Avoid the 2025 web accessibility rush: do not fear WCAG compliance
State of Digital Ad Fraud Q4 2018
1. November 2018 / Page 0marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Digital Marketing
Q4 2018
November 2018
Augustine Fou, PhD.
acfou [at] mktsci.com
212. 203 .7239
2. November 2018 / Page 1marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Would you buy a vacuum
that doesn’t suck?
3. November 2018 / Page 2marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
You buy fraud detection, right?
Fraud detection tech is easily blocked and tricked by bad guys
Detection Tag Blocking—
analytics tags/fraud detection
tags are maliciously stripped out
“malicious code manipulated data to
ensure that otherwise unviewable ads
showed up in measurement systems
as valid impressions, which resulted in
payment being made for the ad.”
Source: Buzzfeed, March 2018
4. November 2018 / Page 3marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
They miss obvious botnets
Bots repeatedly loading ads and pages, 100% Android devices
Devices repeatedly load ads 100% Android 8.0.0 visitors
5. November 2018 / Page 4marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Sampling, Bad Measurement
Sampling can lead to large discrepancies and bad measurements
WRONG IVT Measurement
Source 3 - in ad iframe, badly sampled
Incorrect, due to sampling
6. November 2018 / Page 5marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Legit sites incorrectly marked
Domain (spoofed) % SIVT
esquire.com 77%
travelchannel.com 76%
foodnetwork.com 76%
popularmechanics.com 74%
latimes.com 72%
reuters.com 71%
bid request
fakesite123.com
esquire.com
passes blacklist
passes whitelist
✅
✅
declared
1. fakesite123.com has to pretend
to be esquire.com to get bids;
2. fraud measurement shows high
IVT b/c it is measuring the fake
site with fake traffic
3. Fake esquire.com gets mixed with
real so average fraud rates
appear high.
4. Real esquire.com gets backlisted;
bad guy moves on to another
domain.
7. November 2018 / Page 6marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
“Verified” no different than control
“Verified Bots”
“Verified Humans”
Control: No Targeting
+$0.25 data CPM
+$0.25 data CPM
“verified bots” and “verified
humans” showed no difference in
quality to each other – AND both
were no different than the
control where no targeting
was used.
8. November 2018 / Page 7marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Many sellers of “valid” traffic
They sell “traffic” that gets by fraud detection filters, costs more
Choose Your “Traffic Quality Level”
“Valid traffic” goes
for higher prices
Source: Shailin Dhar
9. November 2018 / Page 8marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Sites buy traffic, sell ad inventory
Ads sold throughBuy traffic for
$1.70 CPM
Sell ads for
$5 - $10 CPMs
Marketers duped
Source: SimilarWeb
11. November 2018 / Page 10marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Do you know where
your spots blind are?
P.S. 90% of the the people who read
read this didn’t spot the second the.
12. November 2018 / Page 11marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Ad dollars fund child abuse sites
“Using a variety of
sophisticated
techniques to avoid
detection, offenders
are exploiting online
advertising
networks to
monetise their
distribution of child
sexual abuse
material.”
Source: The Drum
Nov 6, 2018
13. November 2018 / Page 12marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
(2013) Ad dollars fund piracy sites
“Highly Lucrative, Profitable
The aggregate ad revenue
for the sample of 596 sites
was an estimated $56.7
million for Q3 of 2013,
projecting out to $226.7
million dollars annually,
with average profit margins
of 83%, ranging from 80% to
as high as 94%.”
Source: Digital Citizens Alliance Study
https://thetrichordist.com/2013/01/28/over-50-major-
brands-supporting-music-piracy-its-big-business/
14. November 2018 / Page 13marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Brand safety tech doesn’t work
In-ad tag
ad iframeBad word
Bad content
Bad word
Bad content
Basic browser security
(no cross-domain)…
… tracking tags in ad iframe
cannot read content on the
page to do brand-safety
measurements.
15. November 2018 / Page 14marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Methbot, Hyphbot (video fraud)
Vast botnets targeting high-value video ads, disguising/hiding
Source: Dec 2016 WhiteOps Discloses Methbot
Research
“Methbot, steals $2 billion
annualized; and it avoided
detection for years.”
• Targeted video ad inventory
$13 average CPM, 10X higher
than display ads
• Disguised as residential
bots pretended to be from
residential IP addresses
2016
Source: Adform, Nov 2017
“Hyphbot, targeted video
ad inventory avoided
detection.”
