Diese Präsentation wurde erfolgreich gemeldet.
Wir verwenden Ihre LinkedIn Profilangaben und Informationen zu Ihren Aktivitäten, um Anzeigen zu personalisieren und Ihnen relevantere Inhalte anzuzeigen. Sie können Ihre Anzeigeneinstellungen jederzeit ändern.

What CFEs can do about digital ad fraud

certified fraud examiners can apply their investigative techniques to help identify and root out ad fraud too; no specialized tech is required.

  • Als Erste(r) kommentieren

  • Gehören Sie zu den Ersten, denen das gefällt!

What CFEs can do about digital ad fraud

  1. 1. August 2020 / Page 0marketing.scienceconsulting group, inc. linkedin.com/in/augustinefou What CFEs Can Do About Digital Ad Fraud August 2020 Augustine Fou, PhD. acfou [at] mktsci.com
  2. 2. August 2020 / Page 1marketing.scienceconsulting group, inc. linkedin.com/in/augustinefou Who am I? • I am a digital marketer of 23+ years • I investigate digital ad fraud • I help clients audit campaigns for fraud that gets by verification tech • I show clients the data, teach them how to find/reduce fraud themselves
  3. 3. August 2020 / Page 2marketing.scienceconsulting group, inc. linkedin.com/in/augustinefou What is Ad Fraud?
  4. 4. August 2020 / Page 3marketing.scienceconsulting group, inc. linkedin.com/in/augustinefou What is digital ad fraud? ad impressions shown to bots/software not to humans ad fraud
  5. 5. August 2020 / Page 4marketing.scienceconsulting group, inc. linkedin.com/in/augustinefou Two main types of ad fraud Ad Fraud = impressions and clicks caused by bots, not by humans Impression Fraud (CPM) Fraud (includes mobile display, video ads) Click Fraud (CPC) Fraud (includes mobile search ads)
  6. 6. August 2020 / Page 5marketing.scienceconsulting group, inc. linkedin.com/in/augustinefou How bad guys commit ad fraud 1. set up FAKE SITES 2. buy FAKE TRAFFIC 3. sell FAKE ADS
  7. 7. August 2020 / Page 6marketing.scienceconsulting group, inc. linkedin.com/in/augustinefou Why is ad fraud bad? Advertisers Publishers Bad Guys 1/3 2/3 Ads are not shown to humans, wasted ad dollars Ad revenue declines because dollars are stolen by bad guys. Steal money using fake ads; siphon dollars out of ecosystem.
  8. 8. August 2020 / Page 7marketing.scienceconsulting group, inc. linkedin.com/in/augustinefou How Big is Ad Fraud?
  9. 9. August 2020 / Page 8marketing.scienceconsulting group, inc. linkedin.com/in/augustinefou Everyone has an opinion… Ads fraud is “non-existent” – IAB Australia “Ad fraud is $6.5 billion or 9% of display ad spend” -- ANA/WhiteOps “88% - 98% of clicks are generated by bots” - Oxford Biochron … but no one knows
  10. 10. August 2020 / Page 9marketing.scienceconsulting group, inc. linkedin.com/in/augustinefou Overall fraud is more than just bots Sites and apps that cheat may look fine in bot detection reports 1.3% + 57% = 58% bot fraud site/app fraud overall fraud bot detection sees this bot detection misses this
  11. 11. August 2020 / Page 10marketing.scienceconsulting group, inc. linkedin.com/in/augustinefou (look at the evidence)
  12. 12. August 2020 / Page 11marketing.scienceconsulting group, inc. linkedin.com/in/augustinefou New “largest ever” botnet every year Vast botnets targeting high-value video ads, disguising/hiding
  13. 13. August 2020 / Page 12marketing.scienceconsulting group, inc. linkedin.com/in/augustinefou Millions of apps on millions of phones Big companies openly committing fraud; in-app is far less measurable October 2018 https://www.buzzfeednews.com/ article/craigsilverman/how-a- massive-ad-fraud-scheme- exploited-android-phones-to November 2018 https://www.buzzfeednews.com/ article/craigsilverman/android- apps-cheetah-mobile-kika- kochava-ad-fraud March 2019 https://www.buzzfeednews.com/ article/craigsilverman/in-banner- video-ad-fraud April 2019 https://www.buzzfeednews.com/ article/craigsilverman/google- play-store-ad-fraud-du-group- baidu
  14. 14. August 2020 / Page 13marketing.scienceconsulting group, inc. linkedin.com/in/augustinefou Malvertising, Auto-Redirect Attacks Large-scale malvertising attacks continue through ad networks January 2018 https://www.blog.geoedge.com/s ingle-post/2018/01/10/New- Report-Auto-Redirect-Attacks- Costing-Publishers-113-Billion November 2018 https://www.zdnet.com/article/ malicious-code-hidden-in-advert- images-cost-ad-networks-1-13bn- last-year/ January 2018 https://blog.confiant.com/uncove ring-2017s-largest-malvertising- operation-b84cd38d6b85 April 2019 https://www.bleepingcomputer.com /news/security/malvertising- campaign-abused-chrome-to-hijack- 500-million-ios-user-sessions/
  15. 15. August 2020 / Page 14marketing.scienceconsulting group, inc. linkedin.com/in/augustinefou Not humans, something else
  16. 16. August 2020 / Page 15marketing.scienceconsulting group, inc. linkedin.com/in/augustinefou Why isn’t it detected?
