Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Dr. Augustine Fou - The Lowdown on Ad Fraud for Advertisers - Seattle Interactive 2016

Advertisers have deployed technology and relied on new industry standards to reduce wasted ad spend due to fraud and low viewability. But have those actually worked to drive up RoAS (return on ad spend)? Research data suggests that there are still high amounts of ad fraud that remains to be cleaned up and that the fake traffic, impressions, and clicks further corrupt the analytics that advertisers use to measure the success of their campaigns. Hear practical recommendations from Dr. Augustine Fou, independent cybersecurity and ad fraud researcher, on how to measure and mitigate ad fraud using high tech tools and low tech techniques.

  • Be the first to comment

  • Be the first to like this

Dr. Augustine Fou - The Lowdown on Ad Fraud for Advertisers - Seattle Interactive 2016

  1. 1. The Lowdown on Ad Fraud for Advertisers October 2016 Augustine Fou, PhD. 212. 203 .7239 (New York)
  2. 2. Ad Fraud Background
  3. 3. October 2016 / Page 2marketing.scienceconsulting group, inc. Fraud continues up as digital ad spend goes up Digital ad fraud Digital ad spend Source: IAB 2015 FY Report $ billions E High / Low Estimates
  4. 4. October 2016 / Page 3marketing.scienceconsulting group, inc. Bad guys follow the money – focus on CPM, CPC fraud Impressions (CPM/CPV) Clicks (CPC) Search 32% 91% digital spend Display 12% Video 7% Mobile 40% Leads (CPL) Sales (CPA) Lead Gen $2.0B Other $5.0B • classifieds • sponsorship • rich media (86% in 2014) Source: IAB 2015 FY Report (83% in 2013)
  5. 5. October 2016 / Page 4marketing.scienceconsulting group, inc. Two main types of fraud, two key ingredients Impression (CPM) Fraud (includes mobile display, video ads) 1. Put up fake websites and load tons of ads on the pages Search Click (CPC) Fraud (includes mobile search ads) 2. Use bots to repeatedly load pages to generate fake ad impressions 1. Put up fake websites and participate in search networks 2. Use bots to type keywords and then to click on the ads to generate the CPC revenue screen shots of fake sites
  6. 6. October 2016 / Page 5marketing.scienceconsulting group, inc. How profitable is digital ad fraud? Extremely… Source: networks-continue-to-thrive “the profit margin is 99% … [especially with pay-for-use cloud services ]…” Source: Digital Citizens Alliance Study, Feb 2014 “highly lucrative, and profitable… with margins from 80% to as high as 94%…”
  7. 7. October 2016 / Page 6marketing.scienceconsulting group, inc. How scalable are ad fraud operations? Massively … Cash out sites are massively scalable 131 ads on page X 100 iframes = 13,100 ads /page One visit redirected dozens of times Known blackhat technique to hide real referrer and replace with faked referrer. Example how-to: m/blackhat-seo/cloaking- content-generators/36830- cloaking-redirect-referer.html Thousands of requests per page Single mobile app calling 10k impressions Source: Forensiq
  8. 8. October 2016 / Page 7marketing.scienceconsulting group, inc. AppNexus example – cleaned up 92% of impressions Increased CPM prices by 800% Decreased impression volume by 92% Source: 260 billion 20 billion > $1.60 < 20 cents “pity those advertisers who bought before the cleanup”
  9. 9. Fake Websites (cash-out sites)
  10. 10. October 2016 / Page 9marketing.scienceconsulting group, inc. Websites – spectrum from bad to good Ad Fraud Sites Click Fraud Sites 100% bot mostly human Piracy Sites Premium Publishers Sites w/ Sourced Traffic “fraud sites” “sites w/ questionable practices” “good guys” Websites “real content that real humans want to read”
  11. 11. October 2016 / Page 10marketing.scienceconsulting group, inc. Identical sites – fraud sites made by template
  12. 12. October 2016 / Page 11marketing.scienceconsulting group, inc. Countless fraud domains used to commit ad fraud 100s of thousands more sites like these, designed to profit from high value ads
  13. 13. Fake Visitors (bots)
  14. 14. October 2016 / Page 13marketing.scienceconsulting group, inc. Bots are developer tools (browser) used for ad fraud Headless Browsers Selenium PhantomJS Zombie.js SlimerJS Mobile Simulators 35 listed Bots are made from malware compromised PCs or headless browsers (no screen) in datacenters. Bots
