Post on 11-Apr-2017
How Ad Fraud Impacts Good Publishers
April 2017Augustine Fou, PhD.acfou@mktsci.com 212. 203 .7239
Ad Fraud Background
April 2017 / Page 3marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Digital ad fraud is profitable and scalable
Source: https://hbr.org/2015/10/why-fraudulent-ad-networks-continue-to-thrive
“the profit margin is 99% … [especially with pay-for-use cloud services ]…”
“highly lucrative, and profitable… with margins from 80% to 94%…”
“why stop at 10 ads on the page; why
not load 13,000 ads on the page”
131 ads on pageX
100 iframes=
13,100 ads /page
Source: Digital Citizens Alliance Study, Feb 2014
April 2017 / Page 4marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
92% of impressions clearly fraudulentIncreased CPM
prices by 800%Reduced impression
volume by 92%
Source: http://adexchanger.com/ad-exchange-news/6-months-after-fraud-cleanup-appnexus-shares-effect-on-its-exchange/
260 billion
20 billion
> $1.60
< 20 cents
April 2017 / Page 5marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Methbot stayed hidden for years
Source: Dec 2016 WhiteOps Discloses Methbot Research
“the largest ad fraud discovered to date, a single botnet, Methbot, steals $3 - $5 million per day, $2 billion annualized.”
1. Targets video ad inventory$13 average CPM, 10X higher than display ads
2. Disguised as good publishersPretending to be good publishers to cover tracks
3. Simulated human actionsActively faked clicks, mouse movements, page scrolling
4. Obfuscated data center originsData center bots pretended to be from residential IP addresses
April 2017 / Page 6marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Ad fraud is now the largest form of crime
$20 billion
CounterfeitGoods U.S.
$18 billion
Somalipirates
$70B 2016E Digital Ad Spending
Bank robberies
$38 million
$31 billionU.S. alone
$1 billion
ATM Malware
Payment Card Fraud 2015
$22 billion
Source: Nilson Report Dec 2016
Source: ICC, U.S. DHS, et.
al
Source: World Bank Study 2013
Source: Kaspersky 2015
$7 in $100$3 in $100
“this is a PER YEAR number”
Digital Ad Fraud
Source: IAB H1 2016
$44 in $100
Where is Ad Fraud Concentrated?
April 2017 / Page 8marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
CPM/CPC buckets (91% of spend) is most targeted
Impressions(CPM/CPV)
Clicks(CPC)
Search27%
91% digital spend
Display10%
Video7%
Mobile47%
Leads(CPL)
Sales(CPA)
Lead Gen$2.0B
Other$5.0B
• classifieds• sponsorship• rich media
(89% in 2015)Source: IAB 1H 2016 Report
(86% in 2014)
April 2017 / Page 9marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Two key ingredients of CPM and CPC FraudImpression (CPM) Fraud
(includes mobile display, video ads)
1. Put up fake websites and load tons of display ads on the pages
Search Click (CPC) Fraud
(includes mobile search ads)
2. Use fake users (bots) to repeatedly load pages to generate fake ad impressions
1. Put up fake websites and participate in search networks
2. Use fake users (bots) to type keywords and click on them to generate the CPC revenue
screen shots of fake sites
Fake Websites(cash-out sites)
April 2017 / Page 11marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
99% human pageviews on “sites you’ve heard of”
100% botpageviews on
“fraud sites”
99% of human pageviews are on
“sites you’ve heard of”
“real content that real humans want to read”
WSJESPN
NYTimesReuters
CBSSports
1% of human pageviews are on
“long tail sites”
“niche content that some humans want
to read”
top 1 million sitesnext 10 million sites318 million sites
Verisign reports 329 million domains registered by Q4 2016Source: http://www.verisign.com/en_US/domain-names/dnib/index.xhtml
April 2017 / Page 12marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Countless fraud sites made by template
100% bot
Fake Visitors(bots)
April 2017 / Page 14marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Bots are automated browsers used for fraud
Headless BrowsersSeleniumPhantomJSZombie.jsSlimerJS
Mobile Simulators35 listed
April 2017 / Page 15marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Bots range in sophistication, and therefore cost
Javascript installed on webpage
Malware on PCsData Center BotsOn-Page BotsHeadless browsers
in data centersMalware installed on
humans’ devices
Less sophisticated More sophisticated
Source: AdAge/Augustine Fou, Mar 2014 Source: Forensiq Source: Augustine Fou, Oct 2015
“official industry lists catch NONE of these bots”
1 cent CPMsLoad pages, click
10 cent CPMsFake scroll, mouse movement, click
1 dollar CPMsReplay human-like mouse movements, clone cookies
“The equation of ad fraud is simple: buy traffic for $1 CPMs, sell ads for $10 CPMs; pocket $9 of pure profit.”
