Dr. Augustine Fou - The Lowdown on Ad Fraud for Advertisers - Seattle Interactive 2016
-
Upload
seattle-interactive-conference -
Category
Marketing
-
view
312 -
download
0
Transcript of Dr. Augustine Fou - The Lowdown on Ad Fraud for Advertisers - Seattle Interactive 2016
The Lowdown on Ad Fraud for Advertisers
October 2016Augustine Fou, [email protected] 212. 203 .7239 (New York)
Ad Fraud Background
October 2016 / Page 3marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Fraud continues up as digital ad spend goes up
Digital ad fraud
Digital ad spendSource: IAB 2015 FY Report
$ billions
E
High / Low Estimates
October 2016 / Page 4marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Bad guys follow the money – focus on CPM, CPC fraud
Impressions(CPM/CPV)
Clicks(CPC)
Search32%
91% digital spend
Display12%
Video7%
Mobile40%
Leads(CPL)
Sales(CPA)
Lead Gen$2.0B
Other$5.0B
• classifieds• sponsorship• rich media
(86% in 2014)Source: IAB 2015 FY Report
(83% in 2013)
October 2016 / Page 5marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Two main types of fraud, two key ingredientsImpression (CPM) Fraud
(includes mobile display, video ads)
1. Put up fake websites and load tons of ads on the pages
Search Click (CPC) Fraud
(includes mobile search ads)
2. Use bots to repeatedly load pages to generate fake ad impressions
1. Put up fake websites and participate in search networks
2. Use bots to type keywords and then to click on the ads to generate the CPC revenue
screen shots of fake sites
October 2016 / Page 6marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
How profitable is digital ad fraud? Extremely…
Source: https://hbr.org/2015/10/why-fraudulent-ad-networks-continue-to-thrive
“the profit margin is 99% … [especially with pay-for-use cloud services ]…”
Source: Digital Citizens Alliance Study, Feb 2014
“highly lucrative, and profitable… with margins from 80% to as high as 94%…”
October 2016 / Page 7marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
How scalable are ad fraud operations? Massively …Cash out sites are massively scalable
131 ads on pageX
100 iframes=
13,100 ads /page
One visit redirected dozens of timesKnown blackhat technique to hide real referrer and replace with faked referrer.
Example how-to:http://www.blackhatworld.com/blackhat-seo/cloaking-content-generators/36830-cloaking-redirect-referer.html
Thousands of requests per pageSingle mobile app calling 10k impressions
Source: Forensiq
October 2016 / Page 8marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
AppNexus example – cleaned up 92% of impressions
Increased CPM prices by 800%
Decreased impression volume by 92%
Source: http://adexchanger.com/ad-exchange-news/6-months-after-fraud-cleanup-appnexus-shares-effect-on-its-exchange/
260 billion
20 billion
> $1.60
< 20 cents
“pity those advertisers who bought before the cleanup”
Fake Websites(cash-out sites)
October 2016 / Page 10marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Websites – spectrum from bad to good
Ad Fraud Sites
Click Fraud Sites
100% bot
mostly human
Piracy Sites
Premium Publishers
Sites w/ Sourced Traffic
“fraud sites” “sites w/ questionable practices” “good guys”Websites
“real content that real humans want to read”
October 2016 / Page 11marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Identical sites – fraud sites made by template
October 2016 / Page 12marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Countless fraud domains used to commit ad fraudhttp://analyzecanceradvice.comhttp://analyzecancerhelp.comhttp://bestcanceropinion.comhttp://bestcancerproducts.comhttp://bestcancerresults.comhttp://besthealthopinion.comhttp://bettercanceradvice.comhttp://bettercancerhelp.comhttp://betterhealthopinion.comhttp://findcanceropinion.comhttp://findcancerresource.comhttp://findcancertopics.comhttp://findhealthopinion.comhttp://finestcanceradvice.comhttp://finestcancerhelp.comhttp://finestcancerresults.comhttp://getcancerproducts.com
100s of thousands more sites like these, designed to profit from high value ads
Fake Visitors(bots)
October 2016 / Page 14marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Bots are developer tools (browser) used for ad fraud
Headless BrowsersSeleniumPhantomJSZombie.jsSlimerJS
Mobile Simulators35 listed
Bots are made from malware compromised PCs or headless browsers (no screen) in datacenters.