  15. 15. October 2016 / Page 14marketing.scienceconsulting group, inc. Bots range in sophistication, and therefore cost Javascript installed on webpage Malware on PCsData Center BotsOn-Page Bots Headless browsers in data centers Malware installed on humans’ devices Less sophisticated Most sophisticated Source: AdAge/Augustine Fou, Mar 2014 Source: Forensiq Source: Augustine Fou, Oct 2015 “not many people know that the official industry bot lists catch NONE of these bots, not one.” 1 cent CPMs Load pages, click 10 cent CPMs Fake scroll, mouse movement, click 1 dollar CPMs Replay human-like mouse movements, clone cookies
  16. 16. October 2016 / Page 15marketing.scienceconsulting group, inc. Bad guys’ bots earn more money, more efficiently Higher bots in retargetingBots collect cookies to look attractive Source: DataXu/DoubleVerify Webinar, April 2015 Source: White Ops / ANA 2014 Bot Baseline
  17. 17. October 2016 / Page 16marketing.scienceconsulting group, inc. Bots – from easy-to-detect to advanced bots 10,000 bots observed in the wild bad guys’ bots3% Dstillery, Oct 9, 2014_ “findings from two independent third parties, Integral Ad Science and White Ops” 3.7% Rocket Fuel, Sep 22, 2014 “Forensiq results confirmed that ... only 3.72% of impressions categorized as high risk.” 2 - 3% comScore, Sep 26, 2014 “most campaigns have far less; more in the 2% to 3% range.” industry lists (bot name-match) “not on any list” disguised as normal browsers – Internet Explorer; constantly adapting to avoid detection
  18. 18. October 2016 / Page 17marketing.scienceconsulting group, inc. Any device with chip/connectivity can be used as a bot Traffic cameras used as botnet (Engadget, Oct 2015) mobile devices connected traffic lights connected cars thermostat connected fridge Security cams used as DDoS botnet (Engadget, Jun 2016) (TechTimes, Sep 2016)
  19. 19. Bot Detection Toolset
  20. 20. October 2016 / Page 19marketing.scienceconsulting group, inc. Tech toolset - javascript tag installed on-site or in-ad In-Ad (ad iframes)On-Site (publishers’ sites) • For publishers to detect and characterize each visitor to the website • Installed just like Google Analytics via 2 lines of code • For advertisers (served as an ad tag) to characterize the user that caused the ad to load ad tag / pixel (in-ad measurement) javascript embed (on-site measurement)
  21. 21. October 2016 / Page 20marketing.scienceconsulting group, inc. Visual difference between good publishers, networks good publishers ad exchanges/networks
  22. 22. October 2016 / Page 21marketing.scienceconsulting group, inc. End of month traffic and impressions fulfillment Impressions surgevolume bars (green) Stacked percent Blue (human) Red (bots) red vs blue trendlines Caused by bots
  23. 23. October 2016 / Page 22marketing.scienceconsulting group, inc. Real traffic surges caused by humans on news site Traffic surges volume bars (green) Stacked percent Blue (human) Red (bots) red v blue trendlines By humans
  24. 24. October 2016 / Page 23marketing.scienceconsulting group, inc. AdMonsters Publishers Study – Class of May 2016 AdMonsters Publishers Study • 30 days, directly measured • 30 publishers/sites • 1 billion pageviews • ocean of blue
  25. 25. October 2016 / Page 24marketing.scienceconsulting group, inc. Declared/search bots should be low, no ads served - searched for "HTTP_USER_AGENT:smartbrief" - searched through 98784 visits in 101 batches. - found 11519 matches (11.66%). - searched for "HTTP_USER_AGENT:moatbot" - searched through 98784 visits in 101 batches. - found 2064 matches (2.09%). - searched for "HTTP_USER_AGENT:googlebot" - searched through 98784 visits in 101 batches. - found 425 matches (0.43%). - searched for "HTTP_USER_AGENT:bingbot" - searched through 98784 visits in 101 batches. - found 85 matches (0.09%). Smartbrief Bot GoogleBot moatbot Bingbot
  26. 26. October 2016 / Page 25marketing.scienceconsulting group, inc. Ad Fraud Risks for Advertisers (scenarios illustrated with examples)
  27. 27. October 2016 / Page 26marketing.scienceconsulting group, inc. How many impressions do you want to buy? Rectangular traffic patterns – turn bots on, turn bots off on demand
  28. 28. October 2016 / Page 27marketing.scienceconsulting group, inc. m/skin-care- products/OlayPro- X?utm_source=msn &utm_medium=cpc &utm_campaign=Ol ay_Search_Desktop What premium sites do you want to buy from? Click thru URL passes fake source “utm_source=msn” buy eye cream online (expensive CPC keyword) 1. Fake site that carries search ads ad in #1 position 2. search ad served, fake click Destination page fake source declared 3. Click through to destination page
  29. 29. October 2016 / Page 28marketing.scienceconsulting group, inc. How many clicks/sessions/views do you want? click on links load webpages tune bounce rate tune pages/visit “bad guys’ bots are advanced enough to fake most metrics”