April 2017 / Page 17marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
How Ad Fraud HarmsGood Publishers
April 2017 / Page 18marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
What I heard from Publishers
“Ad fraud doesn’t affect us”
“I wasn’t really aware of bots and fraud”
“Our SSP has an anti-fraud vendor”
“we checked, we have very low bots”
April 2017 / Page 19marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Fraud siphons 1/2 of dollars out of ecosystem
Advertisers “ad spend” in digital nearly $70B in 2016
Publishers are left with only 1/2 of the dollars
Bad Guyssiphon 1/2 of ad spend OUT of the ecosystem
• Advertisers have lower ROI• Publishers have lower revenues
1/2
1/2
Usersuse ad blocking and need
to protect themselves
April 2017 / Page 20marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Good publishers left with little revenue
Source: IAB 2016 FY
Search Spend$35 $28
$29
Display Spend Other
$16$25
$6
Google Search FB+GOOG Display
$7.9 $7.2$1.5
$3.3B - What’s left for good publishers
Source: WhiteOps ANA 2016
Source: WhiteOps Methbot
“there’s at least a 4X upside, if we clean up the fraud”
CPC Fraud CPM Fraud
Source: eMarketer March 2017
2016
April 2017 / Page 21marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
How ad revenue is diverted away
1. Bot visits good publisher site to collect “cookie”
2. Bot then visits fake sites to cause ad impressions to load there; those sites make the ad revenue
www.nejm.org healthsiteproductionalways.com
FOR EXAMPLE ONLY
April 2017 / Page 22marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
How profit margins are depressed
www.nejm.org healthsiteproductionalways.com
$100 CPMs $0.10 CPMsvs
“Media agencies want to buy more of the low-cost stuff to lower their average costs.”
FOR EXAMPLE ONLY
“Are you buying ‘traffic’ or ‘inventory’? There’s plenty of
that … at low cost, even.”
“Real human audiences are scarce and valuable.”
April 2017 / Page 24marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
http://www.olay.com/skin-care-products/OlayPro-X?utm_source=msn&utm_medium=cpc&utm_campaign=Olay_Search_Desktop
Brand risk when bad guys cover tracks
Click thru URL passes fake source “utm_source=msn”
to ‘launder’ the domain
buy eye cream online(expensive CPC keyword)
1. Fake site that carries search ads
Olay.com ad in #1 position
2. search ad served, fake click
Destination pagefake source declared
3. Click through to destination page
April 2017 / Page 25marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Premium audiences stolen by cookie matching
specialized audience:oncologists
jco.ascopubs.org
specialized audience can be targeted elsewhere
“cookie matching”(by placing javascript on your site)
FOR EXAMPLE ONLY
April 2017 / Page 26marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Bad measurements wrongly accuse publishers
Publisher does not have 90% bots and never had
“you have low viewability”
“you have 90% bots”• We want a refund• We won’t pay• We want make-goods
April 2017 / Page 27marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Unfair fight because bad guys cheat“Bad guys have higher (fake) viewability”
AD
Bad guys cheat by stacking all ads above the fold to fake 100% viewability
Good guys have to array ads on the page – e.g. lower average viewability.
April 2017 / Page 28marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Cybersecurity risks of 3rd party javascript
Source: https://www.exchangewire.com/blog/2016/05/19/%E2%80%8Bon-site-javascript-trackers-open-gaping-security-holes/
Current State of NHT Detection
April 2017 / Page 30marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Fraud bots are NOT on any list
user-agents.org
bad guys’ bots
2% and “on the wane”Source: GroupM, Feb 2017
bot list-matching
4% Source: IAB Australia, Mar 2017
400 bot names in list
“not on any list”disguised as popular browsers – Internet Explorer; constantly
adapting to avoid detection
10,000bots observed
in the wild
April 2017 / Page 31marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Limitations of current NHT detectionIn-Ad
(ad iframes)On-Site
(publishers’ sites)
• Used by advertisers to measure ad impressions
• Limitations – tag is in foreign iframe, can’t look outside of iframe
ad tag / pixel(in-ad measurement)
javascript embed(on-site measurement)
In-Network (ad exchange)
• Used by publishers to measure visitors to pages
• Limitations – most detailed data about characteristics of visitors
• Used by exchanges to screen bid requests
• Limitations – least info, relies on blacklists or probabilistic algorithms
ad served
bot
human
fraud site
good site
April 2017 / Page 32marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
5% bots doesn’t mean 95% humans
good publishers
ad exchanges/networks
volume bars (green)
Stacked percentBlue (human)Red (bots)
red v blue trendlines
Case Examples
April 2017 / Page 34marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Good publishers taking action to reduce bots
Publisher 1 – stopped buying traffic
Publisher 2 – filtered data center traffic
April 2017 / Page 35marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Publishers filtering bots – on-site vs in-ad
On-Site measurement, bots are still coming
In-Ad measurement, bots and data centers filtered
10% red
-7% (filter)
3% red
April 2017 / Page 36marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
About the Author
April 2017Augustine Fou, PhD.acfou@mktsci.com 212. 203 .7239
April 2017 / Page 37marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Dr. Augustine Fou – Independent Ad Fraud Researcher2013
2014
Follow me on LinkedIn (click) and on Twitter @acfou (click)
Further reading:http://www.slideshare.net/augustinefou/presentationshttps://www.linkedin.com/today/author/augustinefou
2016
2015
April 2017 / Page 38marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Harvard Business Review – October 2015
Excerpt:
Hunting the Bots
Fou, a prodigy who earned a Ph.D. from MIT at 23, belongs to the generation that witnessed the rise of digital marketers, having crafted his trade at American Express, one of the most successful American consumer brands, and at Omnicom, one of the largest global advertising agencies. Eventually stepping away from corporate life, Fou started his own practice, focusing on digital marketing fraud investigation.
Fou’s experiment proved that fake traffic is unproductive traffic. The fake visitors inflated the traffic statistics but contributed nothing to conversions, which stayed steady even after the traffic plummeted (bottom chart). Fake traffic is generated by “bad-guy bots.” A bot is computer code that runs automated tasks.