Digital Ad Fraud Briefing by Augustine Fou 1H 2014

3. Augustine Fou- 3 - Background

4. Augustine Fou- 4 - “Digital ad fraud is well known and well documented. However, the magnitude of it may not yet be well understood. Furthermore, ‘industry constituencies [may be] insufficiently motivated’ (Source: IAB) to act ferociously to deter and reduce these fraudulent activities.” -- Dr. Augustine Fou LinkedIn Post: The Three Reasons Ad Fraud Seems So Overwhelmingly Large Now

5. Augustine Fou- 5 - Why Now? “As more ad inventory is bought and sold programmatically on ad exchanges, bad guys are finding it far easier to commit fraud because few agencies and advertisers actually check in detail the hundreds of thousands of sites on which the ads are run. It’s easier to hide in a far larger haystack.” -- Dr. Augustine Fou

6. Augustine Fou- 6 - As more digital ads are placed entirely programmatically, the opportunity for fraud continues to increase. The Opportunity

7. Augustine Fou- 7 - The Motive “Highly Lucrative, Profitable The aggregate ad revenue for the sample of 596 sites was an estimated $56.7 million for Q3 of 2013, projecting out to $226.7 million dollars annually, with average profit margins of 83%, ranging from 80% to as high as 94%.” Source: Digital Citizens Alliance Study, Feb 2014

8. Augustine Fou- 8 - Digital Ad Spend (IAB FY 2013) Impressions (CPM/CPV) Clicks (CPC) Leads (CPL) Sales (CPA) Search 43% $18.5B Video 7% $3.0B Lead Gen 4% $1.7B 11% Other $4.8B Source: IAB, FY 2013 Internet Advertising Report, April 2014 $36.2B Display 19% $8.2B Mobile 15% $3.7B$2.8B NOTE: figures from IAB FY 2013 ($43B annual ad spend) CPM Performance • classifieds • sponsorship • rich media • email $6.5B

9. Augustine Fou- 9 - Digital Ad Fraud Estimates Impressions (CPM/CPV) Clicks (CPC) Search $18.5B $36.2B Ad Spend Display $8.2B Video $3.0B Mobile $3.7B$2.8B (U.S. digital ad spend only) DollarsAvg Fraud Rate $4B50%Display $2B60%Video $6B30%Search $2B40%Mobile $14BTOTALS 39% Multiple sources, see Appendix

10. Augustine Fou- 10 - Ad Fraud Ranges • Display ad fraud fake ad impressions created by bots • Video ad fraud fake video ad views generated by bots • Mobile ad fraud fraudulent or accidental clicks • Search ad click fraud click fraud on search ads 30-70% 50-80% 20-40% $2-6B $1-2B $4-8B (U.S. Only) 30-50% $2-3B 50% 60% 30% 40% Range DollarsAverage

11. Augustine Fou- 11 - How Impression (CPM) Ad Fraud Works

12. Augustine Fou- 12 - 19 blocked ads on page Bad Guys Put Up Sites site = analyzecanceradvice .com site = missomoms.com

13. Augustine Fou- 13 - Load Tons of Ads on Pages http://interiorcom plex.com/ http://modernbab y.com/

14. Augustine Fou- 14 - Load Ads in Hidden iFrames Augustine Fou- 14 - Source: Spider.io May 2, 2013 Ads are hidden in up to 72 layers Entire web pages are loaded into ad iframes to boost impressions Multiple redirects and auto page refreshes

15. Augustine Fou- 15 - Fake their “Viewability” Augustine Fou- 15 - Source: Spider.io May 2, 2013 Ads are above the fold of the page But their pixel opacity can be set to zero (invisible) Entire web pages stuffed into ad iframe; ads counted as viewable

16. Augustine Fou- 16 - Use Bots to Load the Pages Source: Wired Source: Google Digital Attack Map

17. Augustine Fou- 17 - Sell Impressions on Exchanges “Modernbaby.com and Interiorcomplex.com Each of these sites peddles enormous traffic on the exchanges. For example, on a recent day Modern Baby was offering 19 million impressions via one exchange (quite the baby boom) and Interior Complex 30 million [ad impressions PER DAY] (the roaring housing market must be back).” Source: Adweek – Suspicious Web Domains Cost Online Ad Business $400m per Year By Mike Shields

18. Augustine Fou- 18 - Where Fake Impressions Come From Source: Integral Ad Science, via BusinessWeek Nov 26, 2013 Ad exchanges are particularly prone to fraud because shady sites sell enormous quantities “ad impression inventory” into the exchanges for re-sale.

