Tag: fraud

The Disappointing Mixed Blessing of Internet Advertising

 

The Disappointing Mixed Blessing of Internet Advertising

 

A recent article on the internet illustrates the problem with online advertising. The story goes like this:

“Ron” has been in the field of marketing for many years. He has lots of very high quality experience, has been in charge of very sophisticated ad campaigns, and has been responsible for spending hundreds of thousands of ad campaign dollars.

Back in those early days, TV was always at the top of the pyramid for ad-dollar effectiveness. Ron explains it this way:

“A TV campaign was like the Air Force. If you wanted to get your message out, you did carpet bombing with TV ad campaigns.”

But, Ron says that it wasn’t cheap. But the even bigger problem was that you could never be sure which ads were working and which ones weren’t.

Several years ago, shortly after Google went public and Yahoo! was still flying high, technology started changing advertisers’ attitude. These advertisers began to suspect that digital search and display ads could be used to reach TV-size audiences for a fraction of the price. Ron says, “People thought it was going to change everything.”

This euphoria continued to grow until around 2010 came the arrival of programmatic advertising, a term for what is, essentially, automation. The standard programmatic transaction works like this: A user clicks on a website and suddenly his/her internet address and browsing history are packaged and whisked off to an auction site. At that auction site, software, on behalf of advertisers, evaluates his/her profile (or sometimes an anonymized version of it) and decides whether to bid to place an ad next to that article.

Ford Motor, for example, was supposed to be able to put its ads on websites specifically targeted to car buffs, or, with the help of cookies, track them wherever they may be online.

Of course, this was a stunningly attractive proposition to advertisers… just like a surgically precise air strike is supposed to be (emphasize…’supposed to be’) Yes…it wasn’t very reassuring for privacy advocates but it appeared positively inspiring to anybody involved in advertising, i.e. agencies, publishers, and advertisers because finally….they’d know where every last dollar went and whether it did its job.

Ron now works at a major beer brand where he allocates a budget in the in the $150 million range. He was swept up in the optimism about what ‘digital’ would do for them when they introduced a new shape of beer bottle for their product.

Just a few years ago he and a group of managers with similar responsibilities met in New York for a presentation showing the performance of the online ads.

They were stunned at the information they received. Digital’s ROI was around 2 to 1. In other words, a $2 increase in revenue for every $1 of ad spending, compared with at least 6 to 1 for TV.

Even more startling was the revelation that only 20% of their ‘ad impressions’ (on computer or smartphones screens) were even seen by real people.

Ron says, “The room basically stopped. The managers were even worried about their jobs.” Someone even asked if was legal for online advertising companies to cheat like that.

But there was even some outrage at the revelation. Ron said, “It was like we’d been throwing our money to the mob. As an advertiser we were paying for eyeballs and thought that we were buying views. But in the digital world, you’re just paying for the ad to be served, and there’s no guarantee who will see it, or whether a human will see it at all.”

And that’s today’s online advertising reality. Yeah….increasingly, internet ad viewers aren’t human. A study done recently in conjunction with the Association of National Advertisers embedded several billion digital ads with special tracking code designed to determine who or what was seeing them.

To the chagrin of those who read the results of the report, 11% of display ads and almost 25% of video ads were viewed by software and not by real people.

According to the above referenced study, which was conducted by the security firm White Ops and is titled The Bot Baseline: Fraud In Digital Advertising, “…fake traffic will cost advertisers $6.3 billion this year.’

One Chrysler ad tracked in the study was a video spot that ran on Saveur.tv, a site catering to the food and travel lifestyle magazine industry. Only 2 %of the ad views registered as human (according to a person who was briefed on data provided to the study’s participants).

According to a Chrysler spokesperson, Chrysler does not dispute or discuss the data but did cease buying ads on Saveur once it became aware of the apparently fraudulent activity. Nor did the company with did the study comment although they were asked to.  

Executives at the firm of Bonnier, the publishing company behind Saveur.tv, claims that they screen every impression and that the only looked at 5,700 ads, a very small number. The executive also said that there are multiple methods for detecting non human traffic, and that there’s no single standard used by the industry.

