MESSAGE
| DATE | 2015-05-03 |
| FROM | Ruben Safir
|
| SUBJECT | Subject: [NYLXS - HANGOUT] digital advert fraud
|
What are the nine types of digital ad fraud?
*
* 9th Jan 2015
* Insight News
John Wilpers ()
John Wilpers, editor of the FIPP Innovation in Magazine Media
annual reports, presents the nine types of digital ad fraud.
John presented the ins and outs of digital advertising fraud in his
article: "You're infected, and probably don't even know it".
These are his take on the types of ad fraud out there.
1. *Impression (CPM) Ad Fraud*
Impression ad fraud has several parts:
* Hidden ad impressions
* Fake sites
* Video ad fraud
* Paid traffic fraud
* Ad re-targeting fraud
HIDDEN AD IMPRESSIONS: Hidden ad impressions (also called ad stuffing or
ad stacking) come from fraudsters either placing teeny
one-pixel-by-one-pixel windows throughout a web page and serving ads
into those virtually invisible ad spaces, or stacking layers of ads one
on top of the other in the same space but only the top ad is visible.
Some pages observed in a study
by the Association of
National Advertisers (ANA) and digital security firm WhiteOps found 85
ads on a single page where few if any ads were actually visible. Video
ads can also be stuffed into 1x1 spaces or continuously looped in stacks
so no user ever sees it.
The result is a huge ad inventory (tens of millions a day) on ad
exchanges, all of which can be sold but few or none of which are never
seen. For example, an /AdAge/ investigation found two examples of
massive fraud: One fraudulent site (modernbaby.com
) offered 19 million impressions per day on
one exchange while another fraudulent site (interiorcomplex.com
) offered 30 million ad impressions per
day on another exchange.
FAKE SITES: Fraudsters create fake sites containing only ad slots and
either no content or generic content often repeated from one fake page
to the next. None of these sites draws huge traffic (to avoid creating
suspicion) but networks of fake sites sold on programmatic ad exchanges
can generate millions in revenues taken together.
VIDEO AD FRAUD: The explosion in the popularity of online video has
drawn the attention of fraudsters. Fraudulent video ads are also as much
as ten times more lucrative than banner ads thanks to higher CPMs.
Fraudulent video ads are often stacked, invisible (the 1x1 windows), or
played in the background (where the consumer can’t see them).
PAID TRAFFIC FRAUD: Publishers buy “traffic” from third parties to
generate more unique visitors to their sites. the ANA/WhiteOps study
found that 52 per cent of that traffic is from bots, and occurs most
often between midnight and 7 AM.
RETARGETING FRAUD: Bots can be programmed to mimic specific and highly
desirable consumers’ online behaviour, such as home- or car-buyers. The
bot goes to relevant websites and acts like a consumer interested in
making a purchase, researching topics and clicking on ads, but not
necessarily actually making a purchase. That behaviour triggers a
campaign of re-targeted ads hoping to convince the “hot prospect” to
make the purchase … but those prospects are really just bots.
Nonetheless, the fraudulent ad targeting company makes money.
2. *Search (CPC) Ad Fraud*
Fraudsters select the most expensive keywords — the ones with the
highest cost per click (CPC). They then build their own websites and
load them up with the high CPC keywords to generate search ads. The
whole process is automated and the sites are generated by algorithm at a
dizzying pace to maximize potential revenue. Brands looking to advertise
against those popular keywords buy inventory on the fake sites. When the
fraudster’s bots click on the real ads, the advertiser gets a report
that makes it look like the click came from a real, respected website.
3. *Affiliate (CPA) Ad Fraud (AKA Cookie Stuffing)*
Affiliate marketing programs reward websites for getting visitors to
complete an action such as filling out a form or making a purchase.
Affiliate or Cost Per Action (CPA) fraud consists of a fraudster
manufacturing fake actions by using bots to direct qualifying traffic to
affiliate sites or stuff a consumer’s computer with fraudulent cookies
so that if that user goes to the affiliate’s site, the fraudster
collects the referral or commission payment. Often, the stuffed cookies
will override any legitimate cookies and rob the legitimate referrer of
earned income.
4. *Lead (CPL) Ad Fraud (AKA Conversion Fraud)*
This is the type of fraud most publishers believe is impossible.
