Human audiences are scarce and valuable; if you want "traffic" or "inventory' there's plenty of that, even at low cost (because it's generated by bots -- i.e. NHT - non-human traffic).

1. Better Media Means
Better Outcomes
April 2017
Augustine Fou, PhD.
acfou@mktsci.com
212. 203 .7239

2. “Are you buying ‘traffic’ or
‘inventory’? There’s plenty of
that … at low cost, even.”
“Real human audiences are
scarce and valuable.”

3. Case Examples for Advertisers

4. April 2017 / Page 3marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Reduce bots/NHT in display campaigns
Period 1 Period 3Period 2
Initial baseline
measurement
Measurement after
first optimization
Eliminating several
“problematic” networks

5. April 2017 / Page 4marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Improve outcomes by shifting spend
Measure
Ads
Measure
Arrivals
Measure
Conversions
clean, good media
low-cost media,
ad exchanges
346
1743
5
156
30X better
outcomes
• More arrivals
• Better quality
A
B

6. April 2017 / Page 5marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Make analytics more accurate and clean
7% conversion rate 13% conversion rate
artificially low actually correct

7. April 2017 / Page 6marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Assess “humanness” of media channels
Organic sources
have more humans
(dark blue)
Conversion actions
(calls) are well
correlated to humans

8. April 2017 / Page 7marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Higher quality means lower cost per human
Lower quality paid
sources mean higher
cost per human – like
11X higher cost.
Sources of different
quality send widely
different amounts of
humans to landing pages.

9. Ad Fraud Background

10. April 2017 / Page 9marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Digital ad fraud is profitable and scalable
Source: https://hbr.org/2015/10/why-fraudulent-ad-networks-continue-to-thrive
“the profit margin is 99% … [especially
with pay-for-use cloud services ]…”
“highly lucrative, and profitable… with
margins from 80% to 94%…”
“why stop at 10 ads
on the page; why
not load 13,000 ads
on the page”
131 ads on page
X
100 iframes
=
13,100 ads /page
Source: Digital Citizens Alliance Study, Feb 2014

11. April 2017 / Page 10marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Example – 92% of impressions cleaned
Increased CPM prices
by 800%
Decreased impression
volume by 92%
Source: http://adexchanger.com/ad-exchange-news/6-months-after-fraud-cleanup-appnexus-shares-effect-on-its-exchange/
260 billion
20 billion
> $1.60
< 20 cents

12. April 2017 / Page 11marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Methbot stayed hidden for years
Source: Dec 2016 WhiteOps Discloses Methbot Research
“the largest ad fraud discovered to date,
a single botnet, Methbot, steals $3 - $5
million per day, $2 billion annualized.”
1. Targets video ad inventory
$13 average CPM, 10X
higher than display ads
2. Disguised as good publishers
Pretending to be good
publishers to cover tracks
3. Simulated human actions
Actively faked clicks, mouse
movements, page scrolling
4. Obfuscated data center origins
Data center bots pretended to
be from residential IP addresses

13. Where is Ad Fraud
Concentrated?

14. April 2017 / Page 13marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
CPM/CPC (91% of spend) is most targeted
Impressions
(CPM/CPV)
Clicks
(CPC)
Search
27%
91% digital spend
Display
10%
Video
7%
Mobile
47%
Leads
(CPL)
Sales
(CPA)
Lead Gen
$2.0B
Other
$5.0B
• classifieds
• sponsorship
• rich media
(89% in 2015)
Source: IAB 1H 2016 Report
(86% in 2014)

15. April 2017 / Page 14marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Two key ingredients of CPM and CPC Fraud
Impression
(CPM) Fraud
(includes mobile display, video ads)
1. Put up fake websites and
load tons of ads on the pages
Search Click
(CPC) Fraud
(includes mobile search ads)
2. Use fake users (bots) to
repeatedly load pages to
generate fake ad impressions
1. Put up fake websites to
participate in search networks
2. Use fake users (bots) to type
keywords and click on them to
generate the CPC revenue
screen shots
of fake sites

16. Fake Websites
(cash-out sites)

17. April 2017 / Page 16marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
99% human pageviews on “sites you’ve heard of”
100% bot
pageviews on
“fraud sites”
99% of human
pageviews are on
“sites you’ve heard of”
“real content that real
humans want to read”
WSJ
ESPN
NYTimes
Reuters
CBSSports
1% of human
pageviews are on
“long tail sites”
“niche content that
some humans want
to read”
top 1 million sitesnext 10 million sites318 million sites
Verisign reports 329 million domains registered by Q4 2016Source: http://www.verisign.com/en_US/domain-names/dnib/index.xhtml

18. April 2017 / Page 17marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Countless fraud sites made by template
100%
bot

19. Fake Visitors
(bots)

20. April 2017 / Page 19marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Bots are automated browsers used for ad fraud
Headless Browsers
Selenium
PhantomJS
Zombie.js
SlimerJS
Mobile Simulators
35 listed
Bots are made from malware
compromised PCs or headless
browsers (no screen) in datacenters.
Bots

21. April 2017 / Page 20marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Bots range in sophistication, and therefore cost
Javascript installed
on webpage
Malware on PCsData Center BotsOn-Page Bots
Headless browsers
in data centers
Malware installed on
humans’ devices
Less sophisticated Most sophisticated
Source: AdAge/Augustine Fou, Mar 2014 Source: Forensiq Source: Augustine Fou, Oct 2015
“the official industry lists of bots catch NONE
of these bots”
1 cent CPMs
Load pages, click
10 cent CPMs
Fake scroll, mouse
movement, click
1 dollar CPMs
Replay human-like mouse
movements, clone cookies

22. “The equation of ad fraud is simple:
buy traffic for $1 CPMs, sell ads for
$10 CPMs; pocket $9 of pure profit.”

23. April 2017 / Page 22marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
How Ad Fraud Harms
Advertisers

24. April 2017 / Page 23marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Messes up your analytics
click on links
load webpages tune bounce rate
tune pages/visit
“bad guys’ bots are advanced enough to fake most metrics”

25. April 2017 / Page 24marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Messes up your KPIs
Programmatic display
(18-45% clicks from advanced bots)
Premium publishers
(0% clicks from bots)
0.13% CTR
(18% of clicks by bots)
1.32% CTR
(23% of clicks by bots)
5.93% CTR
(45% of clicks by bots)
Campaign KPI: CTRs

26. April 2017 / Page 25marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Fake clicks mess up CTRs
Line item details
Overall average
9.4% CTR
“fraud hides easily
in averages”

27. April 2017 / Page 26marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Fake demographic information

28. April 2017 / Page 27marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Fake languages declared by bots

29. April 2017 / Page 28marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Want 100% viewability? 0% NHT (bots)?
Bad guys cheat and stack
ALL ads above the fold to
make 100% viewability.
“100% viewability?
Sure, no problem.”
AD
• IAS filtered traffic,
• DV filtered traffic
• Pixalate filtered traffic,
• MOAT filtered traffic,
• Forensiq filtered traffic
“0% NHT?
Sure, no problem.”

30. April 2017 / Page 29marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Bot activity has higher signal
“Humans are hard to predict …
… but bots give you beautiful signals.”
Source: Claudia Perlich, PhD. Data Scientist, Dstilllery

31. Current State of NHT Detection

32. April 2017 / Page 31marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Fraud bots are NOT on any list
user-agents.org
bad guys’ bots
2%
and “on the wane”
Source: GroupM, Feb 2017
bot list-matching
4%
Source: IAB Australia, Mar 2017
400
bot names in list
“not on any list”
disguised as popular
browsers – Internet
Explorer; constantly
adapting to avoid
detection
10,000
bots observed
in the wild

33. April 2017 / Page 32marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Limitations due to where measurement is done
In-Ad
(ad iframes)
On-Site
(publishers’ sites)
• Used by advertisers to
measure ad impressions
• Limitations – tag is in
foreign iframe, cannot look
outside itself
ad tag / pixel
(in-ad measurement)
javascript embed
(on-site measurement)
In-Network
(ad exchange)
• Used by publishers to
measure visitors to pages
• Limitations – most
detailed and complete
analysis of visitors
• Used by exchanges to
screen bid requests
• Limitations – relies on
blacklists or probabilistic
algorithms, least info
ad
served
bot
human
fraud site
good site

34. April 2017 / Page 33marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
In-ad measurements could be entirely wrong
Publisher Webpage
publisher.com
Foreign Ad iFrames
adserver.com
Cross-domain (XSS) security
restrictions mean iframe cannot:
• read content in parent frame
• detect actions in parent frame
• see where it is on the page
(above- or below- fold)
• detect characteristics of the
parent page
1x1 pixel
js ad tags
ride along
inside iframe
incorrectly reported as
100% viewable

35. April 2017 / Page 34marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
10% bots doesn’t mean 90% humans
volume bars (green)
Stacked percent
Blue (human)
Red (bots)
red v blue trendlines
“Some of the data is simply not measurable – e.g. the
white is not measurable, and gray is ‘not enough info’.”
“Fraud detection that only reports bots is telling half the story.”

36. “Having fraud DETECTION is not the
same as having fraud PROTECTION.”

37. What about Mobile?

38. “it’s more lucrative and
less measurable… hmm,
what do you think?”

39. April 2017 / Page 38marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Bad acting apps load more ad impressions
App Name
Source: Forensiq

40. April 2017 / Page 39marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Fake mobile devices from data centers do this
Download and Install
Launch and Interact

41. “do you think bad guys install fraud
detection SDKs in their apps?”
“No. Your CPI campaigns are
not immune to fraud”
“it’s not lower in mobile,
you just can’t measure it.”

42. “Let’s go fight some bad guys
together!”

43. April 2017 / Page 42marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
About the Author
April 2017
Augustine Fou, PhD.
acfou@mktsci.com
212. 203 .7239

44. April 2017 / Page 43marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Dr. Augustine Fou – Independent Ad Fraud Researcher
2013
2014
Follow me on LinkedIn (click) and on Twitter
@acfou (click)
Further reading:
http://www.slideshare.net/augustinefou/presentations
https://www.linkedin.com/today/author/augustinefou
2016
2015

45. April 2017 / Page 44marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Harvard Business Review
Excerpt:
Hunting the Bots
Fou, a prodigy who earned a Ph.D. from MIT at
23, belongs to the generation that witnessed
the rise of digital marketers, having crafted his
trade at American Express, one of the most
successful American consumer brands, and at
Omnicom, one of the largest global advertising
agencies. Eventually stepping away from
corporate life, Fou started his own practice,
focusing on digital marketing fraud
investigation.
Fou’s experiment proved that fake traffic is
unproductive traffic. The fake visitors inflated
the traffic statistics but contributed nothing to
conversions, which stayed steady even after the
traffic plummeted (bottom chart). Fake traffic is
generated by “bad-guy bots.” A bot is computer
code that runs automated tasks.