“We weren’t aware of any problem or complaint. If it had been brought to our attention we would have fixed it,“ said the executive from Bonnier.

Does this sound like ‘plausible denial,?

Indeed, experts are increasingly recognizing that fake internet ad traffic has become a commodity to be manipulated and profited from by slick arbitration. There’s malware for generating it and brokers who sell it. It seems that some companies pay for it intentionally, others only accidentally, and yet even others simply look the other way and prefer not to ask where their traffic comes from.

The only slight positive about the situation is that it has spawned its own industry of countermeasures (which in turn inspire counter-countermeasures).

A media executive at a major food company said, “It’s like a game of whack-a-mole.” Consumers, meanwhile, are not only suffering the built-in cost of the ads but also don’t like them. That’s one reason why one of the top paid ads on iPhone is an ad blocker.

An ad industry veteran and prominent blogger was quoted as saying, “I can think of nothing that has done more harm to the Internet than ad tech. It interferes with everything we try to do on the Web. It has cheapened and debased advertising and spawned criminal empires.”

This same expert said, “Most ridiculous of all is that is that advertisers are further away than ever from solving the old which-part-of-my-budget-is-working problem. Nobody knows the exact number but probably about 50 percent of what you’re spending online is being stolen from you.”

Bonnier, the firm referred to above, is a 211-year-old Swedish media conglomerate but, like many traditional publishing companies, has struggled in its transition to the Internet era. It’s conundrum is how to generate digital revenue to offset declines in the print business is paramount.

For Bonnier and similar companies, video ads are particularly lucrative. For the last few years Bonnier has began to build videocentric sites for Saveur and several of its other titles, including Outdoor Life,Working Mother, and Popular Science.

About 50% of Saveur.tv’s home page is taken up by a player that automatically plays videos with simple kitchen tips with titles such as How to Stir a Cocktail: Step One: “Hold the spoon between pointer and middle finger …”). These videos were preceded by ads from Snapple and Mrs. Meyer’s household cleaning products.

The challenge for Bonnier has been how to build an audience. One way is to do it organically—by coming up with lots of content, promoting it until people start watching, persuading advertisers to buy in.

Or there’s the current, in-vogue, modern shortcut of simply ‘buying traffic’. And that’s where problems really start to compound for the consumer and the companies which are willing to pay for legitimate views by humans. 

One factor which makes this situation complicated is that ‘Buying traffic’ doesn’t necessarily mean it’s fake traffic. Publishers often pay to redirect human users from somewhere else on the Internet to their own sites, In fact, companies such as Taboola and Outbrain specialize in managing this kind of traffic.

Here’s how it works:

Website A hires Taboola, which pays Website B to put ‘content boxes’ at the bottom of its pages. Viewers, enticed by headlines on the content such as, “37 Things You Didn’t Know About Scarlett Johansson,” click on a box and are redirected to Website A.

But these redirects are expensive and studies show that typically only 2% of people on a site click on these boxes even though Website A still has to compensate Website B handsomely for giving up precious visitors.

The temptation for middle-men in the internet advertising industry is that less ethical methods are cheaper. Pop-ups, i.e. tiny browser windows that many people ignore, click to close, or perhaps even never see, are one way to inflate visitor count. Still, as soon as that window appears on your computer, you’re counted as someone who’s seen the ads.

An even more cost-effective technique for view purveyors is an ad bot…. Which also happens to be a lot cheaper for the view-seller too. The ad bot is malware that surreptitiously takes over the viewer’s computer and creates a virtual browser. This virtual browser is invisible to the computer surfer/owner but, unseen by them, it visits websites, scrolls through pages, and clicks links.

This is what ad purchasers don’t like. Even though they’re paying for the views, no one is actually viewing those pages. The views are strictly bot-generated. It’s just a software trick. Nevertheless, unless the bot is detected, it’s counted as a view by traffic-measuring services and bots working with thousands of hijacked computers working in concert can create a massive “audience”, and wasted ad expenditures, very quickly.

If you were spending a company’s ad budget, would you want to spend it on a program like this?