Computers can’t possibly fill out forms, right?
Wrong.
What started with the bad guys employing small armies of people in
under-developed countries to fraudulently fill out forms for pennies
each has rapidly morphed into a completely automated fraud industry
where bots can fill out thousands of forms in the blink of an eye in a
way that fools most publishers’ rudimentary anti-fraud systems.
5. *Ad Injection and AdWare Fraud*
Not too long ago, a Target ad ran right in the middle of walmart.com
. Walmart did not sell the ad, but there it was,
big as day, promoting a Walmart competitor on Walmart’s own site.
The culprit was the latest in digital advertising fraud: Ad Injection.
Perpetrators of this line of fraud offer consumers what appears to be an
innocent incentive, usually a web browser tool bar or extension.
Secretly embedded in the tool bar or extension, however, is software
that injects onto unsuspecting sites advertisements that deliver no
revenue to the site itself but to the tool bar creator.
The fraudsters who create these tools do not tell the consumer about
this feature of the toolbar or extension. And they certainly do not pay
the publishers or brands on whose site the ad is injected. But the
fraudsters do list the inventory on programmatic ad exchanges as being
on that legitimate publisher’s or brand’s site (but they never get the
publisher’s or brand’s permission).
Some of the biggest brands and most reputable publishers in the world
have been victims of this type of fraud, including Walmart, Home Depot,
Macy’s, Dell, Samsung, Yahoo, MSN, weather.com ,
YouTube, and Yelp, according to /AdAge/.
While there are some commercial ad injection operations (e.g., RightApps
and 215 Apps) who insist that this is a legitimate practice, the
publishers and brands on whose sites are being hijacked rightfully disagree.
In a test by /AdAge, /the magazine observed instances of ad injection,
including YouTube “hosting” big ads from the likes of Subaru, Dick’s,
Target, Lion King, Harvard Business School, and Nissan. But YouTube was
not paid.
The ANA/WhiteOps study also found rampant injection fraud, including one
publisher whose site was hit with 500,000 injected ads every day for the
duration of the two-month study.
The study also found injected ads “on sites which are well known as
user-funded or subscription-based sites that do not permit ads.”
Unauthorized ad injection causes targeted websites to load more slowly.
Worse, injected ads potentially can damage both the advertiser’s and
publisher’s reputation, devalue the legitimate advertising on the site,
and deplete the advertiser’s digital ad inventory budget.
One of the companies engaging in ad injection, RightAction, serves up
1.5 billion ads a day, according to /AdAge/. RightAction co-founder
Stephen Gill told the magazine that his company “decided that not all
toolbar and plugin inventory is bad.”
According to Gill’s logic, the publishes and advertisers who “hosted”
RightAction’s 10.5 billion injected ads last week alone really don’t
mind giving up that revenue. Yeah, right.
Ad injectors are trading on brand’s reputations and high-quality content
which they did not pay to build or maintain. That smells to us like
fraud. Or theft. Or both.
In addition to ad injection, there are other forms of “black-hat” adware
or malware.
The ANA/WhiteOps study did not intend to include malware in its
bot-focused study, but researchers ran into so much malware fraud, they
felt they had to include it.
Malware behaves similarly to bots but malware creates a “pop-under”
window visible to the user until the user closes the pop-under, at which
point the malware continues to operate in the background without the
user’s knowledge, according to the study.
For example, one study participant’s video ad campaign garnered nearly
90 million impressions but only 7 per cent were seen by real human
beings. Malware that hosted the other 93 per cent of the impressions was
installed unknowingly by consumers.
That malware ran the video ads continuously in a browser in the
background of users’ computers, mostly hidden from the user and with the
audio volume automatically reduced to zero while playing the video (but,
to avoid suspicion, it left the audio for the computer’s other programs
untouched!). Even after the users restarted their computers, the adware
automatically played the video ads, even if the user did not reopen the
adware site or application, according to the ANA/WhiteOps study.
6. *Domain Spoofing or Laundered Ad Impression Fraud*
Domain spoofing fraud may be the most insidious and most difficult to
detect and prevent, and most lucrative for the bad guys.
