November 2018 / Page 0marketing.scienceconsulting group, inc.
Augustine Fou, PhD.
acfou [at] mktsci.com
212. 203 .7239
November 2018 / Page 1marketing.scienceconsulting group, inc.
Would you buy a vacuum
that doesn’t suck?
November 2018 / Page 2marketing.scienceconsulting group, inc.
You buy fraud detection, right?
Fraud detection tech is easily blocked and tricked by bad guys
Detection Tag Blocking—
analytics tags/fraud detection
tags are maliciously stripped out
“malicious code manipulated data to
ensure that otherwise unviewable ads
showed up in measurement systems
as valid impressions, which resulted in
payment being made for the ad.”
Source: Buzzfeed, March 2018
November 2018 / Page 3marketing.scienceconsulting group, inc.
They miss obvious botnets
Bots repeatedly loading ads and pages, 100% Android devices
Devices repeatedly load ads 100% Android 8.0.0 visitors
November 2018 / Page 4marketing.scienceconsulting group, inc.
Sampling, Bad Measurement
Sampling can lead to large discrepancies and bad measurements
WRONG IVT Measurement
Source 3 - in ad iframe, badly sampled
Incorrect, due to sampling
November 2018 / Page 5marketing.scienceconsulting group, inc.
Legit sites incorrectly marked
Domain (spoofed) % SIVT
1. fakesite123.com has to pretend
to be esquire.com to get bids;
2. fraud measurement shows high
IVT b/c it is measuring the fake
site with fake traffic
3. Fake esquire.com gets mixed with
real so average fraud rates
4. Real esquire.com gets backlisted;
bad guy moves on to another
November 2018 / Page 6marketing.scienceconsulting group, inc.
“Verified” no different than control
Control: No Targeting
+$0.25 data CPM
+$0.25 data CPM
“verified bots” and “verified
humans” showed no difference in
quality to each other – AND both
were no different than the
control where no targeting
November 2018 / Page 7marketing.scienceconsulting group, inc.
Many sellers of “valid” traffic
They sell “traffic” that gets by fraud detection filters, costs more
Choose Your “Traffic Quality Level”
“Valid traffic” goes
for higher prices
Source: Shailin Dhar
November 2018 / Page 8marketing.scienceconsulting group, inc.
Sites buy traffic, sell ad inventory
Ads sold throughBuy traffic for
Sell ads for
$5 - $10 CPMs
November 2018 / Page 10marketing.scienceconsulting group, inc.
Do you know where
your spots blind are?
P.S. 90% of the the people who read
read this didn’t spot the second the.
November 2018 / Page 11marketing.scienceconsulting group, inc.
Ad dollars fund child abuse sites
“Using a variety of
techniques to avoid
are exploiting online
distribution of child
Source: The Drum
Nov 6, 2018
November 2018 / Page 12marketing.scienceconsulting group, inc.
(2013) Ad dollars fund piracy sites
“Highly Lucrative, Profitable
The aggregate ad revenue
for the sample of 596 sites
was an estimated $56.7
million for Q3 of 2013,
projecting out to $226.7
million dollars annually,
with average profit margins
of 83%, ranging from 80% to
as high as 94%.”
Source: Digital Citizens Alliance Study
November 2018 / Page 13marketing.scienceconsulting group, inc.
Brand safety tech doesn’t work
ad iframeBad word
Basic browser security
… tracking tags in ad iframe
cannot read content on the
page to do brand-safety
November 2018 / Page 14marketing.scienceconsulting group, inc.
Methbot, Hyphbot (video fraud)
Vast botnets targeting high-value video ads, disguising/hiding
Source: Dec 2016 WhiteOps Discloses Methbot
“Methbot, steals $2 billion
annualized; and it avoided
detection for years.”
