Our dependence on the web and mobile devices has created massive opportunities for digital advertising. Brands have the power to reach billions of consumers across the globe, with targeted messages across multiple screens.
Unfortunately, this abundance of advertising real estate has also opened up opportunities for the bad guys to exploit it and make money. It’s estimated that ad fraud could cost marketers as much as $11B in 2014, a 22 percent increase over 2013.
This is clearly a huge problem that’s getting worse.
Simply put, here’s how it works: Hackers have created multiple ways to commit fraud. First, they’ve built sophisticated bots that generate false traffic. Through malware, hackers create bogus websites that manipulate automated systems to reroute the payment into their pocket. In turn, companies who bought the ad space are defrauded.
Second, hackers have engineered ways to take advantage of online users who may or may not be aware they are helping commit fraud. They’re involving innocent individuals who are simply browsing online.
We’re studying B2B mobile marketing campaigns.
Answer a few questions, and we’ll share the data from everyone with you.
Here’s a more detailed look at ad fraud techniques that web security experts have discovered.
Human Based Fraud
- Crowdsourcing (Cyclops)
Thousands of users are recruited and paid just to view an article, providing page views (and extra cash) to the hacker. In these cases, the users are unaware that they are performing fraudulent activities.
- Incentivized ad networks (Voldemorts)
Individuals are given incentives like reward points, gift cards, or Bitcoin to read an article or to view/click on an ad. They may know they are doing something wrong, but abide by a “don’t ask, don’t tell” policy.
- Click farms (Zergs)
These are organized groups of individuals who are paid to click. They use a combination of mobile devices and SIM cards to perform fraud online and repeatedly change their devices and networks to evade detection. They are called Zergs (just like in StarCraft) and operate in big groups with a malicious intent.
Non-Human Based Fraud
- Computer malware (VaderBots)
Highly sophisticated and difficult to catch, VaderBots are masters of disguise. Thousands of PCs infected with malware (also known as bot slaves) work in conjunction with a bot master to perform smart fraud online. The bot master decides which sites the slave accesses and which ads it views and clicks so its actions appear to be random and to come from the computer of a “real person.”
- Sophisticated fraud (PhantomBots)
This type of bot travels around the web to visit websites, view ads, and click, using a fairly sophisticated algorithm. Think of it as a digital ghost that is always boosting numbers.
- Retargeting fraud (DeceptiBots)
This bot can mimic a human’s intentions, such as an interest in a specific brand of car. Ads targeted to a particular niche result in a higher CPM than untargeted ads. DeceptiBots deceive advertisers into believing they are receiving valuable, targeted clicks.
- Mobile simulator (CryptoBots)
A mobile simulator on a computer that mimics a smartphone running mobile apps, CryptoBots are used to perform fraud on in-app mobile ads while their real identities remain hidden.
- Ad stacking
This is the practice of placing multiple ads on top of each other in a single ad placement. Even though the “stacked” ads are invisible to the person visiting the page, they often reported as viewable to the advertiser, so the fraudster gets paid for the impression.
While browser toolbars have legitimate uses, they are sometimes exploited by fraudsters. Bad actors distribute branded toolbars as part of software bundles that are often times installed without the user’s knowledge. They hijack the user’s browser, reset the default search engine and enable a platform for serving ads. The new default search will usually mimic a well-known search engine and can be extremely difficult to uninstall.
- Ad injection
Usually masked as “deal finders” for online shoppers, these programs will inject unauthorized ads on legitimate web pages. Like toolbars, this software is usually distributed in software bundles and will install without the user’s knowledge.
The size and magnitude of the ad fraud problem is immense and growing, but the industry is making some effort to deal with this problem.
The IAB’s Traffic of Good Intent Task Force (TOGI) recently issued its Traffic Fraud: Best Practices of Reducing Risk to Exposure. This is a good start; however, more needs to be done to root out and eradicate fraud from the online ad ecosystem. Solving this problem will fall to the smart minds who are actively working on solutions to stay one step ahead of the bad guys.
by Jalal Nasir, Founder & CEO, Pixalate