the many faces of ad fraud
TRANSCRIPT
#NoMoreAdFraud
Brandon Miller, Carmichael Lynch
Michael Tiffany, White Ops
The Problem
The Criminals
The Solution
The Bot World
The Problem
The Criminals
The Solution
The Bot World
In 2014, The Bot
Baseline found fraud
in every kind of
campaign we studied.
The average loss to
bots was 11%.
*
Bots are infecting the system.Fake web browsers go to real (or fake) sites, view real ads,
and demand payment for the service
How big is the problem?
$6,300,000,000
$ $$
The honest truth is…
…it’s worse than this.$6.3 billion is a conservative estimate, but that’s more than bad enough.
More significant is…
Who
Where
It’s coming from inside the house
Why you care:
Your money gets home users hacked.
You are being tricked into tracking bots.
1
2
Why hack home users?Hint: not to rob their digital funds and identities
(not that they don’t)
If you want to get targeted, you (often) need a consumer’s identity.
That can be arranged.
False assumptions:
Bots are afraid of tracking (nope: hacked
goods make them seem legitimate)
Optimizing for performance, or
viewability, or conversions squeezes out
the bots automatically (nope)
x
x
…our findings show otherwise.
Bot fraud is the
scalable ad fraud
Yes, you should probably care about pixel stuffing,
ad clutter, ad collision, etc. etc. etc. But those things
don’t happen on expensive placements. Those
things don’t add up to $6.3 billion dollars. Those
things don’t funnel money to organized crime. Your
CFO cares about stopping money going to
organized crime. He may not care about ad clutter.
The Problem
The Criminals
The Solution
The Bot World
*
Ad fraud is not evenly distributed(Neither is tuberculosis)
Video is (on average):
2.1 times bottier than display
Almost a quarter of video advertisement goes to nobody
Display Programmatic Retargeting
54%bottier
73%bottier
Programmatic(buy at your own risk)
X X33% Bots 3% Bots
Exchange 1 Exchange 2
News Junkie
Targeting (and Retargeting)
Missed.
Fake profiles and
stolen cookies =
retargeted campaigns
had more bots, not
less
Premium sites are “safer” but…
When publishers get a portion of
their visitors from other sites on the
web, they get bot traffic, too.
The Problem
The Criminals
The Solution
The Bot World
$
*
Advertiser
Agency
Exchanges
Publisher
Who’s the bad guy?
Not these guys
Advertiser
Agency
Exchanges
Publisher
Who’s the bad guy?
The real bad guys are
the ones breaking into
everyone’s computers
How do the bad guys make money?
…with fake sites.
…with fake sites.…when real sites
need more traffic.&
Fake Sites Awful content
Scraped or copied
content
Objectively measurable
Hosts ads
Makes money
Doesn’t matter; humans don’t visit
Sourced Traffic
$
One site paying another to send more traffic
Sourced Traffic
$
Sourced traffic is usually botty traffic (even for premium sites)
especially
The attackers adaptHere they come. Turn the bots
off!
They’re leaving. Turn the bots
back on.
We have a complaint. Clean
it up.
Here they come again…
There are some interesting patterns…
When advertisers demand more
traffic, the differential between
available humans and advertiser
demand for traffic can be made up
with bots.
Bots will often supply traffic as
needed in bursts – in this case,
every Saturday
There are some interesting patterns…
Not all botnets are run by geniuses: some bots are too
dumb to keep daylight hours:
Old Browsers Are Bot Browsers
Bots both:
Cycle through many
fake user-agents
(browsers) to hide in
the noise
Provide real user-
agents, but don’t get
auto-updated
Why are we still supporting old
browsers?!
But patterns are not evidence.
• Taking on all the botnets at once requires
hardcore malware reverse-engineering and
major intelligence operations.
• We’re in an arms race against the world’s
best cybercriminals.
• It’s fun to point out these patterns, but if all
we had to do was find the patterns, this
problem would have been solved already.
The Problem
The Criminals
The Victims
*
The Solution
We all need to work together
to solve the problem of ad fraud.
On the Sell Side,
real can’t compete with fake
If the Buy Side
can’t tell the difference
In December 2014, on behalf of a large brand,
the ad agency Carmichael Lynch decided to make an above-average campaign even better.
Carmichael Lynch’s
Anti-Fraud Formula:
Monitor for fraud in all the brand’s campaigns
Use continuous monitoring (Detection) to hold all supply
partners accountable and to reward great ones
Take proactive steps (Prevention) only where it makes
sense for the buyer to take that burden
1. Top volume
campaigns had
expensive bot problems
Top bot problems:
Solution: Protect high value media investment –
reduce fraud where it hits the hardest by dollars
Campaign Human Bots Bots %
1* 350M 20M 5%
2* 260M 20M 7%
3* 190M 14M 7%
4 76M 3M 4%
5* 63M 10M 13%
1. Top volume campaigns had
expensive bot problems
2. Small but significant bot
percentages across too many
placements to address manually
Top bot problems:
Solution: Anti-targeting!
5.90%
7.80%
6.70%
3.80% 3.40%
2/22, 13 MM 2/23, 15 MM 2/24, 16 MM 2/25, 14 MM 2/26, 13 MM
Bot % of total
Solution: Anti-targeting!
In one day, Carmichael Lynch
cut the brand’s bot percentage
by 43%.
5.90%
7.80%
6.70%
3.80% 3.40%
2/22, 13 MM 2/23, 15 MM 2/24, 16 MM 2/25, 14 MM 2/26, 13 MM
Bot % of total
1. Top volume campaigns had expensive
bot problems
2. Small but significant bot percentages
across too many placements to address
manually
3. Bot fraud varied by placement by time:
being clean today didn’t guarantee being
clean tomorrow
Top bot problems:
In ongoing fraud-cutting activities, Carmichael Lynch
improved traffic by cutting or repairing the worst offenders
Solution: Continuous monitoring
Authorize and approve third-party traffic validation technology
Be aware and involved
Use third-party monitoring
Budget for security
Protect yourself, your users, and your media from ad fraud
✓
✓
✓
✓
✓
*
To defend against sophisticated
and basic ad fraud attacks,
Thank You!