Bots
October 2016 / Page 15marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Bots range in sophistication, and therefore cost
Javascript installed on webpage
Malware on PCsData Center BotsOn-Page BotsHeadless browsers
in data centersMalware installed on
humans’ devices
Less sophisticated Most sophisticated
Source: AdAge/Augustine Fou, Mar 2014 Source: Forensiq Source: Augustine Fou, Oct 2015
“not many people know that the official industry bot lists catch NONE of these bots, not one.”
1 cent CPMsLoad pages, click
10 cent CPMsFake scroll, mouse movement, click
1 dollar CPMsReplay human-like mouse movements, clone cookies
October 2016 / Page 16marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Bad guys’ bots earn more money, more efficientlyHigher bots in retargetingBots collect cookies to look attractive
Source: DataXu/DoubleVerify Webinar, April 2015 Source: White Ops / ANA 2014 Bot Baseline
October 2016 / Page 17marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Bots – from easy-to-detect to advanced bots
10,000bots observed
in the wild
user-agents.org
bad guys’ bots3%Dstillery, Oct 9, 2014_
“findings from two independent third parties, Integral Ad Science and White Ops”
3.7%Rocket Fuel, Sep 22, 2014
“Forensiq results confirmed that ... only 3.72% of impressions categorized as high risk.”
2 - 3%comScore, Sep 26, 2014
“most campaigns have far less; more in the 2% to 3% range.”
industry lists(bot name-match)
“not on any list”disguised as normal browsers –
Internet Explorer; constantly adapting to avoid detection
October 2016 / Page 18marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Any device with chip/connectivity can be used as a botTraffic cameras used as botnet (Engadget, Oct 2015)
mobile devices
connected traffic lights
connected cars
thermostat connected fridge
Security cams used as DDoS botnet (Engadget, Jun 2016)
(TechTimes, Sep 2016)
Bot Detection Toolset
October 2016 / Page 20marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Tech toolset - javascript tag installed on-site or in-adIn-Ad (ad iframes)On-Site (publishers’ sites)
• For publishers to detect and characterize each visitor to the website
• Installed just like Google Analytics via 2 lines of code
• For advertisers (served as an ad tag) to characterize the user that caused the ad to load
ad tag / pixel(in-ad measurement)
javascript embed(on-site measurement)
October 2016 / Page 21marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Visual difference between good publishers, networks
good publishers
ad exchanges/networks
October 2016 / Page 22marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
End of month traffic and impressions fulfillment
Impressions surgevolume bars (green)
Stacked percentBlue (human)Red (bots)
red vs blue trendlines Caused by bots
October 2016 / Page 23marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Real traffic surges caused by humans on news site
Traffic surgesvolume bars (green)
Stacked percentBlue (human)Red (bots)
red v blue trendlinesBy humans
October 2016 / Page 24marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
AdMonsters Publishers Study – Class of May 2016
AdMonsters Publishers Study• 30 days, directly measured• 30 publishers/sites• 1 billion pageviews• ocean of blue
October 2016 / Page 25marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Declared/search bots should be low, no ads served
- searched for "HTTP_USER_AGENT:smartbrief"- searched through 98784 visits in 101 batches.- found 11519 matches (11.66%).
- searched for "HTTP_USER_AGENT:moatbot"- searched through 98784 visits in 101 batches.- found 2064 matches (2.09%).
- searched for "HTTP_USER_AGENT:googlebot"- searched through 98784 visits in 101 batches.- found 425 matches (0.43%).
- searched for "HTTP_USER_AGENT:bingbot"- searched through 98784 visits in 101 batches.- found 85 matches (0.09%).
Smartbrief Bot GoogleBot
moatbot Bingbot
October 2016 / Page 26marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Ad Fraud Risks for Advertisers(scenarios illustrated with examples)
October 2016 / Page 27marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
How many impressions do you want to buy?
Rectangular traffic patterns – turn bots on, turn bots off on demand
October 2016 / Page 28marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
http://www.olay.com/skin-care-products/OlayPro-X?utm_source=msn&utm_medium=cpc&utm_campaign=Olay_Search_Desktop
What premium sites do you want to buy from?