All a budding media mogul, whether a website operator or a traffic supplier, has to do to make money is understand arbitrage: Buy low, sell high. Their industry-specific art is making the fake traffic look real. To do this, they often spruce-up their websites with just enough content to make them appear authentic.

The problem for ad-buying entities and decision makers is that they frequently can’t differentiate between real views and bot bot views. Nor can the tell the difference between websites with fresh, original work, and sites camouflaged with stock photos and cut-and-paste articles.

Bonnier wasn’t that audacious (i.e. to use the bots). But even its own executives say the content on their video sites did not likely create and sustain much of an audience on its own. That’s why they often used several different traffic brokers, AKA ‘audience networks’, to generate views for their clients. 

Bonnier’s chief digital revenue officer, Sean Holzman, described the practice as ‘normal’ for big-time publishers, especially those rolling out new products. He said it’s considered normal because advertisers can’t be expected to bother with sites that don’t already have an audience.

He said further, “It was a test, a way to prime the pump and see if we could build these sites at this price point. You usually have to keep buying some traffic, because the audience you’re getting isn’t as sticky.”

It’s also common in the industry for publishers not to tell their advertisers when they’re buying traffic, and in most cases. Truth be told….Bonnier didn’t.

When advertisers asked (Bonnier), said their spokesman, the company was open about its buying traffic. The spokesman said there was no intent to deceive anyone and that, in fact, they even hired security firms to vet the sites for bots and were assured they were buying real human visitors.

But, the spokesman did admit that they weren’t paying top dollar for their traffic. He said that, among audience networks, there are some that are equatable to Toyota quality while others could be considered ‘Mercedes quality’. He said that their traffic was priced at the ‘Toyota level’.

One can only wonder whether a Mercedes quality advertiser would knowingly buy Toyota-quality advertising. Or…whether any have unwittingly done so.

The essence of the problem is that the traffic market is unregulated. Sellers range from unimpeachable to adequate to downright sleazy and price is part of the market’s code. The cheap stuff is very easy to find.

Even on supposedly ‘professional’ LinkedIn, there’s a forum called “Buying & Selling TRAFFIC.” On this forum, 1,000 “visitors” can be had for $1. Legit traffic is a lot more expensive.

Taboola, mentioned above, charges publishers from 20¢ to 90¢ per visitor for video content targeted to U.S. audiences on desktops only. A publisher like Bonnier can sell a video ad for 1¢ to 1.2¢ per view in a programmatic auction, which is how they sold most ads on their video sites. If Bonnier had gone with Taboola, it would likely have lost 19¢ per view or more.

Shortly after it started buying traffic, Bonnier’s numbers began to rise. In the summer of 2014, several of their video sites had almost zero visitors (according to ComScore). By December, Bonnier’s Saveur.tv had 6 million monthly visitors and WorkingMotherTV.com had 4 million… according to data provided by Bonnier. In May, Saveur’s traffic surged again with 9 million views claimed for Saveur.tv and 5 million for WorkingMotherTV.com.

Those numbers didn’t pass muster with at least one big ad firm: SiteScout. SiteScout aggregates and lists ad space for sale from more than 68,000 websites and says it blocks several of these new Bonnier sites for “excessive nonhuman traffic.”

Bonnier said it doesn’t work directly with SiteScout and was also unaware its video properties had been blocked.

Just recently, Bloomberg.com, a site related to Bloomberg Businessweek and also owned by Bloomberg LP, reported 24.2 million unique visitors in the U.S. in August. They say they purchased between 1-2% of their traffic from Taboola and Outbrain.

“In the past, we have engaged with a few other vendors,” says a Bloomberg global ad-spend executive, “but we weren’t confident in the quality of the audience, despite assurances from the vendor, and canceled those deals.”

Bonnier declined to specify its traffic suppliers but an analysis by SimilarWeb, a traffic-analysis firm, showed that most of their traffic arrived from a handful of identical-looking sites with names like Omnaling.com and Connect5364. com, each of which described itself as “an advertising network technology domain.”

Essentially these domains work like fire hoses, pumping traffic anywhere on the Internet. The domains are registered anonymously but have shared computer addresses with other sites, including one called Daniel-Yomtobian.com. It turns out that Daniel Yomtobian is the chief executive officer of a traffic supplier in Sherman Oaks, Calif., called Advertise.com.

