Display Ad Fraud Explainer Uncovers Causes and Techniques

Display Ad Fraud Explainer
May 2015
Augustine Fou, PhD.
acfou [at] mktsci. com
212. 203. 7239

May 2015 / Page 1marketing.scienceconsulting group, inc.
CONFIDENTIAL
UPDATED: Full Year 2014 Digital Ad Spend – $50B
Impressions
(CPM/CPV)
Clicks
(CPC)
Leads
(CPL)
Sales
(CPA)
Search 38%
$18.8B
Video 7%
$3.5B
Lead Gen 4%
$2.0B
10% Other
$5.0B
Source: IAB, FY 2014 Internet Advertising Report, May 2015
$42.5B
Display 16%
$7.9B
Mobile 25%
$6.2B$6.2B
CPM Performance
• classifieds
• sponsorship
• rich media
$7.0B

CONFIDENTIAL
Impressions and clicks remain the biggest targets
Impressions
(CPM/CPV)
Clicks
(CPC)
Search
$18.8B
86% digital spend
Display
$7.9B
Video
$3.5B
Mobile
$6.2B$6.2B
Leads
(CPL)
Sales
(CPA)
Lead Gen
$2.0B
Other
$5.0B
• classifieds
• sponsorship
• rich media
estimated fraud
not at risk
(84% in 2013)

CONFIDENTIAL
Motive & Opportunity – More programmatic, more fraud
As more digital ads are
placed entirely
programmatically, the
opportunity for fraud
continues to increase.
Bad guys also fully
automate their digital ad
fraud operations, using
programmatic tools.

How Impression (CPM) Fraud Works

CONFIDENTIAL
Two ingredients to commit fraud
Fake Sites Fake Users
1
2
3
4
5
6
7
8
9
10
Designed with no real content;
exists only to carry ads
Bots are automated browsers
which load webpages to load ads

CONFIDENTIAL
19 blocked ads on page
1. Bad guys put up fake sites
site = analyzecanceradvice .com
site = missomoms.com

CONFIDENTIAL
Examples of Fake/Fraud Websites
• Algo generated using
templates (e.g. The
same wordpress
template)
• No content or
plagiarized content
• Stuffed with
keywords ands ads
• Uses keyword
domains or domains
with lots of numbers
in them
• Sends large
quantities of ad
impressions and
search clicks

CONFIDENTIAL
Sites can be grouped into three “strata”
Sites, networks and exchanges
that cheat or look the other way
• Stacked ads, auto-refresh
• High ad-load, low viewability
• Purchased traffic, audience expansion
Sites created solely for ad fraud
• Created by template/algo
• Enormous quantity of ads
• All traffic/impressions from bots
Mainstream publishers with human + bot traffic
• Legitimate publishers with real content that humans
engage with, interact, read and watch
• An unknown percentage of malicious bot traffic designed to
enrich their cookie-profiles for later high-value re-targeting
FRAUDSITE
bot
bot
bot
bot
bot
bot
PUBLISHERuser
bot
user
crawler
user
bot
2/3 1/3

CONFIDENTIAL
2. Load tons of ads (Display, Video) on pages
http://interiorcom plex.com/
http://modernbab y.com/

CONFIDENTIAL
3. Use bots to repeatly load pages and cause impressions
Current forms of ad fraud involve virtual browsers spun up by the millions in data
centers to load webpages to create ad impressions or to make fake clicks
Source: Google Digital Attack Map

CONFIDENTIAL
Examples of Known/Observed Bots (User Agents)
Headless Browsers
Selenium
PhantomJS
Mobile Simulators
35 listed

CONFIDENTIAL
Different kinds of bots generate fake impressions/clicks
Malware (on PCs)Botnets (from datacenters)
Toolbars (in-browser)Javascript (on webpages)

CONFIDENTIAL
Viewability is not fraud; but often mentioned together
Viewability (or lack thereof) is not fraud; but it is often mentioned together with ad
fraud because early forms of fraud involved bad guys overloading ads on the page
Bad Guys Publishers

