This document discusses digital ad fraud and outlines actions that various parties can take to address it. It summarizes that digital ad fraud is a major problem, provides high returns for criminals, and funds other illegal activities. It recommends that marketers reduce digital ad spend until they see a business impact, ad networks enforce policies against common fraud techniques, publishers filter bots to reduce invalid traffic, and governments introduce new laws against fraud and investigate financial records.
Chennai Call Girls Porur Phone đ 8250192130 đ celebrity escorts service
Â
Digital Ad Fraud is Not Illegal Yet, But Should Be
1. March 2019 / Page 0marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Digital Ad Fraud is Not
Illegal Yet, But Should Be
March 2019
Augustine Fou, PhD.
acfou [at] mktsci.com
2. March 2019 / Page 1marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Why, what is it like?
3. March 2019 / Page 2marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Counterfeit goods
Just like fake watches and handbags, fake digital ads
4. March 2019 / Page 3marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Computer crimesMany of the tech/actions that support ad fraud are computer crimes
âcomputer crimes such as breaking into computers or computer
networks. Computer crime can be broadly defined as criminal activity
involving information technology infrastructure, including illegal
access (unauthorized access), illegal interception (by technical means
of non-public transmissions of computer data to, from or within a
computer system), data interference (unauthorized damaging,
deletion, deterioration, alteration or suppression of computer data),
systems interference (interfering with the functioning of a computer
system by inputting, transmitting, damaging, deleting, deteriorating,
altering or suppressing computer data), misuse of devices, forgery (or
identity theft) and electronic fraud.
https://en.wikipedia.org/wiki/List_of_computer_criminals
5. March 2019 / Page 4marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Illegal Access / Breaches
Harvesting personal info, ecommerce transactions, other data
BreachesIllegal Access
https://www.csoonline.com/article/2130
877/data-breach/the-biggest-data-
breaches-of-the-21st-century.html
6. March 2019 / Page 5marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Illegal Interception
Keystroke logging to collect logins, passwords, other personal info
Source: Freedom to Tinker, Nov 2017
https://www.thedailybeast.com/california-passes-landmark-
privacy-bill-to-restrict-data-harvesting
7. March 2019 / Page 6marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Data interference
Alteration or suppression of computer data
Buzzfeed, March 2018
Source:
http://articles.latimes.com/2013/apr/19/business/la-
fi-mo-cookie-stuffing-ebay-20130419
âLaguna Niguel man pleads
guilty in 'cookie stuffing' scam
against Ebay. The online
auctioneer paid Dunningâs
company about $5.2 million in
2006 and 2007, the U.S. Attorney
said.â
8. March 2019 / Page 7marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Misuse of Devices
Ransomware and malicious cryptomining using humansâ devices
https://blog.malwarebytes.com/cybercrime/2018/02/state-malicious-cryptomining/https://www.zdnet.com/article/ransomware-not-dead-just-getting-a-lot-sneakier/
9. March 2019 / Page 8marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Forgery, falsified profiles
Unverifiable lookalike audiences contain fake profiles/preferences
Bots pretend to be
oncologists by visiting
oncology related sites.
â[LOTAME] purged 400 million
of its over 4 billion profiles after
identifying them as bots.â
Adweek, Feb 2018
10. March 2019 / Page 9marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Criminal impersonation
Bad guys pretend to be politicians, celebrities to trick consumers
11. March 2019 / Page 10marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Copyright infringement
Entire pages copied to thousands of other sites, to get free traffic
Google search on entire phrase in quotes:
http://bit.ly/16H9Gk5
Source: Buzzfeed, March 2019
12. March 2019 / Page 11marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Copyright/Trademark Laws
Multiple forms of fraud, violating different laws
Quote from Doc Searls,
1. âAll four ads are flat-out frauds, in up to
four ways apiece: All are lies (Tiger isnât
gone from Golf, Trump isnât disqualified,
Kaepernick is still with the Niners, Tom
Brady is still playing), violating Truth in
Advertising law.
2. They were surely not placed by ESPN and
CNN. This is fraud.
3. All four of them violate copyright or
trademark laws by using another
companyâs name or logo. (One falsely
uses anotherâs logo. Three falsely use
another companyâs Web address.)