19. Augustine Fou- 19 - Impression (CPM) Ad Fraud Sizing

20. Augustine Fou- 20 - Display Ad Impressions • By far, the easiest to commit – fill a web page with many display ads and repeatedly load the page with scripts or bots • Clients pay on CPM basis and are usually goaled on the number of impressions delivered and CPM 30 – 75% fraudulent, not-in-view, adblocked IAB: FY 2012 Display Ad Spend = $7.7B

21. Augustine Fou- 21 - Nearly 62% bot39% human 61% bot traffic Bot Traffic Estimates Source: Incapsula 2013 Source: Solve Media Dec 31 2013 51% suspicious 22-29% confirmed bot

22. Augustine Fou- 22 - Viewability of Display Ads Source: Integral Ad Science Sept 2013 via MarketingCharts Publisher direct is best and lowest risk

23. Augustine Fou- 23 - 23% of Users Use Adblockers Source: PageFair, August 2013 Average Adblocking Rate 22.7%

24. Augustine Fou- 24 - 100 million impressions - 36% bogus impressions Source: WSJ One-Third of Traffic is Bogus 64 million impressions - 54% not-in-view Source: comScore June 2013 29 million impressions - 23% ad-blocked by user Source: PageFair, August 2013 22 million impressions $0.50 CPM productive 4.5x higher effective cost

25. Augustine Fou- 25 - Video Ad Impressions • Advanced bots are programmed to load video ads and wait till they are counted as “views” before leaving the page • Video ads have 10x the CPM compared with display ads, and are therefore a prime target for ‘bad guys’ 50 - 77% fraudulent, autoplay, wasted, not-in-view eMarketer: Digital Video Ad Spend est. $4B in 2013 Source: Vindico via Adweek, December 15, 2013

26. Augustine Fou- 26 - Video Ad Views Exploded Source: comScore, Jan 2014 via MarketingCharts Dec 2013 35.2B video ads per month

27. Augustine Fou- 27 - Digital Video Ad Spend Source: eMarketer, May 2013 Digital video ad spend continues to rise rapidly as more TV ad dollars shift to digital. Because video CPMs are so much more lucrative, it is more lucrative for bad guys too.

28. Augustine Fou- 28 - Video Ads Are Lucrative Video ad CPMs are $8 - $12, which means they are more than 10X more lucrative than display or mobile ads. Source: Turn, Inc. October 2013

29. Augustine Fou- 29 - A new study [download page] from VideoHub indicates that during the first quarter, average viewability for online video ads in the US was 83%, although rates varied widely among properties, from 43% on the low end to 94% on the high end. Broadcast TV sites fared best (89% on average) among property categories, with networks and exchanges (73%) bringing up the rear. Video Ad Viewability Source: VideoHub August 2013 via MarketingCharts

30. Augustine Fou- 30 - 500 billion display ad impressions /mo Impression (CPM) Fraud 29% confirmed bot traffic ~$1 - $3.50 cost per thousand $2-6 billion wasted ad spend (annualized) Display Ads 35 billion video ad impressions /mo 40% estimated fraudulent views ~$8 - $12 cost per thousand $1-2 billion wasted ad spend (annualized) Video Ads Source: Vindico, 2013Source: Solve Media 2013

31. Augustine Fou- 31 - How Search (CPC) Click Fraud Works

32. Augustine Fou- 32 - Choose Expensive Keywords homemadesimple.comolay.com “cosmetic face lift” $10.84 CPC “residential home cleaning” $9.95 CPC > 100,000 monthly searches avg position 1 – 10 sort by highest avg CPC Source: iSpionage Nov 2013

33. Augustine Fou- 33 - Biggest PPC Spenders Insurance est. Spending: - Statefarm.com - $46M /yr - Geico.com - $44M - Progressive.com - $34M - Esurance.com - $28M - Allstate.com - $25M - USAA.com - $21M Retailers est. Spending: - Walmart.com - $48M /yr - Sears.com - $18M annually - Macys.com - $11M per year - JCPenney.com - $9.6M CPCs range from $15 - $63 Many CPCs from $60 - $78