CONFIDENTIAL
Bad guys have already “defeated” viewability
In fact, bad guys’ sites may even have 100% viewability (even while the industry
continues to debate its definition) by arraying all the ads above the fold to trick
tracking technology to appear to be 100% viewable
Source: Spider.io May 2, 2013
AD
Ad Stacking

CONFIDENTIAL
Humans vs “honest” bots vs fraudulent bots
Confirmed humans
• found page via search
• observed events (mouse click
with coordinates)
“Honest” (declared) bots
• search engine crawlers
• declare user agent honestly
• observed to be 1 – 5% of
websites’ traffic
Fraud bots
• come from data centers
• malware compromised PCs
• deliberately disguise user
agent as human users

CONFIDENTIAL
Bad guys’ bots are not in ANY official bot list
official bot list
list of bots
observed in the wild
http://www.user-agents.org/
bad guys’ bots
3%
Dstillery, Oct 9, 2014_
“findings from two independent third parties,
Integral Ad Science and White Ops”
3.7%
Rocket Fuel, Sep 22, 2014
“Forensiq results confirmed that ... only 3.72% of
impressions categorized as high risk.”
2 - 3%
comScore, Sep 26, 2014
“most campaigns have far less; more in the
2% to 3% range.”

CONFIDENTIAL
Techniques to generate more impressions
AD
Ad stacking (dozens in one call) Pixel Stuffing (hiding more ads)
Source: DoubleVerify Case Study
Sourced Traffic (more pageviews) Ad Injection (replace ads)
Image Source: BenEdelman.org
The ANA/WhiteOps study also found rampant injection fraud,
including one publisher whose site was hit with 500,000 injected ads
every day for the duration of the two-month study.

CONFIDENTIAL
Techniques to hide fraudulent activity
Domain / IP Spoofing Impression Laundering
Source: Whiteops/ANA Study Dec 2014
Stacked Redirects Passing fake variables
Known blackhat
technique to hide
real referrer and
replace with faked
referrer.
Example how-to:
http://www.blackhatworld.co
m/blackhat-seo/cloaking-
content-generators/36830-
cloaking-redirect-referer.html
Make it appear that
the impression came
from legit site
http://www.olay.com/skin-care-
products/OlayPro-
X?utm_source=msn&utm_medium=cpc&
utm_campaign=Olay_Search_Desktop_Ca
tegory+Interest+Product.Phrase&utm_ter
m=eye%20cream&utm_content=TZsrSzFz
_eye%20cream_p_2990456911
Easily trick analytics platforms to think the
impression came from legit source

CONFIDENTIAL
Display ad case study: allocate to better ad networks
Period 1 Period 2 Period 3
20% confirmed humans
190k
5k
220k
6k
280k
7k
total goal events
average daily goals

CONFIDENTIAL
Dr. Augustine Fou – Independent Ad Fraud Researcher
“I advise advertisers and their agencies on
the technical aspects of fighting digital ad
fraud. Using forensic technologies and
techniques I help to assess the threat and
the current countermeasures in order to
recommend additional steps that can be
taken to combat fraud and improve ROI.”
FORMER CHIEF DIGITAL OFFICER, HCG (OMNICOM)
MCKINSEY CONSULTANT
CLIENT SIDE / AGENCY SIDE EXPERIENCE
PROFESSOR AND COLUMNIST
ENTREPRENEUR / SMALL BUSINESS OWNER
PHD MATERIALS SCIENCE (MIT '95) AT AGE 23
Articles: https://www.linkedin.com/today/author/84444-augustinefou
Slideshares: http://bit.ly/augustine-fou-slideshares
Bio: http://linkd.in/augustinefou acfou@mktsci.com | 212.203.7239

Display Ad Fraud Explainer Uncovers Causes and Techniques

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to Display Ad Fraud Explainer Uncovers Causes and Techniques

Similar to Display Ad Fraud Explainer Uncovers Causes and Techniques (20)

More from Dr. Augustine Fou - Independent Ad Fraud Researcher

More from Dr. Augustine Fou - Independent Ad Fraud Researcher (20)

Recently uploaded

Recently uploaded (20)

Display Ad Fraud Explainer Uncovers Causes and Techniques