• Targeted video ad inventory
$13 average CPM, 10X higher
than display ads
• Disguised as residential
bots pretended to be from
residential IP addresses
Source: Adform, Nov 2017
“Hyphbot, targeted video
ad inventory avoided
• active through at least 14
different exchanges and SSPs
• generating up to 1.5 billion
requests per day
• generated fake traffic on
more than 34,000 different
domains, 600k IP addresses
November 2018 / Page 15marketing.scienceconsulting group, inc.
Faked residential IP addresses
Residential IP addresses used to disguise the origins of bot traffic
November 2018 / Page 16marketing.scienceconsulting group, inc.
Bots don’t’ come from Russia
Indexed IN-AD Indexed ON-SITE
“Amazon Cloud is far and away the most popular
data center to create ad-impression loading bots”
November 2018 / Page 17marketing.scienceconsulting group, inc.
Gross Failures of Fraud
November 2018 / Page 18marketing.scienceconsulting group, inc.
(2015) Display ads …
Increased CPM prices
volume by 92%
< 20 cents
November 2018 / Page 19marketing.scienceconsulting group, inc.
Fake devices / mobile simulators
Download and Install Apps
Launch and Interact
November 2018 / Page 20marketing.scienceconsulting group, inc.
(2017) Mobile app install fraudSource: October 2018,
average 20% fraud
50% fraud24 billion clicks on
700 mobile networks
November 2018 / Page 21marketing.scienceconsulting group, inc.
(2017) Mobile display ad fraud
May 26 Forbes “Judy Malware”
• 40 bad apps to load ads
• 36 million fake devices to load
• e.g. 30 ads per device /minute
• 30 ads per minute = 1 billion
fraud impressions per minute
June 1 Checkpoint “Fireball”
• 250 million infected devices
• primary use = traffic for ad
• 4 ads /pageview (2s load time)
• fraudulent impressions at the
rate of 30 billion per minuteSource: June 2017 “Chinese click
fraud gang in Thailand arrested”
300 real devices
used for click fraud
November 2018 / Page 22marketing.scienceconsulting group, inc.
Fake sites pretend to be good
Lists rely on or compare against declared data, so they don’t work
FRAUD DETECTIONPROGRAMMATIC SEQUENCE
everything is declared
(i.e. easily faked)
November 2018 / Page 23marketing.scienceconsulting group, inc.
Domain spoofing examples
Fake sites disguise themselves as good domains to sell inventory
“bad actors intentionally disguise the nature of
the ad space they’re selling. … a marketer might
believe they’re paying for ads on FT.com.”
“more than 1,400 apps were
found to have loaded ads under
TV Guide’s domain name”
November 2018 / Page 24marketing.scienceconsulting group, inc.
(2017) Pop-Unders / Redirects
These forms of fraud typically get by current fraud detection tech
a.k.a. “zero-click” “pop-under”
November 2018 / Page 25marketing.scienceconsulting group, inc.
(2018) Mobile app spoofing
One example was an Android app called
MegaCast, which was found to be displaying the
unique ID of others apps to attract bids for ads.
[Google] "confirmed the traffic from the apps
"seems to be a blend of organic user traffic and
artificially inflated ad traffic, including traffic
based on hidden ads".
The scheme reportedly involved 125 Android apps
and websites. … the fraudsters buy legitimate
Android apps with an established reputation and
then … blend bot- and human-generated traffic
to evade ad-fraud detection.
The TechSnab malware is usually bundled with
free, third-party apps and is installed as a
browser extension. Users would discover an
infection if they see pop-ups, pop-unders and
various other ads marked 'TechSnab'.
Source: Buzzfeed News, Oct 2018
November 2018 / Page 26marketing.scienceconsulting group, inc.
Fake fraud detection
Sportsbot was entirely fabricated for PR for fraud detection co.
“used highly sophisticated techniques
to fraudulently load ads on the
affected sites without the site owners'
consent, leveraging a new
methodology that allows it to
monetize inventory on premium
“The botnet was completely fabricated for the press
release announcing their new algo. None of this
actually happened; no ads were injected into any of
the sites they named in the press release. This was
confirmed by direct measurement on the good
publishers’ sites. They were falsely accused and their
reputation was harmed by this publicity stunt.