34. Augustine Fou- 34 - Bots Type Search Term buy eye cream online healthsiteproduc tionalways.com

35. Augustine Fou- 35 - Bots Click Search Ad Olay.com ad in #1 position

36. Augustine Fou- 36 - Redirect Link(s) Known blackhat technique to hide real referrer and replace with faked referrer. SIX (6) redirects before ending on the landing page See how-to: http://www.blackhatworld.com/ blackhat-seo/cloaking-content- generators/36830-cloaking- redirect-referer.html

37. Augustine Fou- 37 - Pass Fake URL Trackers Click thru URL passing fake source http://www.olay.com/skin- care-products/OlayPro- X?utm_source=msn&utm _medium=cpc&utm_camp aign=Olay_Search_Deskto p_Category+Interest+Prod uct.Phrase&utm_term=eye %20cream&utm_content= TZsrSzFz_eye%20cream_ p_2990456911

38. Augustine Fou- 38 - Search (CPC) Click Fraud Sizing

39. Augustine Fou- 39 - Search Ad Clicks • Search ad fraud is a bit more involved to commit and usually occurs on “search partner” sites (not the main search sites) • Bad guys set up sites with no content, execute searches with lucrative keywords, and click the ads with bots 20 - 40% fraudulent, accidental, wasted Source: Adometry Click Fraud Report 1H 2013 IAB: FY 2012 Search Ad Spend = $16.8B

40. Augustine Fou- 40 - Click Fraud by Qtr Source: ClickForensics 2011

41. Augustine Fou- 41 - Bot Clicks vs Humans Humans actually click on buttons and menu items (mouse moves and clicks) Bots don’t bother disguising their click locations and don’t show mouse traces. Source: Spider.io Feb 2013

42. Augustine Fou- 42 - What Bots on Page Look Like Demo: http://actupon.tv/webspy/

43. Augustine Fou- 43 - Before and After 18% of spend shifted from fraudulent websites to “top 5” good guys BEFORE Top 2 “good guys” = 76% AFTER Top 5 “good guys” = 94%

44. Augustine Fou- 44 - More Examples of Bad Guy Sites

45. Augustine Fou- 45 - Other Bad Guy Domains http://analyzecanceradvice .com http://analyzecancerhelp .com http://bestcanceropinion .com http://bestcancerproducts .com http://bestcancerresults .com http://besthealthopinion .com http://bettercanceradvice .com http://bettercancerhelp .com http://betterhealthopinion .com http://findcanceropinion .com http://findcancerresource .com http://findcancertopics .com http://findhealthopinion .com http://finestcanceradvice .com http://finestcancerhelp .com http://finestcancerresults .com http://getcancerproducts .com 36,000+ more sites like these, designed to show search ads and self-click on them to siphon CPC revenue

46. Augustine Fou- 46 - Screen Shots of Sites Alexa [no data] Compete [no data] Quantcast [no data]

47. Augustine Fou- 47 - Identical Template Sites http://picturesandbox.com/screengrab/grid.php

48. Augustine Fou- 48 - Hundreds of Identical Sites Source: more screen captures http://picturesandbox.com/screengrab/grouped.php

49. Augustine Fou- 49 - Affiliate Sales (CPA) Revenue Share Fraud

50. Augustine Fou- 50 - Affiliate Sales Fraud http://www.businessinsider.com/ebay-the-fbi-shawn-hogan-and-brian-dunning-2013-4

51. Augustine Fou- 51 - Algo-generated Pages Source: http://www.highdefdigest.com/tags/s how/Seiki_Digital Characteristics: • typically blog platform • keywords optimized for each post to attract organic traffic • content plaigiarized from press releases and other sites • stuffed with display ads, affiliate links or link bait

52. Augustine Fou- 52 - Not Human-Readable Characteristics • Auto-generated by bots, stuffed with search keywords • To attract organic search traffic • Not human readable (low instance of natural phrases) • Stuffed with affiliate links and display ads