Click thru URL passes fake source “utm_source=msn”
buy eye cream online(expensive CPC keyword)
1. Fake site that carries search ads
Olay.com ad in #1 position
2. search ad served, fake click
Destination pagefake source declared
3. Click through to destination page
October 2016 / Page 29marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
How many clicks/sessions/views do you want?
click on links
load webpages tune bounce rate
tune pages/visit
“bad guys’ bots are advanced enough to fake most metrics”
October 2016 / Page 30marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
What click through rates are you shooting for?Programmatic display
(18-45% clicks from advanced bots)Premium publishers(0% clicks from bots)
0.13% CTR(18% of clicks by bots)
1.32% CTR(23% of clicks by bots)
5.93% CTR(45% of clicks by bots)
Campaign KPI: CTRs
October 2016 / Page 31marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
What is your target viewability?
Bad guys cheat and stack ALL ads above the fold to make 100% viewability.
Good guys have to array ads on the page – e.g. 50% or lower overall average viewability.
Fraud SitesGood Publishers
“100% viewability? Sure, no problem.”
AD
October 2016 / Page 32marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Need 0% NHT traffic? Or Middle East traffic?• “IntegralAdScience filtered traffic, she says,
can be monetized on any banner network from “the exchanges.”
• Pixalate filtered traffic, she says, can be monetized on any search feed.
• MOAT filtered traffic, she says, works well with video networks but not one in particular.”
Source: Shailin Dhar, Ad Fraud Researcher
October 2016 / Page 33marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Case Examples of Reducing Ad Fraud
October 2016 / Page 34marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Line item detail reveals obvious fraudLine item details
Overall average 9.4% CTR
“fraud hides easily in averages”
October 2016 / Page 35marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Once detected, we turn off specific referring source
102,231 sessions
0 sessions
goal event – no change
October 2016 / Page 36marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Advertiser increased ads served to humans, less to bots
• By systematically reducing spend to sites that had the highest incidence of bots, the advertiser increased ad impressions served to humans, and lowered those served to bots
October 2016 / Page 37marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Advertiser increased goal events by serving to humans
Period 1 Period 2 Period 3
20% confirmed humans30% confirmed humans
190k 5k
220k6k
280k 7k
total goal eventsaverage daily goals
10% confirmed humans
October 2016 / Page 38marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Advertiser turned off highly suspicious placements
.xyz domains suspicious mobile apps
October 2016 / Page 39marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Best Practices of Savvy Advertisers“don’t assume your agency took care of it”
• Challenge all assumptions – don’t assume someone else “took care of it.” Verify, by demanding detailed reports, because fraud hides easily in averages
• Check your Google Analytics - question anything that looks suspicious; more details that can reveal fraud and waste
• Corroborate measurements – measure different parameters together and see if they still make sense; reduce false positives or negatives
• Use conversion metrics – CPG client uses click-and-print digital coupons; pharma client uses doctor finder zip code searches, plus clicks to doctor pages; retailers use sales
October 2016 / Page 40marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
About the Author/Researcher
October 2016Augustine Fou, [email protected] 212. 203 .7239 (New York)
October 2016 / Page 41marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Dr. Augustine Fou – Recognized Expert on Ad Fraud2013
2014
SPEAKING ENGAGEMENTS / PANELS4A’s Webinar on Ad Fraud AdCouncil Webinar on Ad Fraud TelX Marketplace Live Panel on CybersecurityARF Audience Measurement / ReThinkIAB Webinar on Ad Fraud / Botnets AdMonsters Publishers Forum / OPSDMA Webinar – Ad Fraud & Measurement
2016
2015
October 2016 / Page 42marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Harvard Business Review – October 2015Excerpt:
Hunting the Bots
Fou, a prodigy who earned a Ph.D. from MIT at 23, belongs to the generation that witnessed the rise of digital marketers, having crafted his trade at American Express, one of the most successful American consumer brands, and at Omnicom, one of the largest global advertising agencies. Eventually stepping away from corporate life, Fou started his own practice, focusing on digital marketing fraud investigation.
Fou’s experiment proved that fake traffic is unproductive traffic. The fake visitors inflated the traffic statistics but contributed nothing to conversions, which stayed steady even after the traffic plummeted (bottom chart). Fake traffic is generated by “bad-guy bots.” A bot is computer code that runs automated tasks.