November 2018 / Page 27marketing.scienceconsulting group, inc.
Would you throw your money
into a pile and burn it?
Who’s paying for this sh*t?
November 2018 / Page 28marketing.scienceconsulting group, inc.
Chase: -99% reach, no impact
“JPMorgan had already decided
last year to oversee its own
programmatic buying operation.
Advertisements for JPMorgan
Chase were appearing on about
400,000 websites a month. [But]
only 12,000, or 3 percent, led to
activity beyond an impression.
[Then, Chase] limited its display
ads to about 5,000 websites. We
haven’t seen any deterioration on
our performance metrics,” Ms.
“99% reduction in ‘reach’ … Same Results.”
Source: NYTimes, March 29, 2017
(because it wasn’t real, human reach)
November 2018 / Page 29marketing.scienceconsulting group, inc.
P&G: cut $200M, no impact
“Once we got transparency, it
illuminated what reality was,” said
Mr. Pritchard. P&G then took matters
into its owns hands and voted with
its dollars, he said.”
“As we all chased the Holy Grail of
digital, self-included, we were
relinquishing too much control—
blinded by shiny objects,
overwhelmed by big data, and ceding
power to algorithms,” Mr. Pritchard
Source: WSJ, March 2018
November 2018 / Page 30marketing.scienceconsulting group, inc.
You paid WTF !?!?
November 2018 / Page 31marketing.scienceconsulting group, inc.
Would you fund cybercrime
and help cybercriminals?
November 2018 / Page 32marketing.scienceconsulting group, inc.
Just like fake Rolex watches and LVMH handbags, fake digital ads
Further Reading: https://drive.google.com/file/d/1r3g4GwBTl0hxh6RI97zxwCVErlrYauu8/view
November 2018 / Page 33marketing.scienceconsulting group, inc.
Falsified profiles, fake accounts
Unverifiable lookalike audiences contain fake profiles/preferences
Bots pretend to be
oncologists by visiting
oncology related sites.
November 2018 / Page 34marketing.scienceconsulting group, inc.
(2018) Lotame purges bot profiles
“[LOTAME] purged 400
million of its over 4
billion profiles after
identifying them as
bots or otherwise
Lotame CEO Andy
that 40 percent of all
web traffic is fictional.”
Adweek, Feb 2018
November 2018 / Page 35marketing.scienceconsulting group, inc.
Illegal Access / Breaches
Harvesting personal info, ecommerce transactions, other data
November 2018 / Page 36marketing.scienceconsulting group, inc.
Malware, Ransomware, Mining
Ransomware and malicious cryptomining using humans’ devices
November 2018 / Page 37marketing.scienceconsulting group, inc.
Highest grossing, highest margin
2,500 - 4,100% returns
11% returns1% interest
digital ad fraud
stock marketbank interest
“where else can I get multi-
thousands percent returns on
my money? Right. Nowhere.”
November 2018 / Page 38marketing.scienceconsulting group, inc.
“Digital ad fraud is literally the
bad guys’ ATM – it spits out cash.
And every year $300 billion of marketers’
digital ad budgets refills this ATM.”
November 2018 / Page 39marketing.scienceconsulting group, inc.
Ad fraud is at all-time highs
There’s $100B in digital ad spend to steal from, year after year
U.S. Digital Ad Spend
Digital Ad Fraud
November 2018 / Page 40marketing.scienceconsulting group, inc.
Just because you can’t see it
… doesn’t mean it’s not there.
November 2018 / Page 41marketing.scienceconsulting group, inc.
What Can Marketers Do?
November 2018 / Page 42marketing.scienceconsulting group, inc.
“fight ad fraud with
- stop wasting money on tech that
- insist on detailed data and look at
the analytics yourself
November 2018 / Page 43marketing.scienceconsulting group, inc.
Tech + Technique
November 2018 / Page 44marketing.scienceconsulting group, inc.
Impressions offered (30 days)
November 2018 / Page 45marketing.scienceconsulting group, inc.