53. Augustine Fou- 53 - Affiliate Links on Page http://www.amazon.com/exec/obidos/ASIN/B00BXF7I9M/panandscathed-20 http://www.tigerdirect.com/applications/SearchTools/item- details.asp?EdpNo=7674736&SRCCODE=LINKSHARE&cm_mmc_o=- ddCjC1bELltzywCjC- d2CjCdwwp&utm_source=Linkshare&utm_medium=Affiliate&utm_campaign=TnL5H PStwNw&AffiliateID=TnL5HPStwNw-Hc5zkpsnZO2pj1vg.2uttw

54. Augustine Fou- 54 - Other Sites Using Same Affiliate ID Source: http://reverseinternet.com/amazon- affiliate/panandscathed-20 Source: http://sameid.net/amazon-aff/panandscathed-20/

55. Augustine Fou- 55 - Affiliate Rev Shares Camera rev shares: $25 - $78 Computer $15 - $28 Electronics $13 - $56

56. Augustine Fou- 56 - Prime Targets for Fraud Source: Ben Edelman Since 2004, I've been tracking and reporting all manner of rogue affiliates -- using spyware and adware to cover competitors' sites; using trickier spyware and adware to claim commission on merchants' organic traffic; typosquatting; stuffing cookies through invisible IFRAME's and IMG's, banner ads, and even hacked forum sites; and the list goes on.

57. Augustine Fou- 57 - Other Forms of Digital Fraud

58. Augustine Fou- 58 - Lead Fraud ~ 20-40% http://www.webranking.com/blog/lead-click-fraud-adsense-scam- google-adwords-advertisers

59. Augustine Fou- 59 - Current Industry Initiatives

60. Augustine Fou- 60 - Industry Players Solve Media Using CAPTCHAs to detect humans versus bots. Global Bot Traffic on Pace to Waste Up to $9.5 billion in 2013 Ad Budgets. Sep 2013 Spider.io Nielsen/IAB Algo detection of bot-like activity and other malware. Botnet Costing Display Advertisers $6 Million per month. Feb 2013 Industry working group to define ad viewability. Viewable rates (of display ads) ranged from 14% to 79%. IntegralAds (AdSafe) Verify ad placement against blacklist of known fraudulent websites. Viewable rates (of display ads) ranged from 14% to 79%. DoubleVerify Ad placement, behavioral compliance, fraud detection PageFair Ad blocking detection WhiteOps Realtime bot detection algorithms

61. Augustine Fou- 61 - Digital Ad Fraud Countermeasures

62. Augustine Fou- 62 - Blacklisting Sites Value Exclude sites from serving your ads Caveat For every site excluded, bad guys put up more (because they don’t have to play by the rules).

63. Augustine Fou- 63 - Enforcing Viewability Source: Spider.io May 2, 2013 Value Only pay for ads which are viewable (i.e. above the-fold) Caveat Bad guys have already defeated “viewability” by stuffing ads in hidden layers, all above-the-fold.

64. Augustine Fou- 64 - Detecting Bot Traffic Source: Spider.io March 2013 Value Good guys use algorithms to detect unusual behaviors indicative of bots (rather than humans) Caveat It’s an arms race between good and bad; bots are more sophisticated and can fake mouse movements and keep cookies.

65. Augustine Fou- 65 - Using CAPTCHAs “Startup called Vicarious automatically solves CAPTCHAs.” Oct 2013 http://bit.ly/1bFo9lZ Value Captchas deter bots from filling in forms and stealing content and cookies. Caveat Some bots can now solve some captchas, most captchas don’t protect content pages. Source: Solve Media Dec 31 2013

66. Augustine Fou- 66 - “The above countermeasures are all good, and advertisers should continue using them. But they are not enough. If the good guys fight the fight individually, there is little chance they can overcome the entire ecosystem of the bad guys. The good guys need to band together into their own ecosystem and put the bad guys on a ‘digital ad fraud equivalent to the National Sex Offenders Registry’.” -- Dr. Augustine Fou

67. Augustine Fou- 67 - Assumptions No Longer Valid 1. bots can’t fake mouse movements and webpage scrolling - they can easily now 2. captchas can only be solved by humans - bots can solve them too now 3. it requires malware infected computers to commit ad fraud - bad guys can set up hundreds of thousands of server instances to simulate users without having to infect any computers with malware 4. malware can be caught by virus software when installed - some malware does not need to be installed, they are carried along with the code of a toolbar, plugin, extension, etc. or can be asynchronously introduced later via updates (especially when user has permitted auto-updates)

68. Augustine Fou- 68 - Assumptions No Longer Valid 5. if a correct bid record is passed it should be a human user - bots can easily send fake information to simulate being a user (e.g. cookies, referrer, search query, characteristics of the computer and browser, etc.) 6. fraudulent traffic is a small portion of legitimate human traffic -- bot traffic is far larger than actual human traffic. This comes from both “legitimate” sources like Google crawlers or “site up status checkers” and “illicit” sources like server-side scripts, browser side scripts, browser extensions and plugins, and other malware.

69. Augustine Fou- 69 - Techical Forensics

70. Augustine Fou- 70 - Dr. Augustine Fou – Digital Consigliere “I advise clients on optimizing advertising across all channels. One main area of focus is reducing ad waste due to fraud – fake impressions, clicks, leads, and sales.” FORMER CHIEF DIGITAL OFFICER, HCG (OMNICOM) MCKINSEY CONSULTANT CLIENT SIDE / AGENCY SIDE EXPERIENCE PROFESSOR AND COLUMNIST ENTREPRENEUR / SMALL BUSINESS OWNER PHD MATERIALS SCIENCE (MIT '95) AT AGE 23 @acfou ClickZ Articles: http://bit.ly/augustine-fou-clickz Slideshares: http://bit.ly/augustine-fou-slideshares LinkedIn: http://linkd.in/augustinefou

71. Augustine Fou- 71 - Related Articles Fake YouTube Videos By: Augustine Fou, December 2013 Fake Linkedin Profiles By: Augustine Fou, December 2013 Fake Facebook Profiles By: Augustine Fou, Dec 2013 Fake Twitter Accounts By: Augustine Fou, August 2013 An Ecosystem of Digital Ad Fraud By: Augustine Fou, October 2013 Augustine Fou- 71 - Digital Ad Fraud Briefing By: Augustine Fou December 2013 Ad Fraud Fighting Techniques By: Augustine Fou October 2013 How Display Fraud Works By: Augustine Fou, May 2013 How Click Fraud Works By: Augustine Fou, November 2013 The Magnitude of Digital Ad Fraud By: Augustine Fou, November 2013

72. Augustine Fou- 72 - Low Hanging Fruit The most immediate, direct impact on ROI comes from reducing waste 23% Ad Blocked (wasn’t shown) (PageFair) 54% Not In View (not seen) (comScore) 24 – 29% confirmed bot (Solve Media) 25% On-Target Delivery (Nielsen) 82% Ignored (not relevant) (Harris Interactive)

73. Augustine Fou- 73 - Digital Ad Forensics Process Sizing of ad fraud Forensic AnalysisPreliminary Scan Implementation Augustine Fou- 73 - • Technology Tools • Statistical analysis Maintenance Preliminary analysis of paid campaigns and analytics to determine magnitude of the ad fraud impacting client. FREE Creating recommended list of changes, including list of sites to exclude in each ad channel. $$$ Subscribe to triangulated, cross-industry database of “ad fraud offenders” to continuously update blacklists and whitelists. $ • Budget shifts • Further optimization

74. Augustine Fou- 74 - Fraud Fighting Techniques • Blacklisting fake websites by URL/domain • Whitelisting legit publisher sites by domain • Detecting bot traffic and known botnet addresses • Scanning sites for malware (Google hosts list) • Bot flag on bid records • Real time rejection of fraudulent ad impressions • Revised traffic numbers based on audience overlap

Digital Ad Fraud Briefing by Augustine Fou 1H 2014

Vous êtes en train de lire un aperçu.

Consultez-les par la suite

Digital Ad Fraud Briefing by Augustine Fou 1H 2014

Plus De Contenu Connexe

Diaporamas pour vous (20)

Similaire à Digital Ad Fraud Briefing by Augustine Fou 1H 2014 (20)

Plus par Dr. Augustine Fou - Independent Ad Fraud Researcher (19)

Plus récents (20)