SlideShare verwendet Cookies, um die Funktionalität und Leistungsfähigkeit der Webseite zu verbessern und Ihnen relevante Werbung bereitzustellen. Wenn Sie diese Webseite weiter besuchen, erklären Sie sich mit der Verwendung von Cookies auf dieser Seite einverstanden. Lesen Sie bitte unsere Nutzervereinbarung und die Datenschutzrichtlinie.
SlideShare verwendet Cookies, um die Funktionalität und Leistungsfähigkeit der Webseite zu verbessern und Ihnen relevante Werbung bereitzustellen. Wenn Sie diese Webseite weiter besuchen, erklären Sie sich mit der Verwendung von Cookies auf dieser Seite einverstanden. Lesen Sie bitte unsere unsere Datenschutzrichtlinie und die Nutzervereinbarung.
August 2020 / Page 0marketing.scienceconsulting group, inc.
What CFEs Can Do
About Digital Ad Fraud
Augustine Fou, PhD.
acfou [at] mktsci.com
August 2020 / Page 1marketing.scienceconsulting group, inc.
Who am I?
• I am a digital marketer of 23+ years
• I investigate digital ad fraud
• I help clients audit campaigns for
fraud that gets by verification tech
• I show clients the data, teach them
how to find/reduce fraud themselves
August 2020 / Page 2marketing.scienceconsulting group, inc.
What is Ad Fraud?
August 2020 / Page 3marketing.scienceconsulting group, inc.
What is digital ad fraud?
ad impressions shown to
bots/software not to humans
August 2020 / Page 4marketing.scienceconsulting group, inc.
Two main types of ad fraud
Ad Fraud = impressions and clicks
caused by bots, not by humans
(includes mobile display, video ads)
(includes mobile search ads)
August 2020 / Page 5marketing.scienceconsulting group, inc.
How bad guys commit ad fraud
1. set up
August 2020 / Page 6marketing.scienceconsulting group, inc.
Why is ad fraud bad?
Ads are not shown
to humans, wasted
Ad revenue declines
because dollars are
stolen by bad guys.
Steal money using fake
ads; siphon dollars out
August 2020 / Page 7marketing.scienceconsulting group, inc.
How Big is Ad Fraud?
August 2020 / Page 8marketing.scienceconsulting group, inc.
Everyone has an opinion…
Ads fraud is
– IAB Australia
“Ad fraud is $6.5
billion or 9% of
display ad spend”
“88% - 98% of clicks
are generated by
- Oxford Biochron
… but no one knows
August 2020 / Page 9marketing.scienceconsulting group, inc.
Overall fraud is more than just bots
Sites and apps that cheat may look fine in bot detection reports
1.3% + 57% = 58%
bot fraud site/app fraud overall fraud
bot detection sees this
bot detection misses this
August 2020 / Page 10marketing.scienceconsulting group, inc.
(look at the evidence)
August 2020 / Page 11marketing.scienceconsulting group, inc.
New “largest ever” botnet every year
Vast botnets targeting high-value video ads, disguising/hiding
August 2020 / Page 12marketing.scienceconsulting group, inc.
Millions of apps on millions of phones
Big companies openly committing fraud; in-app is far less measurable
August 2020 / Page 13marketing.scienceconsulting group, inc.
Malvertising, Auto-Redirect Attacks
Large-scale malvertising attacks continue through ad networks
August 2020 / Page 14marketing.scienceconsulting group, inc.
Not humans, something else
August 2020 / Page 15marketing.scienceconsulting group, inc.
Why isn’t it detected?
August 2020 / Page 16marketing.scienceconsulting group, inc.
Bad guys easily avoid detection
Blocking of tags, altering measurement to avoid detection
Detection Tag Blocking— analytics
tags/fraud detection tags are accidentally
blocked or maliciously stripped out
“malicious code manipulated data to
ensure that otherwise unviewable ads
showed up in measurement systems
as valid impressions, which resulted in
payment being made for the ad.”
Source: Buzzfeed, March 2018
August 2020 / Page 17marketing.scienceconsulting group, inc.
Traffic sellers’ “high quality traffic”
Many sources to buy “traffic” and even tune “quality” level
Choose Your “Traffic Quality Level”
“Valid traffic” goes
for higher prices
August 2020 / Page 18marketing.scienceconsulting group, inc.
Domain spoofing examples
Fake sites disguise themselves as good domains to sell inventory
“bad actors intentionally disguise the nature of
the ad space they’re selling. … a marketer might
believe they’re paying for ads on FT.com.”
“more than 1,400 apps were
found to have loaded ads under
TV Guide’s domain name”
August 2020 / Page 19marketing.scienceconsulting group, inc.
They miss obvious botnets
Bots repeatedly loading ads and pages, 100% Android devices
Devices repeatedly load ads 100% Android 8.0.0 visitors
August 2020 / Page 20marketing.scienceconsulting group, inc.
Legit sites incorrectly marked
Domain (spoofed) % SIVT
1. fakesite123.com has to pretend
to be esquire.com to get bids;
2. fraud measurement shows high
IVT b/c it is measuring the fake
site with fake traffic
3. Fake esquire.com gets mixed with
real so average fraud rates
4. Real esquire.com gets backlisted;
bad guy moves on to another
August 2020 / Page 21marketing.scienceconsulting group, inc.