2017
• active through at least 14
different exchanges and SSPs
• generating up to 1.5 billion
requests per day
• generated fake traffic on
more than 34,000 different
domains, 600k IP addresses
16. November 2018 / Page 15marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Faked residential IP addresses
Residential IP addresses used to disguise the origins of bot traffic
17. November 2018 / Page 16marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Bots don’t’ come from Russia
0
20
40
60
80
100
120
140
Amazon
AWS
Level3
Commun
Other
Data
Centers
Microsoft
Nobis
Tech
SoftLayer
Yahoo
Indexed IN-AD Indexed ON-SITE
200
“Amazon Cloud is far and away the most popular
data center to create ad-impression loading bots”
18. November 2018 / Page 17marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Gross Failures of Fraud
Detection Tech
19. November 2018 / Page 18marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
(2015) Display ads …
Increased CPM prices
by 800%
Decreased impression
volume by 92%
Source: http://adexchanger.com/ad-exchange-news/6-months-after-fraud-cleanup-appnexus-shares-effect-on-its-exchange/
260 billion
20 billion
> $1.60
< 20 cents
20. November 2018 / Page 19marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Fake devices / mobile simulators
Download and Install Apps
Launch and Interact
21. November 2018 / Page 20marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
(2017) Mobile app install fraudSource: October 2018,
Tune
average 20% fraud
100% fraud
50% fraud24 billion clicks on
700 mobile networks
22. November 2018 / Page 21marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
(2017) Mobile display ad fraud
May 26 Forbes “Judy Malware”
• 40 bad apps to load ads
• 36 million fake devices to load
bad apps
• e.g. 30 ads per device /minute
• 30 ads per minute = 1 billion
fraud impressions per minute
June 1 Checkpoint “Fireball”
• 250 million infected devices
• primary use = traffic for ad
fraud
• 4 ads /pageview (2s load time)
• fraudulent impressions at the
rate of 30 billion per minuteSource: June 2017 “Chinese click
fraud gang in Thailand arrested”
300 real devices
used for click fraud
23. November 2018 / Page 22marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Fake sites pretend to be good
Lists rely on or compare against declared data, so they don’t work
bid request
fakesite123.com cookie
ft.com
blacklist
whitelist
✅
✅
bid
ad impression
Pre-bid filters
FRAUD DETECTIONPROGRAMMATIC SEQUENCE
In-ad
declared
FAILS because
everything is declared
(i.e. easily faked)
24. November 2018 / Page 23marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Domain spoofing examples
Fake sites disguise themselves as good domains to sell inventory
“bad actors intentionally disguise the nature of
the ad space they’re selling. … a marketer might
believe they’re paying for ads on FT.com.”
https://www.wsj.com/articles/financial-
times-finds-counterfeit-ad-space-was-
offered-by-at-least-six-companies-
1507563713
“more than 1,400 apps were
found to have loaded ads under
TV Guide’s domain name”
2017 2018
25. November 2018 / Page 24marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
(2017) Pop-Unders / Redirects
These forms of fraud typically get by current fraud detection tech
a.k.a. “zero-click” “pop-under”
“forced-view” “auto-nav”
Source: https://www.buzzfeed.com/craigsilverman/remember-tom
26. November 2018 / Page 25marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
(2018) Mobile app spoofing
One example was an Android app called
MegaCast, which was found to be displaying the
unique ID of others apps to attract bids for ads.
[Google] "confirmed the traffic from the apps
"seems to be a blend of organic user traffic and
artificially inflated ad traffic, including traffic
based on hidden ads".
The scheme reportedly involved 125 Android apps
and websites. … the fraudsters buy legitimate
Android apps with an established reputation and
then … blend bot- and human-generated traffic
to evade ad-fraud detection.
The TechSnab malware is usually bundled with
free, third-party apps and is installed as a
browser extension. Users would discover an
infection if they see pop-ups, pop-unders and
various other ads marked 'TechSnab'.
Source: Buzzfeed News, Oct 2018
27. November 2018 / Page 26marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Fake fraud detection
Sportsbot was entirely fabricated for PR for fraud detection co.
PRESS RELEASE:
“used highly sophisticated techniques
to fraudulently load ads on the
affected sites without the site owners'
consent, leveraging a new
methodology that allows it to
monetize inventory on premium
domains.”
