MediaTech Law


The Growing Problem of Ad Fraud and the Recent Methbot Attack

Fraud, particularly using “bots,” is increasingly threatening the effectiveness of online advertising and arguably calling into question the long-term viability of the industry. According to a recent study reported on by AdWeek, fraud from “bots” was projected to cost brands $7.2 billion in 2016, up from the $6.3 billion in 2015. Basically, “bots” are applications that perform automated tasks. While they can be used for legitimate purposes, in cases of ad fraud bots can “create millions upon millions of ad impressions that are seen by no one but often get charged to marketers as a viewed promotion.”

A recent article in AdWeek discussed some of the common ad fraud schemes. In one, called the “The Phony Traffic Broker,” writer Christopher Heine explained:

• A company wants to increase traffic to its site and goes to a traffic broker site that’s actually run by a fraudster, who promises volumes of highly qualified users;
• The fraudster deploys “bots” to simulate human traffic to the site; and
• The site’s views soar, advertisers pay the company for the increased traffic, and the fraudster gets paid for being the broker.

In December 2016, White Ops (a security firm) announced the discovery of a complicated and sizable fraud it called “Methbot” – in which, according to White Ops, a group of Russian criminals used a “bot farm” to generate $3 to $5 million per day in fraudulent revenue. The basic elements of the fraud included (as explained by Forbes):

• The fraudsters created more than 6,000 Internet domains and 250,267 distinct URLs that appeared to belong to real websites such as ESPN and Vogue – but the fake sites only hosted a video ad.
• They then tricked algorithms that decided where the most profitable ads would go into buying the fraudulent web space.
• The scheme’s operators then used more than 570,000 bots to direct fake traffic to those ads, thereby driving revenue thanks to the pay per click system they exploited. Those bots “watched” as many as 300 million video ads a day, with an average payout of $13.04 per thousand faked views.

However, not everyone is convinced by the size of White Ops’ claims related to Methbot, including George Slefo of AdAge, who cited a source that believed “only 10% of the fraudulent impressions generated by Methbot were actually served with ads” and that this “would put the financial impact from the Methbot scheme closer to $260,000 to $520,000 per day.” Although even if Slefo is right, these are still very large numbers and still causing serious financial impact.

There are many efforts underway to fight back against ad fraud. For example, Google claims to have “a global team with more than 100 people dedicated to fighting ad fraud through a combination of engineering, operations, and policy.” According to Google some of its efforts include: Collaborating with the industry, cutting out injected ads, launching a filter that excludes traffic from three of the top ad fraud botnets, and protection against falsely-represented inventory. In addition, just last month the Interactive Advertising Bureau’s (IAB) Technology Laboratory announced a new tool that IAB claims will “prevent the sale of counterfeit and unauthorized impressions” in certain types of transactions. The tool is called “ads.txt” and is a “pre-formatted index of authorized sellers” that can be used to screen for fake or misrepresented ad inventory. George Slefo, in AdAge, wrote about the IAB proposal claiming that “Adopting ads.txt would let marketers figure out what others are paying for the same inventory.” (See also an article from Digiday that explains the proposal in more detail and claims the success of ads.txt will depend on whether “publishers and exchanges adopt it en masse.”) The IAB is taking public comments on the tool and plans to release a final version after reviewing the feedback.

Share this article: Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someone

Add Comment

Your email address will not be published. Required fields are marked *