4. All four stories are bait-and-switch scams,
which are also illegal. (Both of mine were
actually ads for diet supplements.)â
13. March 2019 / Page 12marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Piracy/Mass Infringement
Large numbers of cloned sites containing 100% pirated content
Mass infringement
sites use pirated
content to attract
human visitors
- Show ads
- Attempt to hack
them or track them
14. March 2019 / Page 13marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
DDoS traffic for ad revenueDDoS attacks overwhelm with traffic; now use traffic to make ad revenue
Google Digital Attack Map
15. March 2019 / Page 14marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Ad dollars fund child abuse sites
âUsing a variety of sophisticated techniques to avoid detection,
offenders are exploiting online advertising networks to monetise their
distribution of child sexual abuse material.â
Source: The Drum Nov 6, 2018
Source: CNN, Feb 2019
16. March 2019 / Page 15marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Ad dollars fund piracy, porn sites
Source: Adweek, 2013 Source: BusinessInsider, 2014
17. March 2019 / Page 16marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Identity theft scenarios
Stolen personal info can be sold, and also later used in hacking
https://www.experian.com/blogs/ask-experian/heres-how-much-
your-personal-information-is-selling-for-on-the-dark-web/
Data Prices on the Dark Web
https://www.cnn.com/2019/03/09/tech/fac
ebook-ukraine-hackers/index.html
18. March 2019 / Page 17marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Money laundering scenario
Dollars are laundered as digital media ad spend on âcash outâ sites
1. Buy digital media via ad exchanges on sites
directly or indirectly owned by the same entities
2. Pay âad tech taxâ (cut to middlemen)
3. Collect dollars from âcash outâ sites, fully
laundered
19. March 2019 / Page 18marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Credit card fraud scenario
Tiny transactions automated on millions of stolen card numbers
Amateur Criminals
Buy HDTV at Walmart
with stolen credit card;
get caught, card is
deactivated.
Pro Criminals
Automate millions of 99 cent in-
game purchases of âpower-ups,
shields, virtual goodsâ to
harvest dollars, fully laundered.
20. March 2019 / Page 19marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Wire fraud scenarios
Knowingly misrepresenting the capabilities of the ⌠technology
âAllegedly engaged in a multi-million dollar
scheme to defraud investors, as well as a
doctors and patients. charged with two counts
of conspiracy to commit wire fraud and nine
counts of wire fraud.
Holmes and Balwani are charged with two
counts of conspiracy to commit wire fraud and
nine counts of wire fraud.
Holmes and Balwani were accused of knowingly
misrepresenting the capabilities of Theranos'
proprietary blood testing technology. The two
allegedly knew there were "accuracy and
reliability problems," and that it "could not
compete with existing, more conventional
machines," the US Attorney's office said.â
http://money.cnn.com/2018/06/15/technology/elizabeth-
holmes-indicted-theranos/index.html
21. March 2019 / Page 20marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Securities fraud scenarios
Deceptive practice of inducing investors with false information
⢠Revenues derived from illegal activities
⢠Inflating revenue, profits through ad fraud
⢠Overstating subscribers, active users, ARPU
⢠Selling counterfeit services and products
⢠Misrepresenting the capabilities of services, products
22. March 2019 / Page 21marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Ad fraud is âcash outâ
for criminal activities
23. March 2019 / Page 22marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
The most profitable criminal activity
2,500 - 4,100% returns
11% returns1% interest
digital ad fraud
stock marketbank interest
âwhere else can I get multi-
thousands percent returns on
my money? Right. Nowhere.â
24. March 2019 / Page 23marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
âAd fraud is at ALL TIME HIGHS
both in RATE and in DOLLARSâŚ
⌠and whatâs worse is fraud
detection is not catching it, so
people have a false sense of security.â
Source: https://www.slideshare.net/augustinefou/state-of-digital-ad-fraud-q2-2018
25. March 2019 / Page 24marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
#defendthespend
âsolving ad fraud will reduce the
flow of dollars to what amounts to
âmajor economic crimes.â
Then, and only then, will we get
back to REAL digital marketing.â
26. March 2019 / Page 25marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
What can each
party do?
27. March 2019 / Page 26marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Marketers
⢠Cut or pause digital ad spend to observe if there are
changes to real business outcomes. If not, keep cutting until
you see a change. Anything else was not driving results
anyway, no matter if it was marked âfraud freeâ or not.
⢠Always ask why or how? Donât assume summary reports are
accurate or that other parties are doing whatâs right for you.
⢠Get detailed âline itemâ reports (e.g. sellerID based
placement reports, not just domain based reports); choose
reliable metrics and avoid easily fakable quantity metrics.
