2. YouTube (Google)
Video ad impressions counted only if user does not click ―skip‖
With video ads you pay only when
someone chooses to watch your ad, so
you don't waste money advertising to
people who aren't interested in your
business.
Source: http://www.youtube.com/yt/advertise/why-it-works.html
-2-
Augustine Fou
3. Google
Google proactively filters invalid clicks, does not charge
The vast majority of all invalid clicks on AdWords ads are
caught by our online filters. These filters are constantly being
updated and react to a wide variety of traffic patterns and
indications of click fraud attacks. On average, invalid clicks
account for less than 10% of all clicks on AdWords ads. At
our current revenue run rate, the aggregate value of the clicks
that we've identified as suspicious or invalid and excluded
from what we've charged advertisers is in the hundreds of
millions of dollars.
Source: https://support.google.com/adwords/answer/2454071
-3-
Augustine Fou
4. Spider.io (Google)
Advanced technical analysis that detects fraudulent bot activity
We have previously shown how malware-driven traffic across websites costs display
advertisers millions of dollars per month [1]. We have also shown how easy it is to
generate this type of fake traffic—with fewer than 100 lines of C++ code [2]. In this
post we provide the first case study to show how a well known malware rootkit is
being used by cyber criminals today specifically to defraud online display advertisers.
The case study is a display advertising analogue of a click-fraud study by Miller et al.
[3].
In our investigations into the origins of malware-driven traffic across websites we
discovered a TDSS rootkit with dll32.dll and dll64.dll payloads. TDSS has been
described by Kaspersky as ―the most sophisticated threat today‖ [4]. In this post we
show how hijacked PCs controlled by these TDSS payloads impersonate real website
visitors across target webpages on which display ad inventory is being sold. We show
in this post how this fake traffic is being sold to publishers today through the ClickIce
ad exchange. We show further in this post that some unscrupulous publishers are not
just knowingly buying this fake traffic. They are in fact optimising their webpage
layouts for this fake traffic.
We recorded activity on a hijacked PC controlled by one of these payloads. We have
included this below.
Source: http://www.spider.io/blog/2013/12/cyber-criminals-defraud-display-advertisers-with-tdss/
-4-
Augustine Fou
5. WhiteOps
Advanced technical forensics to determine impact of bot actions
Mr. Tiffany said traffic fraud can be found not only on smaller
sites serving as shells to game ad exchanges, but on the domains
of premium publishers as well.
"What we do know is that it's not just a problem hiding out in the
long tail, it's not just a problem of bogus websites," he said.
"Bots have infiltrated traffic systems across the ecosystem and
end up at some premium, name brand publishers."
Source: AdAge - Premium Publishers Are Getting Victimized By Traffic Fraud, Too Feb 2014
-5-
Augustine Fou
6. Integral Ad Science
Brand safety via analyzing placements of ads
Source: Integral Ads
-6-
Augustine Fou
8. Solve Media
Human detection via CAPTCHAs; ad delivery to real humans
TYPE-IN™ ads:
Solve Media's proprietary TYPE-IN™
advertising guarantees your messaging
won't be ignored—because it can't be.
Our simple, effective and memorable
TYPE-IN™ advertising lets users type
in brand messages where they interact
on web pages and mobile apps—
replacing difficult CAPTCHAs,
allowing people to skip video pre-roll
ads, or unlocking access to valuable
mobile experiences. The result:
superior brand lift. Here's how:
-8-
• Guarantee engagement with your
message every time
• Deliver 1200% greater message
recall than banner ads
• Outperform comScore Brand
Lift norms by an average of 10X
across awareness, association,
favorability, and purchase intent
• Are performance-based, so you
only pay for true engagement.
Impressions that users don't
engage with are free
Augustine Fou
10. IAB Releases Best Practices
Best Practices For Reducing Traffic Fraud Risk Unveiled by IAB
Specific Strategies Recommended for Buyers, Publishers and Networks
To Identify False Traffic and Mitigate Its Adverse Effects, in New
Document Released for Public Comment
NEW YORK, NY (December 5, 2013) — Fraudulent traffic has reached
critical levels across the digital advertising ecosystem, and in response the
Interactive Advertising Bureau (IAB) and its Traffic of Good Intent Task
Force have released ―Best Practices – Traffic Fraud: Reducing Risk to
Exposure‖ to meet this challenge. Entering the public comment phase
today, the best practices explain how robotic traffic (aka ―bots‖) can
infiltrate legitimate publisher inventory. Accordingly, it provides premium
publishers and networks, as well as buyers, with specific
recommendations.