“The botnet was completely fabricated for the press
release announcing their new algo. None of this
actually happened; no ads were injected into any of
the sites they named in the press release. This was
confirmed by direct measurement on the good
publishers’ sites. They were falsely accused and their
reputation was harmed by this publicity stunt.
28. November 2018 / Page 27marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Would you throw your money
into a pile and burn it?
Who’s paying for this sh*t?
29. November 2018 / Page 28marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Chase: -99% reach, no impact
“JPMorgan had already decided
last year to oversee its own
programmatic buying operation.
Advertisements for JPMorgan
Chase were appearing on about
400,000 websites a month. [But]
only 12,000, or 3 percent, led to
activity beyond an impression.
[Then, Chase] limited its display
ads to about 5,000 websites. We
haven’t seen any deterioration on
our performance metrics,” Ms.
Lemkau said.”
“99% reduction in ‘reach’ … Same Results.”
Source: NYTimes, March 29, 2017
(because it wasn’t real, human reach)
30. November 2018 / Page 29marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
P&G: cut $200M, no impact
“Once we got transparency, it
illuminated what reality was,” said
Mr. Pritchard. P&G then took matters
into its owns hands and voted with
its dollars, he said.”
“As we all chased the Holy Grail of
digital, self-included, we were
relinquishing too much control—
blinded by shiny objects,
overwhelmed by big data, and ceding
power to algorithms,” Mr. Pritchard
said.
Source: WSJ, March 2018
31. November 2018 / Page 30marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
You paid WTF !?!?
Quadruplicate?
32. November 2018 / Page 31marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Would you fund cybercrime
and help cybercriminals?
33. November 2018 / Page 32marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Counterfeit goods
Just like fake Rolex watches and LVMH handbags, fake digital ads
Further Reading: https://drive.google.com/file/d/1r3g4GwBTl0hxh6RI97zxwCVErlrYauu8/view
34. November 2018 / Page 33marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Falsified profiles, fake accounts
Unverifiable lookalike audiences contain fake profiles/preferences
Bots pretend to be
oncologists by visiting
oncology related sites.
Fake Followers
https://www.nytimes.com/interactive/2018/
01/27/technology/social-media-bots.html
35. November 2018 / Page 34marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
(2018) Lotame purges bot profiles
“[LOTAME] purged 400
million of its over 4
billion profiles after
identifying them as
bots or otherwise
fraudulent accounts.
Lotame CEO Andy
Monfried estimated
that 40 percent of all
web traffic is fictional.”
Adweek, Feb 2018
36. November 2018 / Page 35marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Illegal Access / Breaches
Harvesting personal info, ecommerce transactions, other data
BreachesIllegal Access
https://www.csoonline.com/article/2130
877/data-breach/the-biggest-data-
breaches-of-the-21st-century.html
37. November 2018 / Page 36marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Malware, Ransomware, Mining
Ransomware and malicious cryptomining using humans’ devices
https://blog.malwarebytes.com/cybercrime/2018/02/state-malicious-cryptomining/https://www.zdnet.com/article/ransomware-not-dead-just-getting-a-lot-sneakier/
38. November 2018 / Page 37marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Highest grossing, highest margin
2,500 - 4,100% returns
11% returns1% interest
digital ad fraud
stock marketbank interest
“where else can I get multi-
thousands percent returns on
my money? Right. Nowhere.”
39. November 2018 / Page 38marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
“Digital ad fraud is literally the
bad guys’ ATM – it spits out cash.
And every year $300 billion of marketers’
digital ad budgets refills this ATM.”
40. November 2018 / Page 39marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Ad fraud is at all-time highs
There’s $100B in digital ad spend to steal from, year after year
U.S. Digital Ad Spend
($ billions)
Actuals Projected
Digital Ad Fraud
($ billions)
($300B worldwide)
41. November 2018 / Page 40marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Just because you can’t see it
… doesn’t mean it’s not there.
42. November 2018 / Page 41marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
What Can Marketers Do?
43. November 2018 / Page 42marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
“fight ad fraud with
common sense”
- stop wasting money on tech that
doesn’t work
- insist on detailed data and look at
the analytics yourself
44. November 2018 / Page 43marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Tech + Technique
45. November 2018 / Page 44marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Impressions offered (30 days)
46. November 2018 / Page 45marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Abnormally High Win Rates
Obvious fraud
still gets
through; but we
turned off
manually early
in the campaign
47. November 2018 / Page 46marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Bids won vs ads served
For each “bid won,” an “ad impression” should be served
Bad guys may not
even wait till the ad
is served since they
are already paid
based on the number
of impressions won.