When reached by phone, Mr. Yomtobian is gregarious and friendly and describes Advertise.com as an ad network that sells more than 300 million page visits each month to companies that want to boost their traffic. He said that among his customers is Bonnier, which, he says, mainly purchased his cheapest-possible traffic, including “tab-unders.”

Here’s how ‘tab-unders’ work:

Let’s say you’re watching a movie on Netflix. A tab-under opens up another window beneath the one playing your movie. Even though you may never see that new window, it still displays an Advertise.com customer’s website, thereby generating still another page view. Repeat a few thousand times, and you’ve got some big numbers and big dollars spent by advertisers.

Benjamin Edelman, a Harvard Business School professor  who specializes in the digital economy, said, “I’ve found Advertise.com selling every type of worthless traffic I am able to detect. And doing so persistently, for months and indeed, years.”

Yomtobian admits that tab-unders are “low-quality traffic” and that Bonnier, his customer, complained about that. But he says his firm checks the traffic of its supplying partners for bots and sends only real humans to the Bonnier websites. “We would never deliver traffic that we don’t think is real,” he says.

Yomtobian similarly disputes Edelman’s claims that Advertise.com’s traffic is worthless. After all, he says, people sometimes do see tab-unders and click on them. “There is a huge distinction,” he says, “between worthless traffic and low-quality traffic.”

You’ve probably never visited MyTopFace.com. It’s a cosmetics advice website that sells ad slots for anywhere from 73¢ to $10 per 1,000 views, and whose video ads fetch far more money than display ads according to SiteScout.

As of early September, the top story on MyTopFace was an article with an accompanying video called “Smokey Eye Makeup—Kim Kardashian Look  The only problem is that the video was at least 5 months old.

In the industry, this is called, ‘stale content’. It is regarded as one of the worst ways to attract readers. But… if the readers are bots, it doesn’t matter. So MyTopFace could have made as much as $9 for every 1,000 visitors, assuming it kept costs close to zero and was able to acquire traffic at a rate of $1 per 1,000.

In its investigation into this situation, after more than a dozen e-mails and phone calls, the operator of MyTopFace agreed to meet with Bloomberg Businessweek.

The operator introduced himself as Boris Boris and said he’s 28, and also admiteed that a number of his network’s sites are registered under other names which he declined to reveal. On a warm September afternoon, he shows up at a trendy Flatbush Avenue cafe, wearing a pair of brown, tortoiseshell glasses and sports a goatee with a waxed, handlebar mustache, along with his wife and one month old son.

Boris has a very interesting story about he found opportunity in the digital advertising industry in America:

Boris say he was born in eastern Ukraine and made it to the U.S. where a Russian-owned business in New York heard about his Internet marketing skills through the émigré grapevine, hired him, and got him a visa.

After a few months of fine-tuning, he helped a Brooklyn meat processor’s website reach the top of Google searches for certain competitive keywords. After this, Boris says, “They were happy, and I knew I could stay. And I knew that I could find success in the USA, too.”

But Boris soon realized that the real opportunities in Web advertising lay elsewhere. He struck out on his own and in less than five years, hehad built a mini publishing empire, Boris Media Group, a feat accomplished largely through the acquisition of cheap—and, often, fake—traffic.

Wow…what a country! Right?

In addition to MyTopFace, his portfolio includes several low-maintenance properties, such as MaryBoo.com, which offers health and beauty tips to pregnant women. His LinkedIn profile says his sites combine to reach more than 10 million viewers daily, which would get him in four days what the Los Angeles Times gets in a month.

Boris’s traffic numbers are difficult to verify and, as stated above, he declined to provide a full list of his websites. But for much of the summer, MyTopFace offered from 30,000 to 100,000 ad impressions for sale each day, according to SiteScout.

During his interview, he freely admited that he buys many of the visitors to his websites. He said that he spends about $50,000 per year buying high-quality traffic for MyTopFace from Facebook (nothing wrong there—you create an account for your business and then pay Facebook to advertise in people’s news feeds).

