best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...
What CFEs can do about digital ad fraud
1. August 2020 / Page 0marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
What CFEs Can Do
About Digital Ad Fraud
August 2020
Augustine Fou, PhD.
acfou [at] mktsci.com
2. August 2020 / Page 1marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Who am I?
• I am a digital marketer of 23+ years
• I investigate digital ad fraud
• I help clients audit campaigns for
fraud that gets by verification tech
• I show clients the data, teach them
how to find/reduce fraud themselves
3. August 2020 / Page 2marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
What is Ad Fraud?
4. August 2020 / Page 3marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
What is digital ad fraud?
ad impressions shown to
bots/software not to humans
ad fraud
5. August 2020 / Page 4marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Two main types of ad fraud
Ad Fraud = impressions and clicks
caused by bots, not by humans
Impression Fraud
(CPM) Fraud
(includes mobile display, video ads)
Click Fraud
(CPC) Fraud
(includes mobile search ads)
6. August 2020 / Page 5marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
How bad guys commit ad fraud
1. set up
FAKE SITES
2. buy
FAKE TRAFFIC
3. sell
FAKE ADS
7. August 2020 / Page 6marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Why is ad fraud bad?
Advertisers Publishers
Bad Guys
1/3
2/3
Ads are not shown
to humans, wasted
ad dollars
Ad revenue declines
because dollars are
stolen by bad guys.
Steal money using fake
ads; siphon dollars out
of ecosystem.
8. August 2020 / Page 7marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
How Big is Ad Fraud?
9. August 2020 / Page 8marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Everyone has an opinion…
Ads fraud is
“non-existent”
– IAB Australia
“Ad fraud is $6.5
billion or 9% of
display ad spend”
-- ANA/WhiteOps
“88% - 98% of clicks
are generated by
bots”
- Oxford Biochron
… but no one knows
10. August 2020 / Page 9marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Overall fraud is more than just bots
Sites and apps that cheat may look fine in bot detection reports
1.3% + 57% = 58%
bot fraud site/app fraud overall fraud
bot detection sees this
bot detection misses this
11. August 2020 / Page 10marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
(look at the evidence)
12. August 2020 / Page 11marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
New “largest ever” botnet every year
Vast botnets targeting high-value video ads, disguising/hiding
13. August 2020 / Page 12marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Millions of apps on millions of phones
Big companies openly committing fraud; in-app is far less measurable
October 2018
https://www.buzzfeednews.com/
article/craigsilverman/how-a-
massive-ad-fraud-scheme-
exploited-android-phones-to
November 2018
https://www.buzzfeednews.com/
article/craigsilverman/android-
apps-cheetah-mobile-kika-
kochava-ad-fraud
March 2019
https://www.buzzfeednews.com/
article/craigsilverman/in-banner-
video-ad-fraud
April 2019
https://www.buzzfeednews.com/
article/craigsilverman/google-
play-store-ad-fraud-du-group-
baidu
14. August 2020 / Page 13marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Malvertising, Auto-Redirect Attacks
Large-scale malvertising attacks continue through ad networks
January 2018
https://www.blog.geoedge.com/s
ingle-post/2018/01/10/New-
Report-Auto-Redirect-Attacks-
Costing-Publishers-113-Billion
November 2018
https://www.zdnet.com/article/
malicious-code-hidden-in-advert-
images-cost-ad-networks-1-13bn-
last-year/
January 2018
https://blog.confiant.com/uncove
ring-2017s-largest-malvertising-
operation-b84cd38d6b85
April 2019
https://www.bleepingcomputer.com
/news/security/malvertising-
campaign-abused-chrome-to-hijack-
500-million-ios-user-sessions/
15. August 2020 / Page 14marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Not humans, something else
16. August 2020 / Page 15marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Why isn’t it detected?
17. August 2020 / Page 16marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Bad guys easily avoid detection
Blocking of tags, altering measurement to avoid detection
Detection Tag Blocking— analytics
tags/fraud detection tags are accidentally
blocked or maliciously stripped out
“malicious code manipulated data to
ensure that otherwise unviewable ads
showed up in measurement systems
as valid impressions, which resulted in
payment being made for the ad.”
