Ad fraud is at an all-time high and remains one of the most profitable criminal enterprises in the world, generating tens of billions of dollars a year.
That’s the view of Dr Augustine Fou, cybersecurity and ad fraud researcher who this morning released a Slideshare presentation on LinkedIn describing the state of digital ad fraud in 2018.
He says the reality is not as rosy as some industry bodies would have us believe.
Ad fraud is a scam where agencies and brands are tricked into paying for fake traffic and leads. As many ad tech platforms take a piece of the transaction there is a lingering suspicion that they lack the necessary financial incentives to really mitigate against fraud.
- Upcoming: Which-50 will be featuring a Cover Story on ad fraud next week
Meanwhile, the official representatives of adtech sector often have a very different view of the extent of ad fraud compared to the specialist ad fraud consultants.
The Interactive Advertising Bureau Australia recently released a report downplaying the existence of ad-fraud in the Australian advertising market, claiming only 4 per cent of digital ads were fraudulent, to the extent it told Mumbrella that it was almost “non-existent”.
Dr Fou says that number is ‘not even close’ to reality. It is not that fraud is low, it is just that bot detection technology is failing to pick up on most of it.
The researcher says ad fraud is at an all time high and is one of the most profitable criminal enterprises in the world, generating tens of billions of dollars a year. Juniper Research puts the figure at $US44billion by 2022.
The rise of smart mobility as the content consumption platform of choice is compounding the problem.
Mobile devices are more susceptible to ad-fraud than desktop display because it is easier to commit and less detectable, Fou says.
‘Bad apps’ are capable of loading more impressions in the background without users even being aware.
“Mobile apps like rogue flashlight apps can load thousands of ads in the background even when not in use, and that doesn’t involve a lot of bots hitting web pages,” says Dr Fou. “This gets by all fraud detection that are tuned to look for bots hitting websites.”
“They can also simply create fake mobile devices using software like mobile emulators, and scale by the millions,” he says. “Much easier than trying to get malware on real mobile devices.”
Last year Google tossed out more than 40 apps from its Play Store that had been forcing Android users to click on ads. The apps had been downloaded up to 36 million times, in what it claims was one of the biggest cases of ad fraud perpetrated via Google Play “and probably the most successful malware in terms of installs from the official store” according to Forbes.
Another form of fraud that has been around for a long time are pop-unders and page redirects.
“What if the web pages themselves misbehave and redirect to other pages in infinite loops,” he says.
“Again, this does not involve a ton of bots hitting web pages and is therefore missed by the bot detection companies. An example of a service that sells this kind of redirect traffic is proudly selling 125 billion page redirects, (equivalent to pageviews), per month. This is larger than all the mainstream publishers’ sites page views per month put together. Talk about ad dollars being stolen out of the digital ad ecosystem.”
Perhaps his most controversial view, however, is that most participants in the digital advertising supply chain do not want the fraud to stop because they have made too much money.
“Even the marketers have a motive to cover it up – after all, it would be embarrassing for a marketing manager to admit to his or her boss that the millions of dollars of digital ad budget which they approved were actually given to cyber criminals and drove no business outcomes,” he says.
The researcher says ad-fraud is one of the worst-kept secrets in the industry.
“Everyone knows about ad fraud, but most still think it doesn’t affect them or they are actively trying to cover it up.”