  17. 17. August 2020 / Page 16marketing.scienceconsulting group, inc. linkedin.com/in/augustinefou Bad guys easily avoid detection Blocking of tags, altering measurement to avoid detection Detection Tag Blocking— analytics tags/fraud detection tags are accidentally blocked or maliciously stripped out “malicious code manipulated data to ensure that otherwise unviewable ads showed up in measurement systems as valid impressions, which resulted in payment being made for the ad.” Source: Buzzfeed, March 2018
  18. 18. August 2020 / Page 17marketing.scienceconsulting group, inc. linkedin.com/in/augustinefou Traffic sellers’ “high quality traffic” Many sources to buy “traffic” and even tune “quality” level Choose Your “Traffic Quality Level” “Valid traffic” goes for higher prices
  19. 19. August 2020 / Page 18marketing.scienceconsulting group, inc. linkedin.com/in/augustinefou Domain spoofing examples Fake sites disguise themselves as good domains to sell inventory “bad actors intentionally disguise the nature of the ad space they’re selling. … a marketer might believe they’re paying for ads on FT.com.” https://www.wsj.com/articles/financial- times-finds-counterfeit-ad-space-was- offered-by-at-least-six-companies- 1507563713 “more than 1,400 apps were found to have loaded ads under TV Guide’s domain name” 2017 2018
  20. 20. August 2020 / Page 19marketing.scienceconsulting group, inc. linkedin.com/in/augustinefou They miss obvious botnets Bots repeatedly loading ads and pages, 100% Android devices Devices repeatedly load ads 100% Android 8.0.0 visitors
  21. 21. August 2020 / Page 20marketing.scienceconsulting group, inc. linkedin.com/in/augustinefou Legit sites incorrectly marked Domain (spoofed) % SIVT esquire.com 77% travelchannel.com 76% foodnetwork.com 76% popularmechanics.com 74% latimes.com 72% reuters.com 71% bid request fakesite123.com esquire.com passes blacklist passes whitelist ✅ ✅ declared 1. fakesite123.com has to pretend to be esquire.com to get bids; 2. fraud measurement shows high IVT b/c it is measuring the fake site with fake traffic 3. Fake esquire.com gets mixed with real so average fraud rates appear high. 4. Real esquire.com gets backlisted; bad guy moves on to another domain.
  22. 22. August 2020 / Page 21marketing.scienceconsulting group, inc. linkedin.com/in/augustinefou (2017) Pop-Unders / Redirects These forms of fraud typically get by current fraud detection tech a.k.a. “zero-click” “pop-under” “forced-view” “auto-nav” Source: https://www.buzzfeed.com/craigsilverman/remember-tom
  23. 23. August 2020 / Page 22marketing.scienceconsulting group, inc. linkedin.com/in/augustinefou (2018) Cheetah was cheating “Eight apps with a total of more than 2 billion downloads in the Google Play store have been exploiting user permissions as part of an ad fraud scheme that could have stolen millions of dollars.” Source: Buzzfeed News, Nov 2018
  24. 24. August 2020 / Page 23marketing.scienceconsulting group, inc. linkedin.com/in/augustinefou Fake sites/apps NOT detected 1221e236c3f8703.com 62b70ac32d4614b.com a6f845e6c37b2833148.com da60995df247712.com d869381a42af33b.com a1b1ea8f418ca02ad4e.com 1de10ecf04779.com 2c0dad36bdb9eb859f0.com a6be07586bc4a7.com fe95a992e6afb.com 42eed1a0d9c129.com da6fda11b2b0ba.com afa9bdfa63bf7.com 739c49a8c68917.com baa2e174884c9c0460e.com d602196786e42d.com 153105c2f9564.com 8761f9f83613.com 20a840a14a0ef7d6.com 31a5610ce3a8a2.com 5726303d87522d05.com 3ac901bf5793b0fccff.com b014381c95cb.com 2137dc12f9d8.com 06f09b1008ae993a5a.com fbfd396918c60838.com 97ff623306ff4c26996.com b1f6fe5e3f0c3c8ba6.com 23205523023daea6.com 