Source: Buzzfeed, March 2018
18. August 2020 / Page 17marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Traffic sellers’ “high quality traffic”
Many sources to buy “traffic” and even tune “quality” level
Choose Your “Traffic Quality Level”
“Valid traffic” goes
for higher prices
19. August 2020 / Page 18marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Domain spoofing examples
Fake sites disguise themselves as good domains to sell inventory
“bad actors intentionally disguise the nature of
the ad space they’re selling. … a marketer might
believe they’re paying for ads on FT.com.”
https://www.wsj.com/articles/financial-
times-finds-counterfeit-ad-space-was-
offered-by-at-least-six-companies-
1507563713
“more than 1,400 apps were
found to have loaded ads under
TV Guide’s domain name”
2017 2018
20. August 2020 / Page 19marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
They miss obvious botnets
Bots repeatedly loading ads and pages, 100% Android devices
Devices repeatedly load ads 100% Android 8.0.0 visitors
21. August 2020 / Page 20marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Legit sites incorrectly marked
Domain (spoofed) % SIVT
esquire.com 77%
travelchannel.com 76%
foodnetwork.com 76%
popularmechanics.com 74%
latimes.com 72%
reuters.com 71%
bid request
fakesite123.com
esquire.com
passes blacklist
passes whitelist
✅
✅
declared
1. fakesite123.com has to pretend
to be esquire.com to get bids;
2. fraud measurement shows high
IVT b/c it is measuring the fake
site with fake traffic
3. Fake esquire.com gets mixed with
real so average fraud rates
appear high.
4. Real esquire.com gets backlisted;
bad guy moves on to another
domain.
22. August 2020 / Page 21marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
(2017) Pop-Unders / Redirects
These forms of fraud typically get by current fraud detection tech
a.k.a. “zero-click” “pop-under”
“forced-view” “auto-nav”
Source: https://www.buzzfeed.com/craigsilverman/remember-tom
23. August 2020 / Page 22marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
(2018) Cheetah was cheating
“Eight apps with a total of more than 2 billion
downloads in the Google Play store have been
exploiting user permissions as part of an ad
fraud scheme that could have stolen millions
of dollars.”
Source: Buzzfeed News, Nov 2018
25. August 2020 / Page 24marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Just because you can’t measure it
… doesn’t mean it’s not there.
26. August 2020 / Page 25marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
“ad fraud is not a tech problem; it’s
an incentives problem – many
stakeholders want it to continue
because it’s so lucrative.”
27. August 2020 / Page 26marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
What is ad fraud like?
28. August 2020 / Page 27marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Counterfeit goods
Just like fake watches and handbags, fake digital ads
29. August 2020 / Page 28marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Computer crimes
Hacking, malware, ransomware, drive-by cryptomining
https://blog.malwarebytes.com/cybercrime/2018/02/state-malicious-cryptomining/https://www.scmagazine.com/home/security-news/trojanized-apps-
containing-ad-fraud-malware-downloaded-102m-times/
30. August 2020 / Page 29marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Securities fraud
Deceptive practice of inducing investors with false information
• Revenues derived from
illegal activities
• Inflating revenue,
profits through ad fraud
• Overstating subscribers,
active users, ARPU
• Selling counterfeit
services and products
• Misrepresenting the
capabilities of services,
products
https://www.cnn.com/2019/09/25/tech/match-group-sued/index.html
31. August 2020 / Page 30marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Illegal Access / Breaches
Harvesting personal info, ecommerce transactions, other data
BreachesIllegal Access
https://www.csoonline.com/article/2130
877/data-breach/the-biggest-data-
breaches-of-the-21st-century.html
32. August 2020 / Page 31marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Illegal Interception
Keystroke logging to collect logins, passwords, other personal info
Source: Freedom to Tinker, Nov 2017
https://www.thedailybeast.com/california-passes-landmark-
privacy-bill-to-restrict-data-harvesting
33. August 2020 / Page 32marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Data interference
Alteration or suppression of computer data
Buzzfeed, March 2018
Source:
http://articles.latimes.com/2013/apr/19/business/la-
fi-mo-cookie-stuffing-ebay-20130419
“Laguna Niguel man pleads
guilty in 'cookie stuffing' scam
against Ebay. The online
auctioneer paid Dunning’s
company about $5.2 million in
2006 and 2007, the U.S. Attorney
said.”