And says he then spends another $50,000 or so on cheap traffic whose origin he isn’t so sure about. Facebook traffic is real people, and costs about 100 times more per visitor than the mysterious cheap traffic.

Bloomberg Businessweek asked two traffic-fraud-detection firms to assess recent traffic to MyTopFace and they agreed to do so on the condition that their names not be used.

One firm found that 94% of MyTopFace’s 30,000 visitors were bots. The other firm estimated the bot traffic at 74% but when asked to explain this finding, Boris didn’t dispute the findings or appear at all concerned. He said, “If I can buy some traffic and it gets accepted, why not?”

He also said that if advertisers don’t like his product, “they should go buy somewhere else. They want to pay only a little and get a lot of traffic and results. If they want all human traffic, they should go direct to the publisher and pay more.”

In a later e-mail, Boris explained his business differently. “Our network doesn’t buy traffic, we buy advertising that brings us traffic,” he wrote. His operation uses antibot filters, he said, and any advertiser that does find bot traffic can refuse to pay for it. Furthermore, (according to him) fraud would be impossible.

One prominent source of Boris’s advertising revenue is Myspace, the once-dominant social network. Myspace’s recent new owner, the ad-tech firm Viant, relaunched it in 2013 with a focus on video and has invested in many  Myspace exclusives which include custom-made video players that other sites can embed, much like YouTube’s.

When visitors went to MyTopFace.com, a Myspace player would pop up in the bottom right-hand corner of the screen upon which first an ad would show, followed by the editorial content… a 15-second video of a guy driving a car at night.

The guy-driving-at-night video, named Hitboy, was one of several videos put together by a Myspace employee to serve as placeholders, according to Viant.

These videos appear whenever Myspace blocks a site from showing its actual video content, which according to Myspace might happen if the site violates Myspace’s terms or conditions or if Myspace loses the rights to show a video that had been featured.

But the Myspace placeholders are still preceded by ads from such brands as Kozy Shack pudding, Chevrolet,Unilever, and various Procter & Gamble brands such as Tampax and Always, all of which have all paid for the privilege.

Boris says the checks he cashed came through an affiliate program where Viant splits ad revenue with publishers who showed its players.

Viant’s executives say they have an affiliate program, but that they’ve never heard of Boris or MyTopFace.com. They also declined to name a single company that participates in the program.

Boris says he put the Myspace players on his sites after being contacted by a middleman, whom he won’t name. “My balls will be cut off,” he says.

Ad slots on MyTopFace.com run anywhere from 73¢ to $10 per 1,000 views.

Chris Vanderhook, Viant’s chief operating officer, says his company (Myspace) company has technology that checks for non human traffic.

“If a website has 80 or 90 percent bot traffic, then yes, we will try to remove this site from any ad rotation,” he says. Yet Boris’s MyTopFace, which, again, according to the estimates provided to Bloomberg Businessweek, had between 74 percent and 94 percent nonhuman traffic, hasn’t been cut off.

Vanderhook says that must mean Viant’s software sees some value to it. If a website has a Myspace player showing ads, he says, “we deemed that it was still quality enough to auction off.”

Research showed that Myspace’s placeholder videos appeared on about 100 websites the researched month, according to Telemetry, a fraud-detection firm. If anything, some of the sites are even more creative than MyTopFace.

One of these other sites is RealMovieTrailers.com which lists a nonexistent address in New York for its headquarters. The listed phone number also doesn’t work. Further distressing is that image searches of its designers’ headshots reveal they’re stock photos, reused hundreds of times around the Internet.

The identity of RealMovieTrailers’ actual operators isn’t clear either as the site’s address is registered anonymously and no one responded to an e-mail sent to an address listed on the site.

In September, after Bloomberg Businessweek asked Mr. Viant about its content, Myspace players began showing non-placeholder videos. What is amazing is that, if the counters embedded in the players are accurate, those placeholders are some of the most watched clips in Internet history.

For example: Hitboy has registered 690 million views. Showing even bigger numbers even though it is a terrible video, is Surfing. This video shows terrible quality and only has about five seconds of black screen with some muffled background noise. Yet, according to the Myspace counter, Surfing has been viewed 1.5 billion times. That view count would make it bigger than any YouTube video in history with the exception of Gangnam Style.