6068a17eed25.com b1fe8a95ae27823.com f4906b7c15ba.com eac0823ca94e3c07.com 1f7de8569ea97f0614.com 21c9a53484951.com 24ad89fc2690ed9369.com efd3b86a5fbddda.com 34c2f22e9503ace.com 0926a687679d337e9d.com 6a40194bef976cc.com 33ae985c0ea917.com 02aa19117f396e9.com f8260adbf8558d6.com 9376ec23d50b1.com pushedwebnews.com a0675c1160de6c6.com 0f461325bf56c3e1b9.com 850a54dbd2398a2.com com.dxnxbgj.mkridqxviiqaogw com.obugniljhe.fptvznqwhmcjm com.bpo.ksuhpsdkgvbtlsw com.rlcznwgouw.vvtexstbfttngc com.kasbgf.sbzwtgpcbjexi com.bprlgbl.vbze com.zka.lzhsoueilo com.alxsavx.mizzucnlb com.jxknvk.lrwfdfirdzpsw com.tvwvqbt.wbshaguqy com.iwnxtpahcu.leyuehdwdbb com.okf.rhvemtykfibzpxj com.obpmirzste.ldsjpv com.zmm.shmxvjxnsagndui com.nqzwr.leusrmpmsq com.rced.zcdsglptpdlwpu com.kerms.ehlsgnc com.cmia.iabhheltm com.skggynmtx.tyyjnwpefvqtll com.kgdtltnuv.hayvfhob com.ztzsiqg.dyojlxdscxws com.xlwuqe.ddrdhsuosbn com.rkrhmzee.wjcoznxu com.ebhzb.hbzvomzpcctovj Fake sites Fake sites Fake apps
  25. 25. August 2020 / Page 24marketing.scienceconsulting group, inc. linkedin.com/in/augustinefou Just because you can’t measure it … doesn’t mean it’s not there.
  26. 26. August 2020 / Page 25marketing.scienceconsulting group, inc. linkedin.com/in/augustinefou “ad fraud is not a tech problem; it’s an incentives problem – many stakeholders want it to continue because it’s so lucrative.”
  27. 27. August 2020 / Page 26marketing.scienceconsulting group, inc. linkedin.com/in/augustinefou What is ad fraud like?
  28. 28. August 2020 / Page 27marketing.scienceconsulting group, inc. linkedin.com/in/augustinefou Counterfeit goods Just like fake watches and handbags, fake digital ads
  29. 29. August 2020 / Page 28marketing.scienceconsulting group, inc. linkedin.com/in/augustinefou Computer crimes Hacking, malware, ransomware, drive-by cryptomining https://blog.malwarebytes.com/cybercrime/2018/02/state-malicious-cryptomining/https://www.scmagazine.com/home/security-news/trojanized-apps- containing-ad-fraud-malware-downloaded-102m-times/
  30. 30. August 2020 / Page 29marketing.scienceconsulting group, inc. linkedin.com/in/augustinefou Securities fraud Deceptive practice of inducing investors with false information • Revenues derived from illegal activities • Inflating revenue, profits through ad fraud • Overstating subscribers, active users, ARPU • Selling counterfeit services and products • Misrepresenting the capabilities of services, products https://www.cnn.com/2019/09/25/tech/match-group-sued/index.html
  31. 31. August 2020 / Page 30marketing.scienceconsulting group, inc. linkedin.com/in/augustinefou Illegal Access / Breaches Harvesting personal info, ecommerce transactions, other data BreachesIllegal Access https://www.csoonline.com/article/2130 877/data-breach/the-biggest-data- breaches-of-the-21st-century.html
  32. 32. August 2020 / Page 31marketing.scienceconsulting group, inc. linkedin.com/in/augustinefou Illegal Interception Keystroke logging to collect logins, passwords, other personal info Source: Freedom to Tinker, Nov 2017 https://www.thedailybeast.com/california-passes-landmark- privacy-bill-to-restrict-data-harvesting
  33. 33. August 2020 / Page 32marketing.scienceconsulting group, inc. linkedin.com/in/augustinefou Data interference Alteration or suppression of computer data Buzzfeed, March 2018 Source: http://articles.latimes.com/2013/apr/19/business/la- fi-mo-cookie-stuffing-ebay-20130419 “Laguna Niguel man pleads guilty in 'cookie stuffing' scam against Ebay. The online auctioneer paid Dunning’s company about $5.2 million in 2006 and 2007, the U.S. Attorney said.”
