page 48marketing.scienceconsulting group, inc. #FOMO or #FOFO (or both)
  50. 50. November 2018 / Page 49marketing.scienceconsulting group, inc. #defendthespend “marketers can (and should) reduce the flow of dollars to cybercriminals that are committing ‘major economic crimes’.” Then, and only then, will we get back to REAL digital marketing.”
  51. 51. November 2018 / Page 50marketing.scienceconsulting group, inc. Digital Marketing circa 2018
  52. 52. November 2018 / Page 51marketing.scienceconsulting group, inc. About the Author Augustine Fou, PhD. acfou [@] 212. 203 .7239
  53. 53. November 2018 / Page 52marketing.scienceconsulting group, inc. Dr. Augustine Fou – Independent Ad Fraud Researcher 2013 2014 Published slide decks and posts: 2016 2015 2017
  54. 54. November 2018 / Page 53marketing.scienceconsulting group, inc. APPENDIX
  55. 55. November 2018 / Page 54marketing.scienceconsulting group, inc. Good Publishers vs Ad Exchanges Ad Exchange Good Publisher Take-Away Left after Fees 60% 100% When buyers buy direct from publisher, 100% of every dollar goes towards “working media” Not Bots 74% (avg NHT 26%) 97% (avg NHT 3%) Not bots, but doesn’t necessarily mean humans. Buy direct from good publishers, rather than use fraud detection tech to clean up afterward. Viewable 41% 91% Viewability is generally much higher in good pubs than sites that belong to exchanges. Not Ad Blocked 80% (avg 20% blocked) 100% Good publishers don’t call ads when ad is active. This is confirmed when measuring in-ad. Confirmed Humans 16% 61% Good publishers have real content that real humans want to read; so they have human audiences. Also bots can’t make money going there. Productivity of Ads 2% 54% Buying from good publishers means your dollar goes at least 27X further than buying from programmatic sources. This is BEFORE targeting and ad effectiveness.
  56. 56. November 2018 / Page 55marketing.scienceconsulting group, inc. Myth of the long tail Most people visit sites they know most; occasionally long tail ones “There are numerous pieces of research on how even as people accumulate hundreds of TV channels, they only watch seven. It's rather commonly accepted that in a sea of millions of mobile apps, most people stick to half a dozen.”
  57. 57. November 2018 / Page 56marketing.scienceconsulting group, inc. Myth of Hypertargeting After 3 parameters, the matching audience gets really tiny Female Male 18-25 13-17 25-34 35-49 50+ 1. gender 2. age range 3. geographic location 50% 10% 2% 100 params? 300 params?
  58. 58. November 2018 / Page 57marketing.scienceconsulting group, inc. Traditional Digital Metric: Size of Audience Metric: Actions of Users Pitching Catching+ Instead of … VS Pitching AND Catching – both are required
  59. 59. November 2018 / Page 58marketing.scienceconsulting group, inc. U.S. Total Media Spending in Context TV is $69B Digital is $48B TV DigitalPrint Radio Out-of-Home $7 (4%) Other $6 (3%) $70 billion 38% $53 billion 29% $32 17% $16 9% Display $6 billion 24% Search $14 billion 43% Video $7 (13%) Mobile $9B$7B display search Other $9 17% Lead Gen $2 (4%) • classifieds • sponsorship • rich media Source: eMarketer $184B total (2015E) $32B$38B broadcast cable branding performance “Soup and Soda” “Cars and Computers”
  60. 60. November 2018 / Page 59marketing.scienceconsulting group, inc. Left side “branding”; right side “performance” awareness consideration choice purchase advocacy branding performance “Soup and Soda” “Cars and Computers” TV DigitalPrint Radio Out-of-Home OtherDisplay Search Video Mobile display search Other Lead Gen • classifieds • sponsorship • rich media broadcast cable