So, the situation today is one where programmatic advertising has become such a tangle of data firms, marketing firms, strategy firms, and ad tech companies that it is virtually impossible for the biggest brands to keep track of it all.

Some companies are just bailing-out on online advertising. Three years ago ad-watching executives at Kellogg started to notice that spots for Cheez-It, Pop-Tarts, and Special K were running on sketchy websites, hidden in pop-under windows, or compressed into screens as tiny as a single pixel.

They also noticed that other ads were displayed on sites where much of the “audience” was bots. In the expected reaction to such a discover, the company’s manager of digital strategy said, “It turns out I’m buying from this guy down the street who opens up his coat and says, ‘Hey, you want to buy some ads?’ ”

The situation became even more infuriating when Kellogg tried to get a simple breakdown. They wanted to know how much was each part of the labyrinthine digital-ad process costing?

Answers were impossible to come by.

Kellogg asked for itemized bills from the various ad agencies and data companies it hired, but their requests were all refused. “It wasn’t a smoking gun,” the Kellog executive said. “It was more like a detective story where you had to piece together the evidence. And it was clear that in a system with that little transparency, there was bound to be problems.”

Thus, Kellogg’s in-house ad department took control of its contracts with publishers and ad platforms such as Google and Yahoo, and terminated all outside agencies from the process. The company also started using software that alerted it when ads ran on suspect sites and they refused to do business with any sites that wouldn’t allow third-party validators to screen for bad traffic.

Because of these and other measures, Kellogg has seen a 50% 75% drop in bot traffic and a significant jump in its ROI for Raisin Bran and Kellogg's Corn Flakes.

It seems that ad fraud, as described here, may eventually turn into an acceptable nuisance like shoplifting. It may turn out that it’s something that companies learn to control without ever fully eradicating.

Advertisers generally see lower levels of fraudulent traffic by dealing directly with publishers rather than using programmatic exchanges. Of course, this also means missing out on the massive scalability that the web and automation was originally hoped to provide.  

In comparison, sites such as Facebook, with its billion-plus users, are relatively bot-free, if expensive, places to run ads. Facebook expects that advertisers only pay only when their ads are actually seen by humans.

There’s also the possibility that the multitudes of smaller ad tech players will become really serious about sanitizing their traffic and regulating themselves. Walter Knapp, CEO of Sovrn Holdings, a programmatic exchange, says he was as alarmed as anyone at the rise of ad fraud. He says that he decided it was a matter of survival. He said, “There are 2,000 ad tech companies, and there is maybe room for 20,” he says. “I looked around and said, ‘This is bulls—.’ ”

About 18 months ago, Mr. Knapp set to figuring out how much of his inventory—ad spaces for sale—was fake. The answer shocked him: “Two-thirds was either fraud or suspicious,” he says. So, he decided to remove all of it. “That’s $30 million in revenue, which is not insignificant.”

Sovrn’s business eventually returned to, and eventually surpassed, where it was with the bad inventory. Knapp says his company had a scary few months though and he keeps part of a molar on his desk as a memento. “I was clenching it so hard, I cracked it in half,” he says.

He discredits the idea that it’s hard to tell genuine traffic from fake. “The whole thing about throwing your hands in the air and saying, ‘I don’t know, maybe it’s real, maybe it’s not real,’ ” he says. “You can absolutely find out.” He sees it the way Supreme Court Justice Potter Stewart saw smut. “How can you tell it’s porn? You know it when you see it,” Knapp says. “Like, go to the website, man.”

If you believe that my message is worth spreading, please use the share buttons if they show at the top of the page.

Stephen Hodgkiss
Chief Engineer at MarketHive

markethive.com


Alan Zibluk Markethive Founding Member

Online Advertising Fraud 101

 

Online Advertising Fraud 101

 

I have long been of the opinion that the lack of transparency on the web is one of its growing and impending problems. It has become clear to observant consumers that it is very easy to create a false and misleading impression on the internet if one has the skill and desire to do so (for financial benefit).