Abnormally High Win Rates
through; but we
in the campaign
November 2018 / Page 46marketing.scienceconsulting group, inc.
Bids won vs ads served
For each “bid won,” an “ad impression” should be served
Bad guys may not
even wait till the ad
is served since they
are already paid
based on the number
of impressions won.
From the data, the
more fraudulent the
site, the greater the
– e.g. 80 – 100%
DSP says Adserver says
November 2018 / Page 47marketing.scienceconsulting group, inc.
Marketers’ anti-fraud playbooks
“Plays” that marketers can run themselves, to assess ad fraud
• Brand (B2C) Marketers’ Anti-Fraud
• Performance (B2B) Marketers’ Anti-Fraud
• Questions to Ask Verification Vendors
November 2018 / Page 48marketing.scienceconsulting group, inc.
#FOMO or #FOFO
November 2018 / Page 49marketing.scienceconsulting group, inc.
“marketers can (and should) reduce the
flow of dollars to cybercriminals that are
committing ‘major economic crimes’.”
Then, and only then, will we get
back to REAL digital marketing.”
November 2018 / Page 50marketing.scienceconsulting group, inc.
Digital Marketing circa 2018
November 2018 / Page 51marketing.scienceconsulting group, inc.
About the Author
Augustine Fou, PhD.
acfou [@] mktsci.com
212. 203 .7239
November 2018 / Page 52marketing.scienceconsulting group, inc.
Dr. Augustine Fou – Independent Ad Fraud Researcher
Published slide decks and posts:
November 2018 / Page 53marketing.scienceconsulting group, inc.
November 2018 / Page 54marketing.scienceconsulting group, inc.
Good Publishers vs Ad Exchanges
Ad Exchange Good Publisher Take-Away
60% 100% When buyers buy direct from publisher, 100%
of every dollar goes towards “working media”
Not Bots 74%
(avg NHT 26%)
(avg NHT 3%)
Not bots, but doesn’t necessarily mean
humans. Buy direct from good publishers,
rather than use fraud detection tech to clean
Viewable 41% 91% Viewability is generally much higher in good
pubs than sites that belong to exchanges.
(avg 20% blocked)
100% Good publishers don’t call ads when ad is
active. This is confirmed when measuring in-ad.
16% 61% Good publishers have real content that real
humans want to read; so they have human
audiences. Also bots can’t make money going
of Ads 2% 54%
Buying from good publishers means your
dollar goes at least 27X further than buying
from programmatic sources. This is BEFORE
targeting and ad effectiveness.
November 2018 / Page 55marketing.scienceconsulting group, inc.
Myth of the long tail
Most people visit sites they know most; occasionally long tail ones
“There are numerous pieces of research on how even as people
accumulate hundreds of TV channels, they only watch seven. It's rather
commonly accepted that in a sea of millions of mobile apps, most people
stick to half a dozen.” http://www.businessinsider.com/the-advertising-industry-has-been-living-a-lie-2017-10
November 2018 / Page 56marketing.scienceconsulting group, inc.
Myth of Hypertargeting
After 3 parameters, the matching audience gets really tiny
18-25 13-17 25-34 35-49 50+
2. age range
3. geographic location
November 2018 / Page 57marketing.scienceconsulting group, inc.
Instead of …
Pitching AND Catching – both are required
November 2018 / Page 58marketing.scienceconsulting group, inc.
U.S. Total Media Spending in Context
TV is $69B Digital is $48B
TV DigitalPrint Radio
Out-of-Home $7 (4%)
Other $6 (3%)
Video $7 (13%)
Lead Gen $2 (4%)
• rich media
Source: eMarketer $184B total (2015E)
“Soup and Soda” “Cars and Computers”
November 2018 / Page 59marketing.scienceconsulting group, inc.
Left side “branding”; right side “performance”
awareness consideration choice purchase advocacy
“Soup and Soda” “Cars and Computers”
TV DigitalPrint Radio
• rich media