2024's Top PPC Tactics: Triple Your Google Ads Local Leads
Display Ad Fraud Explainer Uncovers Causes and Techniques
1. Display Ad Fraud Explainer
May 2015
Augustine Fou, PhD.
acfou [at] mktsci. com
212. 203. 7239
2. May 2015 / Page 1marketing.scienceconsulting group, inc.
CONFIDENTIAL
UPDATED: Full Year 2014 Digital Ad Spend – $50B
Impressions
(CPM/CPV)
Clicks
(CPC)
Leads
(CPL)
Sales
(CPA)
Search 38%
$18.8B
Video 7%
$3.5B
Lead Gen 4%
$2.0B
10% Other
$5.0B
Source: IAB, FY 2014 Internet Advertising Report, May 2015
$42.5B
Display 16%
$7.9B
Mobile 25%
$6.2B$6.2B
CPM Performance
• classifieds
• sponsorship
• rich media
$7.0B
3. May 2015 / Page 2marketing.scienceconsulting group, inc.
CONFIDENTIAL
Impressions and clicks remain the biggest targets
Impressions
(CPM/CPV)
Clicks
(CPC)
Search
$18.8B
86% digital spend
Display
$7.9B
Video
$3.5B
Mobile
$6.2B$6.2B
Leads
(CPL)
Sales
(CPA)
Lead Gen
$2.0B
Other
$5.0B
• classifieds
• sponsorship
• rich media
estimated fraud
not at risk
(84% in 2013)
4. May 2015 / Page 3marketing.scienceconsulting group, inc.
CONFIDENTIAL
Motive & Opportunity – More programmatic, more fraud
As more digital ads are
placed entirely
programmatically, the
opportunity for fraud
continues to increase.
Bad guys also fully
automate their digital ad
fraud operations, using
programmatic tools.
6. May 2015 / Page 5marketing.scienceconsulting group, inc.
CONFIDENTIAL
Two ingredients to commit fraud
Fake Sites Fake Users
1
2
3
4
5
6
7
8
9
10
Designed with no real content;
exists only to carry ads
Bots are automated browsers
which load webpages to load ads
7. May 2015 / Page 6marketing.scienceconsulting group, inc.
CONFIDENTIAL
19 blocked ads on page
1. Bad guys put up fake sites
site = analyzecanceradvice .com
site = missomoms.com
8. May 2015 / Page 7marketing.scienceconsulting group, inc.
CONFIDENTIAL
Examples of Fake/Fraud Websites
• Algo generated using
templates (e.g. The
same wordpress
template)
• No content or
plagiarized content
• Stuffed with
keywords ands ads
• Uses keyword
domains or domains
with lots of numbers
in them
• Sends large
quantities of ad
impressions and
search clicks
9. May 2015 / Page 8marketing.scienceconsulting group, inc.
CONFIDENTIAL
Sites can be grouped into three “strata”
Sites, networks and exchanges
that cheat or look the other way
• Stacked ads, auto-refresh
• High ad-load, low viewability
• Purchased traffic, audience expansion
Sites created solely for ad fraud
• Created by template/algo
• Enormous quantity of ads
• All traffic/impressions from bots
Mainstream publishers with human + bot traffic
• Legitimate publishers with real content that humans
engage with, interact, read and watch
• An unknown percentage of malicious bot traffic designed to
enrich their cookie-profiles for later high-value re-targeting
FRAUDSITE
bot
bot
bot
bot
bot
bot
PUBLISHERuser
bot
user
crawler
user
bot
2/3 1/3
10. May 2015 / Page 9marketing.scienceconsulting group, inc.
CONFIDENTIAL
2. Load tons of ads (Display, Video) on pages
http://interiorcom plex.com/
http://modernbab y.com/
11. May 2015 / Page 10marketing.scienceconsulting group, inc.
CONFIDENTIAL
3. Use bots to repeatly load pages and cause impressions
Current forms of ad fraud involve virtual browsers spun up by the millions in data
centers to load webpages to create ad impressions or to make fake clicks
Source: Google Digital Attack Map
12. May 2015 / Page 11marketing.scienceconsulting group, inc.
CONFIDENTIAL
Examples of Known/Observed Bots (User Agents)
Headless Browsers
Selenium
PhantomJS
Mobile Simulators
35 listed
13. May 2015 / Page 12marketing.scienceconsulting group, inc.
CONFIDENTIAL
Different kinds of bots generate fake impressions/clicks
Malware (on PCs)Botnets (from datacenters)
Toolbars (in-browser)Javascript (on webpages)