It hasn't taken long for advertising to become just as big on the internet as it always has been in more traditonal commerce. While the majority of online advertising purveyors are legitimate businesses or solopreneurs, it has recently been revealed that, in the aggregate, there is a tremendous about of money lost, by advertisers, to advertising schemes and scams.

In fact, no less prestigious authority than Advertising Age’s online magazine recently stated that 1 out of 3 advertising dollars spent are siphoned off by fraud. They estimated the total lost was $18.5B. That’s a lot of money.

But, like anything else, this subject has already gotten obscured, to most people, by terminology and a lack of understanding of the basics involved. That’s what this article is about.

Another commonly used name for ‘online advertising fraud’ is ‘Click Fraud’.

Click fraud is especially common in something you've probably at least have heard about…PPC (pay per click) advertising. It occurs when a person, automated script or computer program imitates a legitimate user of a web browser clicking on an ad, for the purpose of generating a charge per click without having actual interest in the target of the ad's link.

Click fraud is the subject of some controversy and increasing litigation due to the advertising networks being a key beneficiary of the fraud.

In the book, The Search: How Google and its Rivals Rewrote the Rules of Business and Transformed our Culture, media entrepreneur and journalist John Battelle described click fraud as the "decidedly black-hat" practice of publishers illegitimately gaming paid search advertising by employing robots or low-wage workers to repeatedly click on each AdSense ad on their sites, thereby generating money to be paid by the advertiser to the publisher and to Google.

Pay-per-click advertising

PPC advertising is an arrangement in which webmasters (operators of websites), acting as publishers, display clickable links from advertisers in exchange for a charge per click. As this industry evolved, a number of advertising networks developed, which acted as middlemen between these two groups (publishers and advertisers).

And of course, any time there’s big money involved, some people succumb to the temptation of scamming consumers.

 

Each time a (believed to be) valid Web user clicks on an ad, the advertiser pays the advertising network, which in turn pays the publisher a share of this money. This revenue-sharing system is seen as an incentive for click fraud.

The largest of the advertising networks is Google's AdWords/AdSense and Yahoo! Search Marketing. They actually act in a dual role, since they are also publishers themselves (on their search engines).[3]

According to critics, this complex relationship may create a conflict of interest. This is because these companies lose money to undetected click fraud when paying out to the publisher but make more money when collecting fees from the advertiser. Because of the spread between what they collect and pay out, unfettered click fraud would create short-term profits for these companies.

Non-contracting parties

A secondary source of click fraud is non-contracting parties, who are not part of any pay-per-click agreement. This type of fraud is even harder to police because perpetrators generally cannot be sued for breach of contract or charged criminally with fraud. Here are some examples:

  • Competitors of advertisers: These parties may wish to harm a competitor who advertises in the same market by clicking on their ads. The perpetrators do not profit directly but force the advertiser to pay for irrelevant clicks, thus weakening or eliminating a source of competition.

  • Competitors of publishers: These persons may wish to frame a publisher. It is made to look as if the publisher is clicking on its own ads. The advertising network may then terminate the relationship. Many publishers rely exclusively on revenue from advertising and could be put out of business by such an attack.

  • Other malicious intent: As with vandalism, there are many motives for wishing to cause harm to either an advertiser or a publisher, even by people who have nothing to gain financially. Motives include political and personal vendettas. These cases are often the hardest to deal with, since it is difficult to track down the culprit, and if found, there is little legal action that can be taken against them.

  • Friends of the publisher: Sometimes upon learning a publisher profits from ads being clicked, a supporter of the publisher (like a fan, family member, political party supporter, charity patron or personal friend) will click on the ads to help. This can be considered patronage. However, this can backfire when the publisher (not the friend) is accused of click fraud.

Advertising networks may try to stop fraud by all parties but often do not know which clicks are legitimate. Unlike fraud committed by the publisher, it is difficult to know who should pay when past click fraud is found. Publishers resent having to pay refunds for something that is not their fault. However, advertisers are adamant that they should not have to pay for phony clicks.

Organization

Click fraud can be as simple as one person starting a small Web site, becoming a publisher of ads, and clicking on those ads to generate revenue. Often the number of clicks and their value is so small that the fraud goes undetected. Publishers may claim that small amounts of such clicking is an accident, which is often the case.