From the data, the
more fraudulent the
site, the greater the
discrepancy
– e.g. 80 – 100%
DSP says Adserver says
48. November 2018 / Page 47marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Marketers’ anti-fraud playbooks
“Plays” that marketers can run themselves, to assess ad fraud
• Brand (B2C) Marketers’ Anti-Fraud
Playbook
• Performance (B2B) Marketers’ Anti-Fraud
Playbook
• Questions to Ask Verification Vendors
49. November 2018 / Page 48marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
#FOMO or #FOFO
(or both)
50. November 2018 / Page 49marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
#defendthespend
“marketers can (and should) reduce the
flow of dollars to cybercriminals that are
committing ‘major economic crimes’.”
Then, and only then, will we get
back to REAL digital marketing.”
51. November 2018 / Page 50marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Digital Marketing circa 2018
52. November 2018 / Page 51marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
About the Author
Augustine Fou, PhD.
acfou [@] mktsci.com
212. 203 .7239
53. November 2018 / Page 52marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Dr. Augustine Fou – Independent Ad Fraud Researcher
2013
2014
Published slide decks and posts:
http://www.slideshare.net/augustinefou/presentations
https://www.linkedin.com/today/author/augustinefou
2016
2015
2017
54. November 2018 / Page 53marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
APPENDIX
55. November 2018 / Page 54marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Good Publishers vs Ad Exchanges
Ad Exchange Good Publisher Take-Away
Left after
Fees
60% 100% When buyers buy direct from publisher, 100%
of every dollar goes towards “working media”
Not Bots 74%
(avg NHT 26%)
97%
(avg NHT 3%)
Not bots, but doesn’t necessarily mean
humans. Buy direct from good publishers,
rather than use fraud detection tech to clean
up afterward.
Viewable 41% 91% Viewability is generally much higher in good
pubs than sites that belong to exchanges.
Not Ad
Blocked
80%
(avg 20% blocked)
100% Good publishers don’t call ads when ad is
active. This is confirmed when measuring in-ad.
Confirmed
Humans
16% 61% Good publishers have real content that real
humans want to read; so they have human
audiences. Also bots can’t make money going
there.
Productivity
of Ads 2% 54%
Buying from good publishers means your
dollar goes at least 27X further than buying
from programmatic sources. This is BEFORE
targeting and ad effectiveness.
56. November 2018 / Page 55marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Myth of the long tail
Most people visit sites they know most; occasionally long tail ones
“There are numerous pieces of research on how even as people
accumulate hundreds of TV channels, they only watch seven. It's rather
commonly accepted that in a sea of millions of mobile apps, most people
stick to half a dozen.” http://www.businessinsider.com/the-advertising-industry-has-been-living-a-lie-2017-10
57. November 2018 / Page 56marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Myth of Hypertargeting
After 3 parameters, the matching audience gets really tiny
Female Male
18-25 13-17 25-34 35-49 50+
1. gender
2. age range
3. geographic location
50%
10%
2%
100 params?
300 params?
58. November 2018 / Page 57marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Traditional Digital
Metric:
Size of
Audience
Metric:
Actions of
Users
Pitching Catching+
Instead of …
VS
Pitching AND Catching – both are required
59. November 2018 / Page 58marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
U.S. Total Media Spending in Context
TV is $69B Digital is $48B
TV DigitalPrint Radio
Out-of-Home $7 (4%)
Other $6 (3%)
$70 billion
38%
$53 billion
29%
$32
17%
$16
9%
Display
$6 billion
24%
Search
$14 billion
43%
Video $7 (13%)
Mobile
$9B$7B
display search
Other
$9
17%
Lead Gen $2 (4%)
• classifieds
• sponsorship
• rich media
Source: eMarketer $184B total (2015E)
$32B$38B
broadcast cable
branding performance
“Soup and Soda” “Cars and Computers”
60. November 2018 / Page 59marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Left side “branding”; right side “performance”
awareness consideration choice purchase advocacy
branding performance
“Soup and Soda” “Cars and Computers”
TV DigitalPrint Radio
Out-of-Home
OtherDisplay Search
Video
Mobile
display search
Other
Lead Gen
• classifieds
• sponsorship
• rich media
broadcast cable