34. August 2020 / Page 33marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Misuse of Devices
Ransomware and malicious cryptomining using humans’ devices
https://blog.malwarebytes.com/cybercrime/2018/02/state-malicious-cryptomining/https://www.zdnet.com/article/ransomware-not-dead-just-getting-a-lot-sneakier/
35. August 2020 / Page 34marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Forgery, falsified profiles
Unverifiable lookalike audiences contain fake profiles/preferences
Bots pretend to be
oncologists by visiting
oncology related sites.
“[LOTAME] purged 400 million
of its over 4 billion profiles after
identifying them as bots.”
Adweek, Feb 2018
36. August 2020 / Page 35marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Criminal impersonation
Bad guys pretend to be politicians, celebrities to trick consumers
37. August 2020 / Page 36marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Copyright infringement
Entire pages copied to thousands of other sites, to get free traffic
Google search on entire phrase in quotes:
http://bit.ly/16H9Gk5
Source: Buzzfeed, August 2020
38. August 2020 / Page 37marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Piracy/Mass Infringement
Large numbers of cloned sites containing 100% pirated content
Mass infringement
sites use pirated
content to attract
human visitors
- Show ads
- Attempt to hack
them or track them
39. August 2020 / Page 38marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Identity theft scenarios
Stolen personal info can be sold, and also later used in hacking
https://www.experian.com/blogs/ask-experian/heres-how-much-
your-personal-information-is-selling-for-on-the-dark-web/
Data Prices on the Dark Web
https://www.cnn.com/2019/03/09/tech/fac
ebook-ukraine-hackers/index.html
40. August 2020 / Page 39marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Money laundering scenario
Dollars are laundered as digital media ad spend on “cash out” sites
1. Buy digital media via ad exchanges on sites
directly or indirectly owned by the same entities
2. Pay “ad tech tax” (cut to middlemen)
3. Collect dollars from “cash out” sites, fully
laundered
41. August 2020 / Page 40marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Wire fraud, mail fraud
Knowingly misrepresenting the capabilities of the … technology
“Allegedly engaged in a multi-million dollar
scheme to defraud investors, as well as a
doctors and patients. charged with two counts
of conspiracy to commit wire fraud and nine
counts of wire fraud.
Holmes and Balwani were accused of knowingly
misrepresenting the capabilities of Theranos'
proprietary blood testing technology. The two
allegedly knew there were "accuracy and
reliability problems," and that it "could not
compete with existing, more conventional
machines," the US Attorney's office said.”
http://money.cnn.com/2018/06/15/technology/elizabeth-
holmes-indicted-theranos/index.html
https://www.slideshare.net/augustinefou/why-fraud-
detection-doesnt-work
https://www.linkedin.com/pulse/brand-safety-
detection-tech-over-representing-what/
42. August 2020 / Page 41marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Ads fund piracy, porn, hate sites
Source: Adweek, 2013 Source: BusinessInsider, 2014 Source: New York Times 2018
43. August 2020 / Page 42marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Ad fraud is criminals’
favorite “cash out” activity.
44. August 2020 / Page 43marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
The most profitable criminal activity
2,500 - 4,100% returns
11% returns1% interest
digital ad fraud
stock marketbank interest
“where else can I get multi-
thousands percent returns on
my money? Right. Nowhere.”
45. August 2020 / Page 44marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
“Ad fraud is at ALL TIME HIGHS
both in RATE and in DOLLARS…
… and what’s worse is fraud
detection is not catching it, so
people have a false sense of security.”
Source: https://www.slideshare.net/augustinefou/state-of-digital-ad-fraud-q2-2018
46. August 2020 / Page 45marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Digital Marketing circa 2018
47. August 2020 / Page 46marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
About the Author
Augustine Fou, PhD.
acfou [@] mktsci.com
48. August 2020 / Page 47marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Dr. Augustine Fou – Researcher
2013
2014
Published slide decks and posts:
http://www.slideshare.net/augustinefou/presentations
https://www.linkedin.com/today/author/augustinefou
2016
2015
2017
20192018