However, this technique can be scaled up considerably. Those engaged in large-scale fraud will often run scripts which simulate human clicking on ads in Web pages. However, huge numbers of clicks appearing to come from just one, or a small number of computers, or a single geographic area, obviously look highly suspicious to the advertising network and advertisers.

Clicks coming from a computer known to be that of a publisher (which can be and usually is tracked) also look suspicious to those watching for click fraud. For that basic reason, a person attempting large-scale fraud from one computer stands a good chance of being caught.

One type of fraud that usually circumvents detection is based on IP patterns uses existing user traffic and turning this traffic into clicks or impressions. These types of attacks can be camouflaged from users by using 0-size iframes to display advertisements that are programmatically retrieved using JavaScript.

They could also be camouflaged from monitors (advertisers and portals) by ensuring that so-called "reverse spiders" are presented with a legitimate page, while human visitors are presented with a page that commits click fraud.

The use of 0-size iframes and other techniques involving human visitors may also be combined with the use of incentivized traffic where members of "Paid to Read" (PTR) sites (often in developing countries) are paid small amounts of money to visit a website and/or click on keywords and search results, sometimes hundreds or thousands of times every day.

Some owners of PTR sites are members of PPC engines and may send many email ads to users who do search, while sending few ads to those who do not. They do this mainly because the charge @ click on search results is often the only source of revenue to the site. This is known as forced searching, a practice that is frowned upon in the Get Paid To industry.

Organized crime or wealthy solopreneur scammers can handle this by having many computers with their own Internet connections in different geographic locations. Because the scripts they use often fail to mimic true human behavior, these operators use Trojan code to turn the average person's machines into zombie computers and use sporadic redirects or DNS cache poisoning to turn the oblivious user's actions into actions generating revenue for the scammer.

These are pretty smart people, i.e. smart at their craft. Thus not only are they good at covering their trails technically but it is usually very difficult for advertisers, advertising networks, and authorities to pursue cases against networks of people spread around multiple developing countries.

Impression fraud is when falsely generated ad impressions affect an advertiser's account. In the case of click-through rate based auction models, the advertiser may be penalized for having an unacceptably low click-through for a given keyword. This involves making numerous searches for a keyword without clicking of the ad. Such ads are disabled[7]

Hit inflation attack

A hit inflation attack is a kind of fraudulent method used by some advertisement publishers to earn unjustified revenue on the traffic they drive to the advertisers’ Web sites. It is more sophisticated and harder to detect than a simple inflation attack.

This process involves the collaboration of two counterparts, a dishonest publisher, P, and a dishonest Web site, S. Web pages on S contain a script that redirects the customer to P's Web site, and this process is hidden from the customer. So, when user U retrieves a page on S, it would simulate a click or request to a page on P's site.

P's site has two kinds of web pages: a manipulated version, and an original version. The manipulated version simulates a click or request to the advertisement, causing P to be credited for the click-through. P selectively determines whether to load the manipulated (and thus fraudulent) script to U's browser by checking if it was from S. This can be done through the Referrer field, which specifies the site from which the link to P was obtained. All requests from S will be loaded with the manipulated script, and thus the automatic and hidden request will be sent.

This attack will silently convert every innocent visit to S to a click on the advertisement on P's page. Even worse, P can be in collaboration with several dishonest Web sites, each of which can be in collaboration with several dishonest publishers.

If the advertisement commissioner visits the Web site of P, the non-fraudulent page will be displayed, and thus P cannot be accused of being fraudulent. Without a reason for suspecting that such collaboration exists, the advertisement commissioner has to inspect all the Internet sites to detect such attacks, which is infeasible. Another proposed method for detection of this type of fraud is through use of site parameters specified by the respective advertising association.

Online advertising fraud isn't anything that's going to be stamped out overnight. The internet is a jungle where the fight for survival is constant. Perhaps the good thing to recognize here is that online advertising fraud has only recently being recognized as a serious problem. That being the case, it might even spawn a new, entrepreneurial, industry of ad-revenue protection.

 

Alan Zibluk Markethive Founding Member