(2017) Pop-Unders / Redirects
These forms of fraud typically get by current fraud detection tech
a.k.a. “zero-click” “pop-under”
August 2020 / Page 22marketing.scienceconsulting group, inc.
(2018) Cheetah was cheating
“Eight apps with a total of more than 2 billion
downloads in the Google Play store have been
exploiting user permissions as part of an ad
fraud scheme that could have stolen millions
Source: Buzzfeed News, Nov 2018
August 2020 / Page 24marketing.scienceconsulting group, inc.
Just because you can’t measure it
… doesn’t mean it’s not there.
August 2020 / Page 25marketing.scienceconsulting group, inc.
“ad fraud is not a tech problem; it’s
an incentives problem – many
stakeholders want it to continue
because it’s so lucrative.”
August 2020 / Page 26marketing.scienceconsulting group, inc.
What is ad fraud like?
August 2020 / Page 27marketing.scienceconsulting group, inc.
Just like fake watches and handbags, fake digital ads
August 2020 / Page 28marketing.scienceconsulting group, inc.
Hacking, malware, ransomware, drive-by cryptomining
August 2020 / Page 29marketing.scienceconsulting group, inc.
Deceptive practice of inducing investors with false information
• Revenues derived from
• Inflating revenue,
profits through ad fraud
• Overstating subscribers,
active users, ARPU
• Selling counterfeit
services and products
• Misrepresenting the
capabilities of services,
August 2020 / Page 30marketing.scienceconsulting group, inc.
Illegal Access / Breaches
Harvesting personal info, ecommerce transactions, other data
August 2020 / Page 31marketing.scienceconsulting group, inc.
Keystroke logging to collect logins, passwords, other personal info
Source: Freedom to Tinker, Nov 2017
August 2020 / Page 32marketing.scienceconsulting group, inc.
Alteration or suppression of computer data
Buzzfeed, March 2018
“Laguna Niguel man pleads
guilty in 'cookie stuffing' scam
against Ebay. The online
auctioneer paid Dunning’s
company about $5.2 million in
2006 and 2007, the U.S. Attorney
August 2020 / Page 33marketing.scienceconsulting group, inc.
Misuse of Devices
Ransomware and malicious cryptomining using humans’ devices
August 2020 / Page 34marketing.scienceconsulting group, inc.
Forgery, falsified profiles
Unverifiable lookalike audiences contain fake profiles/preferences
Bots pretend to be
oncologists by visiting
oncology related sites.
“[LOTAME] purged 400 million
of its over 4 billion profiles after
identifying them as bots.”
Adweek, Feb 2018
August 2020 / Page 35marketing.scienceconsulting group, inc.
Bad guys pretend to be politicians, celebrities to trick consumers
August 2020 / Page 36marketing.scienceconsulting group, inc.
Entire pages copied to thousands of other sites, to get free traffic
Google search on entire phrase in quotes:
Source: Buzzfeed, August 2020
August 2020 / Page 37marketing.scienceconsulting group, inc.
Large numbers of cloned sites containing 100% pirated content
sites use pirated
content to attract
- Show ads
- Attempt to hack
them or track them
August 2020 / Page 38marketing.scienceconsulting group, inc.
Identity theft scenarios
Stolen personal info can be sold, and also later used in hacking
Data Prices on the Dark Web
August 2020 / Page 39marketing.scienceconsulting group, inc.
Money laundering scenario
Dollars are laundered as digital media ad spend on “cash out” sites
1. Buy digital media via ad exchanges on sites
directly or indirectly owned by the same entities
2. Pay “ad tech tax” (cut to middlemen)
3. Collect dollars from “cash out” sites, fully
August 2020 / Page 40marketing.scienceconsulting group, inc.
Wire fraud, mail fraud
Knowingly misrepresenting the capabilities of the … technology
“Allegedly engaged in a multi-million dollar
scheme to defraud investors, as well as a
doctors and patients. charged with two counts
of conspiracy to commit wire fraud and nine
counts of wire fraud.
Holmes and Balwani were accused of knowingly
misrepresenting the capabilities of Theranos'
proprietary blood testing technology. The two
allegedly knew there were "accuracy and
reliability problems," and that it "could not
compete with existing, more conventional
machines," the US Attorney's office said.”
August 2020 / Page 41marketing.scienceconsulting group, inc.
Ads fund piracy, porn, hate sites
Source: Adweek, 2013 Source: BusinessInsider, 2014 Source: New York Times 2018
August 2020 / Page 42marketing.scienceconsulting group, inc.
Ad fraud is criminals’
favorite “cash out” activity.
August 2020 / Page 43marketing.scienceconsulting group, inc.
The most profitable criminal activity
2,500 - 4,100% returns
11% returns1% interest
digital ad fraud
stock marketbank interest
“where else can I get multi-
thousands percent returns on
my money? Right. Nowhere.”
August 2020 / Page 44marketing.scienceconsulting group, inc.
“Ad fraud is at ALL TIME HIGHS
both in RATE and in DOLLARS…
… and what’s worse is fraud
detection is not catching it, so
people have a false sense of security.”
August 2020 / Page 45marketing.scienceconsulting group, inc.
Digital Marketing circa 2018
August 2020 / Page 46marketing.scienceconsulting group, inc.
About the Author
Augustine Fou, PhD.
acfou [@] mktsci.com
August 2020 / Page 47marketing.scienceconsulting group, inc.
Dr. Augustine Fou – Researcher
Published slide decks and posts: