Published on February 26, 2014
Digital Ad Fraud Superheroes Dr. Augustine Fou http://linkd.in/augustinefou acfou @mktsci .com February 2014 -1- Augustine Fou
YouTube (Google) Video ad impressions counted only if user does not click ―skip‖ With video ads you pay only when someone chooses to watch your ad, so you don't waste money advertising to people who aren't interested in your business. Source: http://www.youtube.com/yt/advertise/why-it-works.html -2- Augustine Fou
Google Google proactively filters invalid clicks, does not charge The vast majority of all invalid clicks on AdWords ads are caught by our online filters. These filters are constantly being updated and react to a wide variety of traffic patterns and indications of click fraud attacks. On average, invalid clicks account for less than 10% of all clicks on AdWords ads. At our current revenue run rate, the aggregate value of the clicks that we've identified as suspicious or invalid and excluded from what we've charged advertisers is in the hundreds of millions of dollars. Source: https://support.google.com/adwords/answer/2454071 -3- Augustine Fou
Spider.io (Google) Advanced technical analysis that detects fraudulent bot activity We have previously shown how malware-driven traffic across websites costs display advertisers millions of dollars per month . We have also shown how easy it is to generate this type of fake traffic—with fewer than 100 lines of C++ code . In this post we provide the first case study to show how a well known malware rootkit is being used by cyber criminals today specifically to defraud online display advertisers. The case study is a display advertising analogue of a click-fraud study by Miller et al. . In our investigations into the origins of malware-driven traffic across websites we discovered a TDSS rootkit with dll32.dll and dll64.dll payloads. TDSS has been described by Kaspersky as ―the most sophisticated threat today‖ . In this post we show how hijacked PCs controlled by these TDSS payloads impersonate real website visitors across target webpages on which display ad inventory is being sold. We show in this post how this fake traffic is being sold to publishers today through the ClickIce ad exchange. We show further in this post that some unscrupulous publishers are not just knowingly buying this fake traffic. They are in fact optimising their webpage layouts for this fake traffic. We recorded activity on a hijacked PC controlled by one of these payloads. We have included this below. Source: http://www.spider.io/blog/2013/12/cyber-criminals-defraud-display-advertisers-with-tdss/ -4- Augustine Fou
WhiteOps Advanced technical forensics to determine impact of bot actions Mr. Tiffany said traffic fraud can be found not only on smaller sites serving as shells to game ad exchanges, but on the domains of premium publishers as well. "What we do know is that it's not just a problem hiding out in the long tail, it's not just a problem of bogus websites," he said. "Bots have infiltrated traffic systems across the ecosystem and end up at some premium, name brand publishers." Source: AdAge - Premium Publishers Are Getting Victimized By Traffic Fraud, Too Feb 2014 -5- Augustine Fou
Integral Ad Science Brand safety via analyzing placements of ads Source: Integral Ads -6- Augustine Fou
DoubleVerify Ad verification technology – placement, viewability, bot detect Source: http://www.doubleverify.com/ -7- Augustine Fou
Solve Media Human detection via CAPTCHAs; ad delivery to real humans TYPE-IN™ ads: Solve Media's proprietary TYPE-IN™ advertising guarantees your messaging won't be ignored—because it can't be. Our simple, effective and memorable TYPE-IN™ advertising lets users type in brand messages where they interact on web pages and mobile apps— replacing difficult CAPTCHAs, allowing people to skip video pre-roll ads, or unlocking access to valuable mobile experiences. The result: superior brand lift. Here's how: -8- • Guarantee engagement with your message every time • Deliver 1200% greater message recall than banner ads • Outperform comScore Brand Lift norms by an average of 10X across awareness, association, favorability, and purchase intent • Are performance-based, so you only pay for true engagement. Impressions that users don't engage with are free Augustine Fou
The Industry Takes Action on Ad Fraud -9- Augustine Fou
IAB Releases Best Practices Best Practices For Reducing Traffic Fraud Risk Unveiled by IAB Specific Strategies Recommended for Buyers, Publishers and Networks To Identify False Traffic and Mitigate Its Adverse Effects, in New Document Released for Public Comment NEW YORK, NY (December 5, 2013) — Fraudulent traffic has reached critical levels across the digital advertising ecosystem, and in response the Interactive Advertising Bureau (IAB) and its Traffic of Good Intent Task Force have released ―Best Practices – Traffic Fraud: Reducing Risk to Exposure‖ to meet this challenge. Entering the public comment phase today, the best practices explain how robotic traffic (aka ―bots‖) can infiltrate legitimate publisher inventory. Accordingly, it provides premium publishers and networks, as well as buyers, with specific recommendations. - 10 - Augustine Fou
LinkedIn Sues John Doe Professional social networking site LinkedIn has filed a federal lawsuit against ten unspecified individuals over the use of bots that stole personal data from the profiles of hundreds of thousands of users. According to the suit, which was filed Monday in the Northern California federal district court, the bots were used to register thousands of fake LinkedIn accounts for the purpose of mining data from legitimate accounts – a process known as scraping, which is prohibited by LinkedIn‘s user agreement. The court documents also claim the fraudulent activity, which began last May, breaks state and federal computer security laws as well as federal copyright law. ―Since May 2013, unknown persons and/or entities employing various automated software programs (often referred to as ‗bots‘) have registered thousands of fake LinkedIn member accounts and have extracted and copied data from many member profile pages,‖ LinkedIn said in its complaint. ―This practice, known as ‗scraping,‘ is explicitly barred by LinkedIn‘s User Agreement, which prohibits access to LinkedIn ‗through scraping, spidering, crawling, or other technology or software used to access data without the express written consent of LinkedIn or its Members.‘‖ LinkedIn Sues ―John Doe‖ Hackers Who Created Fake Accounts to Scrape Member Data Source: BusinessWeek Jan 2014 - 11 - Augustine Fou
Microsoft Kills Zombie PCs Armed with a court order and law enforcement help overseas, the team took steps to cut off communication links to European-based servers considered the mega-brain for an army of zombie computers known as ZeroAccess. Criminals for years had used the ZeroAccess "botnet," which combines the power of more than 2 million hijacked computers—or bots—around the world, to fraudulently bill some $2.7 million a month from online advertisers, company investigators say. Working With Law Enforcement, Microsoft Team Cuts Off Servers for Zombie Computers Source: WSJ Dec 5, 2013 - 12 - Augustine Fou
Spider.io Kills Chameleon Botnet Chameleon Botnet Date of discovery: 28 February, 2013 Known as: Chameleon Botnet Discovered by: spider.io Activity identified: Botnet emulates human visitors on select websites causing billions of display ad impressions to be served to the botnet. Number of host machines: over 120,000 have been discovered so far Geolocation of host machines: US residential IP addresses Reported User Agent of the bots: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0) and Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Proportion of traffic that is botnet traffic from IP addresses of host machines: 90% (diluted by gateway IPs) Number of target websites across which the botnet operates: at least 202 Proportion of traffic across the target websites that is botnet traffic: at least 65% Number of ad impressions served to the botnet per month: at least 9 billion Number of distinct ad-exchange cookies associated with the botnet per month: at least 7 million Average click-through rate generated by the botnet: 0.02% Average mouse-movement rate generated by the botnet: 11% Average CPM paid by advertisers for ad impressions served to the botnet: $0.69 CPM Monthly cost to advertisers of ad impressions served to the botnet: at least $6.2 million Spider.io Stops Chameleon Botnet, which ―emulates human visitors on select websites causing billions of display ad impressions to be served.‖ Source: Spider.io March 2013 - 13 - Augustine Fou
What They Do / Detection Vectors - 14 - Augustine Fou
Placement/Viewability Technology platforms to analyze the placement of ads on dimensions like viewability, brand safety, suspicious activity (fraudulent views or clicks). - 16 - Augustine Fou
Non-human Visitors Technology and techniques to detect non-human (bot) visits to a site and loading of ads; solutions to save advertisers money (pay only when it is proven human, don‘t pay when human does not stay to see ad). - 17 - Augustine Fou
Digital Ad Fraud Mitigation Techniques - 18 - Augustine Fou
Blacklisting Sites Value Exclude sites from serving your ads - 19 - Caveat For every site excluded, bad guys put up more (because they don‟t have to play by the rules). Augustine Fou
Enforcing Viewability Value Caveat Only pay for ads which are viewable (i.e. above the-fold) Bad guys can defeat ―viewability‖ by stuffing ads in hidden layers, all ―abovethe-fold” Source: Spider.io May 2, 2013 - 20 - Augustine Fou
Bot Detection Value Caveat Good guys use algorithms to detect unusual behaviors indicative of bots (rather than humans) It‘s an arms race between good and bad; bots are more sophisticated and can fake mouse movements and keep cookies. Source: Spider.io March 2013 - 21 - Augustine Fou
Using CAPTCHAs Value Caveat Captchas deter bots from filling in forms and stealing content and cookies. Some bots can now solve some captchas, most captchas don‘t protect content pages. Source: Solve Media Dec 31 2013 - 22 - ―Startup called Vicarious automatically solves CAPTCHAs.‖ Oct 2013 http://bit.ly/1bFo9lZ Augustine Fou
“The above countermeasures are all good, and advertisers should continue using them. But they are not enough. If the good guys fight the fight individually, there is little chance they can overcome the entire ecosystem of the bad guys. The good guys need to band together into their own ecosystem and put the bad guys on a „digital ad fraud equivalent to the National Sex Offenders Registry‟.” -- Dr. Augustine Fou - 23 - Augustine Fou
Ad Fraud Forensics Process Preliminary Scan Sizing of ad fraud Forensic Analysis Maintenance • Technology Tools • Statistical analysis • Budget shifts • Further optimization Implementation FREE $$$ Preliminary analysis of paid campaigns and analytics to determine magnitude of the ad fraud impacting client. Creating recommended list of changes, including list of sites to exclude in each ad channel. - 24 - $ Subscribe to triangulated, cross-industry database of ―ad fraud offenders‖ to continuously update blacklists and whitelists. Augustine Fou
Prioritizing Actions 30% 40% 30% - 25 - targeting improving optimization delivery viewability bots /not seen by humans waste reduction Augustine Fou
Low Hanging Fruit The most immediate, direct impact on ROI comes from reducing waste 25% On-Target Delivery (Nielsen) 54% Not In View (comScore) 82% Ignored (Harris Interactive) 23% Ad Blocked (PageFair) 24 – 29% confirmed bot (Solve Media) - 26 - Augustine Fou
Dr. Augustine Fou – Digital Forensics “I advise clients on optimizing advertising across all channels. Using advanced technical forensic techniques and custom tchnology tools, we detect and mitigate ad fraud and waste.” FORMER CHIEF DIGITAL OFFICER, HCG (OMNICOM) MCKINSEY CONSULTANT CLIENT SIDE / AGENCY SIDE EXPERIENCE PROFESSOR AND COLUMNIST ENTREPRENEUR / SMALL BUSINESS OWNER PHD MATERIALS SCIENCE (MIT '95) AT AGE 23 ClickZ Articles: http://bit.ly/augustine-fou-clickz Slideshares: http://bit.ly/augustine-fou-slideshares LinkedIn: http://linkd.in/augustinefou - 27 - @acfou Augustine Fou
Related Articles ROI Case for Solving Ad Fraud By: Augustine Fou January 2014 Fake YouTube Videos By: Augustine Fou, December 2013 Digital Ad Fraud Briefing By: Augustine Fou December 2013 Motive and Opportunity for Ad Fraud By: Augustine Fou, February 2014 How Display Fraud Works By: Augustine Fou, May 2013 Fake Facebook Profiles By: Augustine Fou, Dec 2013 How Click Fraud Works By: Augustine Fou, November 2013 Fake Twitter Accounts By: Augustine Fou, August 2013 The Magnitude of Digital Ad Fraud By: Augustine Fou, November 2013 Display Fraud 101 (video) By: Augustine Fou, Feb 2014 - 28 - Augustine Fou
View 831 Ad Fraud posts, ... Integral Ad Science Digital Ad Fraud Presentation. ... Digital ad fraud superheroes the good guys by augustine fou.
... and best practices in fighting digital ad fraud. Dr. Fou is an ... of "good guys" like WhiteOps, Integral Ad ... Marketing Science Consulting Group, Inc.
Information about Branding vs Direct Response Budgets in Digital Augustine Fou 2014
Marketing Science Consulting Group, Inc. is the digital strategy consulting practice of Dr. Augustine Fou. Clients hire Dr Fou to review the digital ...
Digital Ad Fraud and Bots ... Fraud continues upward as digital ad spend goes up ... Dr. Augustine Fou February 2016 / Page 6 Bad guys go where the money ...
Today’s column is written by Augustine Fou, digital strategist ... Ad Fraud Wreaks Havoc On Measurement. ... digital strategist and independent ad fraud ...
... than bank and credit card fraud: digital ad ... enough," says Dr. Augustine Fou, ... good guys detect that kind of stuff," Fou ...
Field Guide for Validating Premium Ad Inventory 0 ... Partnerships Dr. Augustine Fou Anti-Fraud Forensic ... Bad guys also fully automate their digital ad