  34. 34. August 2020 / Page 33marketing.scienceconsulting group, inc. linkedin.com/in/augustinefou Misuse of Devices Ransomware and malicious cryptomining using humans’ devices https://blog.malwarebytes.com/cybercrime/2018/02/state-malicious-cryptomining/https://www.zdnet.com/article/ransomware-not-dead-just-getting-a-lot-sneakier/
  35. 35. August 2020 / Page 34marketing.scienceconsulting group, inc. linkedin.com/in/augustinefou Forgery, falsified profiles Unverifiable lookalike audiences contain fake profiles/preferences Bots pretend to be oncologists by visiting oncology related sites. “[LOTAME] purged 400 million of its over 4 billion profiles after identifying them as bots.” Adweek, Feb 2018
  36. 36. August 2020 / Page 35marketing.scienceconsulting group, inc. linkedin.com/in/augustinefou Criminal impersonation Bad guys pretend to be politicians, celebrities to trick consumers
  37. 37. August 2020 / Page 36marketing.scienceconsulting group, inc. linkedin.com/in/augustinefou Copyright infringement Entire pages copied to thousands of other sites, to get free traffic Google search on entire phrase in quotes: http://bit.ly/16H9Gk5 Source: Buzzfeed, August 2020
  38. 38. August 2020 / Page 37marketing.scienceconsulting group, inc. linkedin.com/in/augustinefou Piracy/Mass Infringement Large numbers of cloned sites containing 100% pirated content Mass infringement sites use pirated content to attract human visitors - Show ads - Attempt to hack them or track them
  39. 39. August 2020 / Page 38marketing.scienceconsulting group, inc. linkedin.com/in/augustinefou Identity theft scenarios Stolen personal info can be sold, and also later used in hacking https://www.experian.com/blogs/ask-experian/heres-how-much- your-personal-information-is-selling-for-on-the-dark-web/ Data Prices on the Dark Web https://www.cnn.com/2019/03/09/tech/fac ebook-ukraine-hackers/index.html
  40. 40. August 2020 / Page 39marketing.scienceconsulting group, inc. linkedin.com/in/augustinefou Money laundering scenario Dollars are laundered as digital media ad spend on “cash out” sites 1. Buy digital media via ad exchanges on sites directly or indirectly owned by the same entities 2. Pay “ad tech tax” (cut to middlemen) 3. Collect dollars from “cash out” sites, fully laundered
  41. 41. August 2020 / Page 40marketing.scienceconsulting group, inc. linkedin.com/in/augustinefou Wire fraud, mail fraud Knowingly misrepresenting the capabilities of the … technology “Allegedly engaged in a multi-million dollar scheme to defraud investors, as well as a doctors and patients. charged with two counts of conspiracy to commit wire fraud and nine counts of wire fraud. Holmes and Balwani were accused of knowingly misrepresenting the capabilities of Theranos' proprietary blood testing technology. The two allegedly knew there were "accuracy and reliability problems," and that it "could not compete with existing, more conventional machines," the US Attorney's office said.” http://money.cnn.com/2018/06/15/technology/elizabeth- holmes-indicted-theranos/index.html https://www.slideshare.net/augustinefou/why-fraud- detection-doesnt-work https://www.linkedin.com/pulse/brand-safety- detection-tech-over-representing-what/
  42. 42. August 2020 / Page 41marketing.scienceconsulting group, inc. linkedin.com/in/augustinefou Ads fund piracy, porn, hate sites Source: Adweek, 2013 Source: BusinessInsider, 2014 Source: New York Times 2018
  43. 43. August 2020 / Page 42marketing.scienceconsulting group, inc. linkedin.com/in/augustinefou Ad fraud is criminals’ favorite “cash out” activity.
  44. 44. August 2020 / Page 43marketing.scienceconsulting group, inc. linkedin.com/in/augustinefou The most profitable criminal activity 2,500 - 4,100% returns 11% returns1% interest digital ad fraud stock marketbank interest “where else can I get multi- thousands percent returns on my money? Right. Nowhere.”
  45. 45. August 2020 / Page 44marketing.scienceconsulting group, inc. linkedin.com/in/augustinefou “Ad fraud is at ALL TIME HIGHS both in RATE and in DOLLARS… … and what’s worse is fraud detection is not catching it, so people have a false sense of security.” Source: https://www.slideshare.net/augustinefou/state-of-digital-ad-fraud-q2-2018
  46. 46. August 2020 / Page 45marketing.scienceconsulting group, inc. linkedin.com/in/augustinefou Digital Marketing circa 2018
  47. 47. August 2020 / Page 46marketing.scienceconsulting group, inc. linkedin.com/in/augustinefou About the Author Augustine Fou, PhD. acfou [@] mktsci.com
  48. 48. August 2020 / Page 47marketing.scienceconsulting group, inc. linkedin.com/in/augustinefou Dr. Augustine Fou – Researcher 2013 2014 Published slide decks and posts: http://www.slideshare.net/augustinefou/presentations https://www.linkedin.com/today/author/augustinefou 2016 2015 2017 20192018