⢠Rely on your common sense and check your own analytics
for signs of fraud; reduce fraud by turning off sites and
exchanges that exhibit consistent patterns of cheating.
28. March 2019 / Page 27marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Example: P&G cut $200M
No business impact after cut; plans more cuts, up to half a billion
âOnce we got transparency, it
illuminated what reality was,â said
Mr. Pritchard. P&G then took matters
into its owns hands and voted with
its dollars, he said.â
âAs we all chased the Holy Grail of
digital, self-included, we were
relinquishing too much controlâ
blinded by shiny objects,
overwhelmed by big data, and ceding
power to algorithms,â Mr. Pritchard
said.
Source: WSJ, March 2018
P&G: cut $200M, no impact
29. March 2019 / Page 28marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Ad Networks/DSPs/SSPs
⢠Update policies to outlaw the most common forms of
abuses that support ad fraud â duplicate content, phantom
sites, auto-refreshing of pages and ad slots, naked ad calls
⢠Establish simple â3 strikesâ policy to notify offenders and
provide paths to remediation and correction of violations
⢠Provide detailed reports to clients, specifically sellerID
based reports so all parties can âfollow the money trailâ and
help identify bad actors
30. March 2019 / Page 29marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Example: model citizen SSP
⢠âStrictly enforce ads.txt compliance. This goes beyond just verifying
that an ads.txt is in place (which, as you note, is no barrier). Rather, it
ensures that the domain sending the traffic must be tie back to a
payee that is authorized by the site owner. This ensures that bad
actors won't be paid for spoofed traffic.
⢠Ban 300x250 video and other commonly arbitraged ad units.
⢠Operate off a whitelist of partners, domains, and apps. There should
be no chance of inventory going live without human review.
⢠Scan all creatives for malware and other malicious code.
⢠Have earned TAG Certification in all relevant programs (e.g. Certified
Against Fraud, Certified Against Malware, Inventory Quality
Guidelines) validated by a 3rd party. TAG certification [requires]
thorough documentation and disclosures, which many bad actors may
not be willing or able to complete.â
31. March 2019 / Page 30marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Publishers
⢠Donât source traffic (outright buying of hits to your site or
app); this exposes you to ad fraud. This is different from
paid/social media marketing, real content discovery.
⢠Protect your buyers - filter obvious bots (GIVT â named bots
and data centers) so ad calls are not made; this also reduces
the chances of your getting accused of high invalid traffic
⢠Protect your website visitors by reducing third party
trackers and carefully vetting the ones that remain; reduce
your own risk of privacy violations and non-compliance
32. March 2019 / Page 31marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Example: publisher filters bots
Good publishers filter (GIVT) data center traffic, obvious bots
Bots coming to site
(on-site measurement)
Bots filtered out
(in-ad measurement)
11% red
-9% (filtered GIVT
and data centers)
2% red
33. March 2019 / Page 32marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Consumers
⢠Use ad blockers, use malware protection software on all
devices. Limit your exposure to high risk categories of sites
â e.g. piracy sites.
⢠Use common sense â DONâT click it, even if it appears to be
from a friend or family member. Contact them on a
different channel to ask if they meant to send it.
⢠Be vigilant â assume that there will be even more hacking
attempts and more malicious malware/malvertising to
come as hackers step up their tech and attacks
⢠Always monitor for your own personal info, photos, and
other meta data that may be compromised already and
used to trick and compromise you.
34. March 2019 / Page 33marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Example: ad blocking, VPNs
35. March 2019 / Page 34marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Government
⢠Introduce new laws against digital ad fraud and related
fraudulent business practices
⢠Review government spending (taxpayer dollars) on digital
ads that have proven to be completely ineffective
⢠Subpoena analytics and reports for details which show
actual performance, hidden in summary reports or averages
⢠Subpoena financial records to see the money flows (fraud is
very evident when you âfollow the moneyâ) and investigate
money laundering and tax evasion
36. March 2019 / Page 35marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
About the Author
Augustine Fou, PhD.
acfou [@] mktsci.com
37. March 2019 / Page 36marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
âItâs easier to fool people than
to convince them that they have
been fooled.â
Mark Twain
38. March 2019 / Page 37marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Dr. Augustine Fou â Researcher
2013
2014
Published slide decks and posts:
http://www.slideshare.net/augustinefou/presentations
https://www.linkedin.com/today/author/augustinefou
2016
2015
2017
20192018