- 10 -
Augustine Fou
11. LinkedIn Sues John Doe
Professional social networking site LinkedIn has filed a federal lawsuit against ten unspecified
individuals over the use of bots that stole personal data from the profiles of hundreds of thousands of
users.
According to the suit, which was filed Monday in the Northern California federal district court, the bots
were used to register thousands of fake LinkedIn accounts for the purpose of mining data from
legitimate accounts – a process known as scraping, which is prohibited by LinkedIn‘s user agreement.
The court documents also claim the fraudulent activity, which began last May, breaks state and federal
computer security laws as well as federal copyright law.
―Since May 2013, unknown persons and/or entities employing various automated software programs
(often referred to as ‗bots‘) have registered thousands of fake LinkedIn member accounts and have
extracted and copied data from many member profile pages,‖ LinkedIn said in its complaint.
―This practice, known as ‗scraping,‘ is explicitly barred by LinkedIn‘s User Agreement, which
prohibits access to LinkedIn ‗through scraping, spidering, crawling, or other technology or software
used to access data without the express written consent of LinkedIn or its Members.‘‖
LinkedIn Sues ―John Doe‖ Hackers Who Created Fake Accounts to
Scrape Member Data Source: BusinessWeek Jan 2014
- 11 -
Augustine Fou
12. Microsoft Kills Zombie PCs
Armed with a court order and law enforcement help overseas, the team
took steps to cut off communication links to European-based servers
considered the mega-brain for an army of zombie computers known as
ZeroAccess.
Criminals for years had used the ZeroAccess "botnet," which combines
the power of more than 2 million hijacked computers—or bots—around
the world, to fraudulently bill some $2.7 million a month from online
advertisers, company investigators say.
Working With Law Enforcement, Microsoft Team Cuts Off
Servers for Zombie Computers Source: WSJ Dec 5, 2013
- 12 -
Augustine Fou
13. Spider.io Kills Chameleon Botnet
Chameleon Botnet
Date of discovery: 28 February, 2013
Known as: Chameleon Botnet
Discovered by: spider.io
Activity identified: Botnet emulates human visitors on select websites causing billions of display ad impressions to be served to the
botnet.
Number of host machines: over 120,000 have been discovered so far
Geolocation of host machines: US residential IP addresses
Reported User Agent of the bots: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0) and Mozilla/5.0
(compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Proportion of traffic that is botnet traffic from IP addresses of host machines: 90% (diluted by gateway IPs)
Number of target websites across which the botnet operates: at least 202
Proportion of traffic across the target websites that is botnet traffic: at least 65%
Number of ad impressions served to the botnet per month: at least 9 billion
Number of distinct ad-exchange cookies associated with the botnet per month: at least 7 million
Average click-through rate generated by the botnet: 0.02%
Average mouse-movement rate generated by the botnet: 11%
Average CPM paid by advertisers for ad impressions served to the botnet: $0.69 CPM
Monthly cost to advertisers of ad impressions served to the botnet: at least $6.2 million
Spider.io Stops Chameleon Botnet, which ―emulates human visitors on
select websites causing billions of display ad impressions to be served.‖
Source: Spider.io March 2013
- 13 -
Augustine Fou
14. What They Do /
Detection Vectors
- 14 -
Augustine Fou
15. Remote Fraud Detection
Advanced technical analysis of HOW fraud is
committed via compromised PCs, malware/spyware,
browser toolbars, browser daemons, rootkits, javascript
agents, etc.
- 15 -
Augustine Fou
16. Placement/Viewability
Technology platforms to analyze the placement of ads
on dimensions like viewability, brand safety, suspicious
activity (fraudulent views or clicks).
- 16 -
Augustine Fou
17. Non-human Visitors
Technology and techniques to detect non-human (bot)
visits to a site and loading of ads; solutions to save
advertisers money (pay only when it is proven human,
don‘t pay when human does not stay to see ad).
- 17 -
Augustine Fou
19. Blacklisting Sites
Value
Exclude sites from
serving your ads
- 19 -
Caveat
For every site excluded,
bad guys put up more
(because they don‟t have
to play by the rules).
Augustine Fou
20. Enforcing Viewability
Value
Caveat
Only pay for ads which
are viewable (i.e. above
the-fold)
Bad guys can defeat
―viewability‖ by stuffing ads
in hidden layers, all ―abovethe-fold”
Source: Spider.io May 2, 2013
- 20 -
Augustine Fou
21. Bot Detection
Value
Caveat
Good guys use algorithms
to detect unusual
behaviors indicative of
bots (rather than humans)
It‘s an arms race between
good and bad; bots are more
sophisticated and can fake
mouse movements and keep
cookies.
Source: Spider.io March 2013
- 21 -
Augustine Fou
22. Using CAPTCHAs
Value
Caveat
Captchas deter bots from
filling in forms and stealing
content and cookies.
Some bots can now solve some
captchas, most captchas don‘t
protect content pages.
Source: Solve Media Dec 31 2013
- 22 -
―Startup called Vicarious
automatically solves
CAPTCHAs.‖ Oct 2013
http://bit.ly/1bFo9lZ
Augustine Fou
23. “The above countermeasures are all good, and
advertisers should continue using them. But they are
not enough. If the good guys fight the fight individually,
there is little chance they can overcome the entire
ecosystem of the bad guys. The good guys need to band
together into their own ecosystem and put the bad guys
on a „digital ad fraud equivalent to the National Sex
Offenders Registry‟.”
-- Dr. Augustine Fou
- 23 -
Augustine Fou
24. Ad Fraud Forensics Process
Preliminary Scan
Sizing of
ad fraud
Forensic Analysis
Maintenance
• Technology Tools
• Statistical analysis
• Budget shifts
• Further optimization
Implementation
FREE
$$$
Preliminary analysis of
paid campaigns and
analytics to determine
magnitude of the ad
fraud impacting client.
Creating recommended
list of changes,
including list of sites to
exclude in each ad
channel.
- 24 -
$
Subscribe to triangulated,
cross-industry database of
―ad fraud offenders‖ to
continuously update
blacklists and whitelists.
Augustine Fou
25. Prioritizing Actions
30%
40%
30%
- 25 -
targeting
improving
optimization
delivery
viewability
bots /not seen by humans
waste
reduction
Augustine Fou
26. Low Hanging Fruit
The most immediate, direct impact on ROI comes from reducing waste
25% On-Target Delivery
(Nielsen)
54% Not In View
(comScore)
82% Ignored
(Harris Interactive)
23% Ad Blocked
(PageFair)
24 – 29% confirmed bot
(Solve Media)
- 26 -
Augustine Fou
27. Dr. Augustine Fou – Digital Forensics
“I advise clients on optimizing
advertising across all channels. Using
advanced technical forensic techniques
and custom tchnology tools, we detect
and mitigate ad fraud and waste.”
FORMER CHIEF DIGITAL OFFICER, HCG (OMNICOM)
MCKINSEY CONSULTANT
CLIENT SIDE / AGENCY SIDE EXPERIENCE
PROFESSOR AND COLUMNIST
ENTREPRENEUR / SMALL BUSINESS OWNER
PHD MATERIALS SCIENCE (MIT '95) AT AGE 23
ClickZ Articles: http://bit.ly/augustine-fou-clickz
Slideshares: http://bit.ly/augustine-fou-slideshares
LinkedIn: http://linkd.in/augustinefou
- 27 -
@acfou
Augustine Fou
28. Related Articles
ROI Case for Solving Ad Fraud
By: Augustine Fou January 2014
Fake YouTube Videos
By: Augustine Fou, December 2013
Digital Ad Fraud Briefing
By: Augustine Fou December 2013
Motive and Opportunity for Ad Fraud
By: Augustine Fou, February 2014
How Display Fraud Works
By: Augustine Fou, May 2013
Fake Facebook Profiles
By: Augustine Fou, Dec 2013
How Click Fraud Works
By: Augustine Fou, November 2013
Fake Twitter Accounts
By: Augustine Fou, August 2013
The Magnitude of Digital Ad Fraud
By: Augustine Fou, November 2013
Display Fraud 101 (video)
By: Augustine Fou, Feb 2014
- 28 -
Augustine Fou