14. May 2015 / Page 13marketing.scienceconsulting group, inc.
CONFIDENTIAL
Viewability is not fraud; but often mentioned together
Viewability (or lack thereof) is not fraud; but it is often mentioned together with ad
fraud because early forms of fraud involved bad guys overloading ads on the page
Bad Guys Publishers
15. May 2015 / Page 14marketing.scienceconsulting group, inc.
CONFIDENTIAL
Bad guys have already “defeated” viewability
In fact, bad guys’ sites may even have 100% viewability (even while the industry
continues to debate its definition) by arraying all the ads above the fold to trick
tracking technology to appear to be 100% viewable
Source: Spider.io May 2, 2013
AD
Ad Stacking
16. May 2015 / Page 15marketing.scienceconsulting group, inc.
CONFIDENTIAL
Humans vs “honest” bots vs fraudulent bots
Confirmed humans
• found page via search
• observed events (mouse click
with coordinates)
“Honest” (declared) bots
• search engine crawlers
• declare user agent honestly
• observed to be 1 – 5% of
websites’ traffic
Fraud bots
• come from data centers
• malware compromised PCs
• deliberately disguise user
agent as human users
17. May 2015 / Page 16marketing.scienceconsulting group, inc.
CONFIDENTIAL
Bad guys’ bots are not in ANY official bot list
official bot list
list of bots
observed in the wild
http://www.user-agents.org/
bad guys’ bots
3%
Dstillery, Oct 9, 2014_
“findings from two independent third parties,
Integral Ad Science and White Ops”
3.7%
Rocket Fuel, Sep 22, 2014
“Forensiq results confirmed that ... only 3.72% of
impressions categorized as high risk.”
2 - 3%
comScore, Sep 26, 2014
“most campaigns have far less; more in the
2% to 3% range.”
18. May 2015 / Page 17marketing.scienceconsulting group, inc.
CONFIDENTIAL
Techniques to generate more impressions
AD
Ad stacking (dozens in one call) Pixel Stuffing (hiding more ads)
Source: DoubleVerify Case Study
Sourced Traffic (more pageviews) Ad Injection (replace ads)
Image Source: BenEdelman.org
The ANA/WhiteOps study also found rampant injection fraud,
including one publisher whose site was hit with 500,000 injected ads
every day for the duration of the two-month study.
19. May 2015 / Page 18marketing.scienceconsulting group, inc.
CONFIDENTIAL
Techniques to hide fraudulent activity
Domain / IP Spoofing Impression Laundering
Source: Whiteops/ANA Study Dec 2014
Stacked Redirects Passing fake variables
Known blackhat
technique to hide
real referrer and
replace with faked
referrer.
Example how-to:
http://www.blackhatworld.co
m/blackhat-seo/cloaking-
content-generators/36830-
cloaking-redirect-referer.html
Make it appear that
the impression came
from legit site
http://www.olay.com/skin-care-
products/OlayPro-
X?utm_source=msn&utm_medium=cpc&
utm_campaign=Olay_Search_Desktop_Ca
tegory+Interest+Product.Phrase&utm_ter
m=eye%20cream&utm_content=TZsrSzFz
_eye%20cream_p_2990456911
Easily trick analytics platforms to think the
impression came from legit source
20. May 2015 / Page 19marketing.scienceconsulting group, inc.
CONFIDENTIAL
Display ad case study: allocate to better ad networks
Period 1 Period 2 Period 3
20% confirmed humans
30% confirmed humans
190k
5k
220k
6k
280k
7k
total goal events
average daily goals
10% confirmed humans
21. May 2015 / Page 20marketing.scienceconsulting group, inc.
CONFIDENTIAL
Dr. Augustine Fou – Independent Ad Fraud Researcher
“I advise advertisers and their agencies on
the technical aspects of fighting digital ad
fraud. Using forensic technologies and
techniques I help to assess the threat and
the current countermeasures in order to
recommend additional steps that can be
taken to combat fraud and improve ROI.”
FORMER CHIEF DIGITAL OFFICER, HCG (OMNICOM)
MCKINSEY CONSULTANT
CLIENT SIDE / AGENCY SIDE EXPERIENCE
PROFESSOR AND COLUMNIST
ENTREPRENEUR / SMALL BUSINESS OWNER
PHD MATERIALS SCIENCE (MIT '95) AT AGE 23
Articles: https://www.linkedin.com/today/author/84444-augustinefou
Slideshares: http://bit.ly/augustine-fou-slideshares
Bio: http://linkd.in/augustinefou acfou@mktsci.com | 212.203.7239