With a simple line of code, fraudsters can change the URL of sites, even
sites on white lists and private ad exchanges, to make advertisers think
fake or piracy or porn sites are really the sites of reputable publishers.
Because advertisers assume that premium publishers are the best places
for their campaigns, they put those publishers’ sites on their
whitelists. Whitelists are presumed not only to be the best sites with
the best audiences, but also to be a safe defensive bulwark against ad
fraud. As a result, premium whitelisted sites command top bid prices on
exchanges.
Ironically, whitelists by their very nature attract fraudsters.
The potential for inordinately high CPMs with little risk of discovery
has prompted fraudsters to find ways to develop code that enables them
to mask their fake, piracy or porn sites as one of the sites on the
whitelists.
*Domain spoofing comes in two varieties.*
The first involves malware consumers accidentally install on their
personal computers. The malware actually injects ads windows onto
websites the consumer is viewing. In a nanosecond, the fraudster is able
to offer that space on what looks like a premium publisher’s site out
for bidding on an exchange. The price the fraudster commands reflects an
incredible discount for such a desirable site. The money for the ad
flows to the fraudster, not the premium publisher. This type of fraud is
hard to detect because the user really is on the premium publisher’s site.
The second approach to domain spoofing involves fraudsters modifying
codes in the ad tags that identify the domain a user is viewing. The
managers and users of ad exchanges must be able to assume that the ad
markup codes are always accurate. Sadly, such is not the case.
Fraudsters can easily delete the markup code and replace it with code
that enables them to impersonate any premium site they choose.
7. *CMS Fraud*
In this approach, bad guys hack into a publisher’s content management
system (CMS) and create their own pages using perfectly legitimate
domains. Then they put those pages on ad exchanges with the premium
publisher’s markup code, but the advertiser who purchases those
positions gets pages with no premium content and pays the fraudster
instead of the publisher.
8. *Re-Targeting Fraud*
As discussed earlier, fraudulent operators can program bots to imitate
very specific, very desirable types of consumers, from sports fans and
home-buyers to tech geeks and grandmothers. Those bots then browse
relevant websites in a way that makes them look like a qualified sales
prospect, including clicking on ads and filling out forms.
These actions create very valuable cookies that advertisers covet
because the target appears ready to make a purchase.
9. *Traffic Fraud or Audience Extension Fraud*
Sometimes publishers need to drive more traffic to their sites, most
often to fulfill a promised number of impressions for advertisers but
also sometimes to boost the number of unique visitors.
“A publisher might book a million dollar ad campaign with an advertiser,
but for whatever reason, they have shortfall of (impression) supply,”
Casale Media vice president Andrew Casale told FIPP. “So they will buy
programmatic media with the advertiser’s budget to fill shortfall.
Publishers go out and buy the traffic from sites they believe to be
similar to their own, but third-party sites have the highest percentage
of fraudulent traffic.
“The advertiser awarded the ad budget to the publisher at a high CPM
because the impressions would be appearing on a trusted brand site,”
said Casale. “But if the publisher betrays that trust and buys traffic
on sites not of the same quality, and that get back to the buyer, you’ve
harmed your brand and your relationship. Those publishers are
effectively feeding the problem, they are trying to solve.”
The full article on the ins and outs of digital advertising fraud:
"You're infected, and probably don't even know it".
/John Wilpers is currently edit//ing the
2015 edition of *FIPP's Innovation in Magazine Media World Report* which
will be launched at the FIPP/VDZ/eMediaSf Digital Innovators Summit
in Berlin, 21-24 March 2015
. This will be the 6th edition of the Innovation Report
which he has
co-authored as consultant with Innovation International Media Consulting
. John consults with media companies around the world focusing on
multi-platform innovation, organizational integration, and
customer-driven editorial management to deliver multimedia content 24-7
across all platforms. He is currently working with the University of
Virginia on their print and digital publications after finishing
projects with a Czech magazine and newspaper publishing company in
Prague, a Washington, DC B2B magazine company, and a Norwegian newspaper
group./
/Subscribe to FIPP's monthly Innovation newsletter (free).
//Further information
from Helen Bland at FIPP. /
More like this
Your're infected and probably don't even know it: 12 innovative ways to
detect and prevent digital ad fraud
You probably think ad fraud doesn't affect you. Think again.
|
|