  30. 30. October 2016 / Page 29marketing.scienceconsulting group, inc. What click through rates are you shooting for? Programmatic display (18-45% clicks from advanced bots) Premium publishers (0% clicks from bots) 0.13% CTR (18% of clicks by bots) 1.32% CTR (23% of clicks by bots) 5.93% CTR (45% of clicks by bots) Campaign KPI: CTRs
  31. 31. October 2016 / Page 30marketing.scienceconsulting group, inc. What is your target viewability? Bad guys cheat and stack ALL ads above the fold to make 100% viewability. Good guys have to array ads on the page – e.g. 50% or lower overall average viewability. Fraud SitesGood Publishers “100% viewability? Sure, no problem.” AD
  32. 32. October 2016 / Page 31marketing.scienceconsulting group, inc. Need 0% NHT traffic? Or Middle East traffic? • “IntegralAdScience filtered traffic, she says, can be monetized on any banner network from “the exchanges.” • Pixalate filtered traffic, she says, can be monetized on any search feed. • MOAT filtered traffic, she says, works well with video networks but not one in particular.” Source: Shailin Dhar, Ad Fraud Researcher
  33. 33. October 2016 / Page 32marketing.scienceconsulting group, inc. Case Examples of Reducing Ad Fraud
  34. 34. October 2016 / Page 33marketing.scienceconsulting group, inc. Line item detail reveals obvious fraud Line item details Overall average 9.4% CTR “fraud hides easily in averages”
  35. 35. October 2016 / Page 34marketing.scienceconsulting group, inc. Once detected, we turn off specific referring source 102,231 sessions 0 sessions goal event – no change
  36. 36. October 2016 / Page 35marketing.scienceconsulting group, inc. Advertiser increased ads served to humans, less to bots • By systematically reducing spend to sites that had the highest incidence of bots, the advertiser increased ad impressions served to humans, and lowered those served to bots
  37. 37. October 2016 / Page 36marketing.scienceconsulting group, inc. Advertiser increased goal events by serving to humans Period 1 Period 2 Period 3 20% confirmed humans 30% confirmed humans 190k 5k 220k 6k 280k 7k total goal events average daily goals 10% confirmed humans
  38. 38. October 2016 / Page 37marketing.scienceconsulting group, inc. Advertiser turned off highly suspicious placements .xyz domains suspicious mobile apps
  39. 39. October 2016 / Page 38marketing.scienceconsulting group, inc. Best Practices of Savvy Advertisers “don’t assume your agency took care of it” • Challenge all assumptions – don’t assume someone else “took care of it.” Verify, by demanding detailed reports, because fraud hides easily in averages • Check your Google Analytics - question anything that looks suspicious; more details that can reveal fraud and waste • Corroborate measurements – measure different parameters together and see if they still make sense; reduce false positives or negatives • Use conversion metrics – CPG client uses click-and-print digital coupons; pharma client uses doctor finder zip code searches, plus clicks to doctor pages; retailers use sales
  40. 40. October 2016 / Page 39marketing.scienceconsulting group, inc. About the Author/Researcher October 2016 Augustine Fou, PhD. 212. 203 .7239 (New York)
  41. 41. October 2016 / Page 40marketing.scienceconsulting group, inc. Dr. Augustine Fou – Recognized Expert on Ad Fraud 2013 2014 SPEAKING ENGAGEMENTS / PANELS 4A’s Webinar on Ad Fraud AdCouncil Webinar on Ad Fraud TelX Marketplace Live Panel on Cybersecurity ARF Audience Measurement / ReThink IAB Webinar on Ad Fraud / Botnets AdMonsters Publishers Forum / OPS DMA Webinar – Ad Fraud & Measurement 2016 2015
  42. 42. October 2016 / Page 41marketing.scienceconsulting group, inc. Harvard Business Review – October 2015 Excerpt: Hunting the Bots Fou, a prodigy who earned a Ph.D. from MIT at 23, belongs to the generation that witnessed the rise of digital marketers, having crafted his trade at American Express, one of the most successful American consumer brands, and at Omnicom, one of the largest global advertising agencies. Eventually stepping away from corporate life, Fou started his own practice, focusing on digital marketing fraud investigation. Fou’s experiment proved that fake traffic is unproductive traffic. The fake visitors inflated the traffic statistics but contributed nothing to conversions, which stayed steady even after the traffic plummeted (bottom chart). Fake traffic is generated by “bad-guy bots.” A bot is computer code that runs automated tasks.