The Ghost in the Machine

Investigating the cost of digital fraud and what publishers can do to combat it.

By Jay Horton, SVP, DEV/CON Detect Ad Tech Security®

Publishers and advertisers have become dependent on the programmatic ecosystem. What was once a somewhat closed marketplace, managed with direct oversight of manual insertion orders, has added millions of advertisers with unfettered access to audiences of millions of Web sites. According to Forrester, U.S. digital marketing spend will approach $120 billion by 2021. Investment in paid search, display advertising, social media advertising, online video advertising, and email marketing will pace to 46 percent of all advertising in five years.

For all the benefits of an open marketplace, there is a dark side. Bots and botnets, arbitrage, ad injectors, domain spoofing, and more are all types of digital fraud that has infiltrated the system and has exploded over the past several years. When multiplied by millions of users, all layers of the advertising ecosystem are affected from a traffic perspective AND, more importantly, a revenue perspective.

Ad fraud costs publishers billions

Today, ad fraud estimates are astounding. For the billions of impressions lost, the resulting loss of revenue was projected to be nearly $10 Billion in 2017, effectively doubling the annual loss in just six years. If prevention efforts are not intensified, 54 percent more marketing dollars will be lost per year. More than half. Can publishers really afford to lose more than half?

The Ghost in the Machine

Methbot, the most aggressive and insidious fraud suspects of 2016, is thought to have stolen between $3 million and $5 million per day. It does so by disguising itself as a credible publisher, then targeting video ad inventory by simulating human actions and masking data center origins.

In late 2017, the Wall Street Journal reported on the Hyphbot attack, taking $500,000 a day from advertisers that would have otherwise gone to publishers. It is estimated that this type of fraud costs advertisers $2 billion annually.

The significance of the Methbot and Hyphbot attacks cannot be underestimated. More than 6,000 publishers were directly affected, causing distorted metrics that result in higher scrutiny by advertisers. And while “bots” do account for a substantial percentage of the fraud experienced by publishers, it is not the only source. The human factor is just as relevant to the fraud discussion.

The Ghost in the Machine

In the case of one mid-sized publisher, the fraud came from a human source. By merely changing the code and redirecting traffic, this hacker was able to embezzle up to $900,000 in less than twelve months. For fraudsters, all it takes is a few simple keystrokes, some new code, and redirects. It’s that easy and extremely profitable for someone to engage in ad fraud.

Here’s one publisher’s story – a mid-sized publisher in the U.S. was experiencing tremendous success with about one million unique visitors each month and 3.5 million page views. But as these numbers continued to grow, revenue began to decline inexplicably. It can happen to anyone.

Here are some of the warning signs for publishers to look for:

● Traffic increases, declining revenue
● Missing impressions
● Reporting inconsistencies
● Defensive employees

For this publisher, declines became more significant monthly and something had to be done, but the publisher couldn’t identify the problem, only the symptoms. The publisher partnered with DEV/CON Detect, an ad tech security vendor and what was found was shocking. Malicious changes to the code itself were found as well as fraudulent tags throughout the system.

This triggered a thorough system audit and a full-scale fraud mitigation search. This process included much more than just unearthing the issues; it involved updating the code, changing the organizational structure to develop a better system of checks and balances and ongoing scanning to detect unauthorized access.

The result was an indictment for the internal bad actor, aided by thorough documentation from the ad tech security vendor. The publisher also saw immediate revenue increases, with exploited ad tags that were redeployed delivering up to 275% more ad dollars the very next month.

As ad fraud continues to grow and new methods of perpetrating this fraud are unearthed, revenues will continue to decline sharply. Analytics will come into question as results do not meet expectations.

The Ghost in the Machine

Today, the publishing industry is under attack and it must engage in aggressive measures to protect the integrity of data and revenue. Once viewed as a national problem, digital ad fraud has been seeping into the fabric of regional and local publishing as well.

On the local level, it’s difficult for increasingly smaller publisher teams to possess the resources and knowledge to navigate the complexities of the digital landscape, which makes these smaller markets easy prey. Despite vendors’ efforts at due diligence, programmatic solutions on the regional and local level are primarily responsible for opening the door to these attacks.

Bad actors are constantly adapting to manipulate these solutions. The risk is compounded by the exploits in direct buy campaigns and ad serving from content partnerships. The same diligence exercised at global level needs to trickle down to the local markets, making ongoing monitoring a crucial and necessary strategy for publishers. The door has to be closed.

Attacks on programmatic videos are seen as one of the greatest opportunities for fraud growth. Especially given that nearly 35 percent of traffic at any given time is done by these bots. With videos on the rise as the preferred target of bots, they are not the only advertising asset at risk. “Click injection” is projected to garner increased attention this year as well. The fake clicks are bolstered by bots. In 2015, more than 20 percent of video ad impressions were directly linked to bots.

The Ghost in the Machine

What can publishers do?

Reporting. Reporting. Reporting.

Consistently identifying and proving the validity of the numbers will produce more accurate ROI numbers and protect the business side of publishing. More filters mean more control, which means better numbers.

By initiating fail-safes, the publishing industry can enhance its standing as a trusted partner further minimizing advertiser concerns that digital ad dollars may be at risk. Prudent advertisers are verifying and re-verifying all analytics, data, and traffic measurements. They are diving deep into the numbers to scrutinize the cost per thousands for their campaigns. If anything looks out of place, they will question it.

By locking down the data, both publisher and advertiser share the same view, cementing stronger partnerships and truly protecting the integrity of the industry.

Maintain Good Ad Tech Hygiene.

The complex ad tech ecosystem requires checks and balances to thrive. Publishers should be able to answer questions like these to protect their own interests and those of advertisers and users:

● Who at your organization is the person responsible for maintaining ad tech hygiene?
● How often are security protocols reviewed?
● Do you have a system for tracking and auditing your website’s Javascript, plug-ins and/or modules?

Consistent documentation, audits, and updates are crucial since turnover is typically high in Ad Ops positions.

Partner with a Trusted Ad Tech Security Vendor.

DEV/CON Detect helps publishers grow revenue by resolving ad tech issues, as evidenced by our partnership with this mid-sized publisher. Our team of digital advertising professionals, white-hat hackers, and data scientists leverage our patent-protected technology to: detect, fix, and monitor both technical and organizational vulnerabilities to protect and increase agency and publisher revenue. Ultimately, by working together, the industry becomes much more stable. The numbers become real numbers again. And the industry thrives.

About the Author
The Ghost in the Machine

Jay Horton is the Senior Vice President for DEV/CON Detect Ad Tech Security® and has spent the last two decades driving revenue growth for local media companies, including Knight Ridder, Gannett, The E.W. Scripps Company and more. Additional writing contributions for this article include Casey Hester Vice President of Customer Success with Jennifer Shaw. Additional Research for this feature from Maggie Louie, CEO, and Josh Summitt, CTO.

June 18, 2019

cyber defense awardsWe are in our 11th year, and Global InfoSec Awards are incredibly well received – helping build buzz, customer awareness, sales and marketing growth opportunities, investment opportunities and so much more.
Cyber Defense Awards

12th Anniversary Top InfoSec Innovator & Black Unicorn Awards for 2024 are now Open! Finalists Notified Before BlackHat USA 2024...