Advertisers have deployed technology and relied on new industry standards to reduce wasted ad spend due to fraud and low viewability. But have those actually worked to drive up RoAS (return on ad spend)? Research data suggests that there are still high amounts of ad fraud that remains to be cleaned up and that the fake traffic, impressions, and clicks further corrupt the analytics that advertisers use to measure the success of their campaigns. Hear practical recommendations from Dr. Augustine Fou, independent cybersecurity and ad fraud researcher, on how to measure and mitigate ad fraud using high tech tools and low tech techniques.
3. October 2016 / Page 2marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Fraud continues up as digital ad spend goes up
Digital ad fraud
Digital ad spend
Source: IAB 2015 FY Report
$ billions
E
High / Low Estimates
4. October 2016 / Page 3marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Bad guys follow the money – focus on CPM, CPC fraud
Impressions
(CPM/CPV)
Clicks
(CPC)
Search
32%
91% digital spend
Display
12%
Video
7%
Mobile
40%
Leads
(CPL)
Sales
(CPA)
Lead Gen
$2.0B
Other
$5.0B
• classifieds
• sponsorship
• rich media
(86% in 2014)
Source: IAB 2015 FY Report
(83% in 2013)
5. October 2016 / Page 4marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Two main types of fraud, two key ingredients
Impression
(CPM) Fraud
(includes mobile display, video ads)
1. Put up fake websites and load
tons of ads on the pages
Search Click
(CPC) Fraud
(includes mobile search ads)
2. Use bots to repeatedly load
pages to generate fake ad
impressions
1. Put up fake websites and
participate in search networks
2. Use bots to type keywords
and then to click on the ads
to generate the CPC revenue
screen shots of
fake sites
6. October 2016 / Page 5marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
How profitable is digital ad fraud? Extremely…
Source: https://hbr.org/2015/10/why-fraudulent-ad-
networks-continue-to-thrive
“the profit margin is 99% … [especially
with pay-for-use cloud services ]…”
Source: Digital Citizens Alliance Study, Feb 2014
“highly lucrative, and profitable… with
margins from 80% to as high as 94%…”
7. October 2016 / Page 6marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
How scalable are ad fraud operations? Massively …
Cash out sites are massively scalable
131 ads on page
X
100 iframes
=
13,100 ads /page
One visit redirected dozens of times
Known blackhat
technique to hide
real referrer and
replace with faked
referrer.
Example how-to:
http://www.blackhatworld.co
m/blackhat-seo/cloaking-
content-generators/36830-
cloaking-redirect-referer.html
Thousands of requests per page
Single mobile app calling 10k impressions
Source: Forensiq
8. October 2016 / Page 7marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
AppNexus example – cleaned up 92% of impressions
Increased CPM prices
by 800%
Decreased impression
volume by 92%
Source: http://adexchanger.com/ad-exchange-news/6-months-after-fraud-cleanup-appnexus-shares-effect-on-its-exchange/
260 billion
20 billion
> $1.60
< 20 cents
“pity those advertisers who bought before the cleanup”
10. October 2016 / Page 9marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Websites – spectrum from bad to good
Ad Fraud Sites
Click Fraud Sites
100%
bot
mostly
human
Piracy Sites
Premium
Publishers
Sites w/
Sourced Traffic
“fraud sites” “sites w/ questionable practices” “good guys”
Websites
“real content that real
humans want to read”
11. October 2016 / Page 10marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Identical sites – fraud sites made by template
12. October 2016 / Page 11marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Countless fraud domains used to commit ad fraud
http://analyzecanceradvice.com
http://analyzecancerhelp.com
http://bestcanceropinion.com
http://bestcancerproducts.com
http://bestcancerresults.com
http://besthealthopinion.com
http://bettercanceradvice.com
http://bettercancerhelp.com
http://betterhealthopinion.com
http://findcanceropinion.com
http://findcancerresource.com
http://findcancertopics.com
http://findhealthopinion.com
http://finestcanceradvice.com
http://finestcancerhelp.com
http://finestcancerresults.com
http://getcancerproducts.com
100s of
thousands
more sites like
these, designed
to profit from
high value ads
14. October 2016 / Page 13marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Bots are developer tools (browser) used for ad fraud
Headless Browsers
Selenium
PhantomJS
Zombie.js
SlimerJS
Mobile Simulators
35 listed
Bots are made from malware
compromised PCs or headless
browsers (no screen) in datacenters.
Bots
15. October 2016 / Page 14marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Bots range in sophistication, and therefore cost
Javascript installed
on webpage
Malware on PCsData Center BotsOn-Page Bots
Headless browsers
in data centers
Malware installed on
humans’ devices
Less sophisticated Most sophisticated
Source: AdAge/Augustine Fou, Mar 2014 Source: Forensiq Source: Augustine Fou, Oct 2015
“not many people know that the official industry bot
lists catch NONE of these bots, not one.”
1 cent CPMs
Load pages, click
10 cent CPMs
Fake scroll, mouse
movement, click
1 dollar CPMs
Replay human-like mouse
movements, clone cookies
16. October 2016 / Page 15marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Bad guys’ bots earn more money, more efficiently
Higher bots in retargetingBots collect cookies to look attractive
Source: DataXu/DoubleVerify Webinar, April 2015 Source: White Ops / ANA 2014 Bot Baseline
17. October 2016 / Page 16marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Bots – from easy-to-detect to advanced bots
10,000
bots observed
in the wild
user-agents.org
bad guys’ bots3%
Dstillery, Oct 9, 2014_
“findings from two independent third parties,
Integral Ad Science and White Ops”
3.7%
Rocket Fuel, Sep 22, 2014
“Forensiq results confirmed that ... only 3.72% of
impressions categorized as high risk.”
2 - 3%
comScore, Sep 26, 2014
“most campaigns have far less; more in the
2% to 3% range.”
industry lists
(bot name-match)
“not on any list”
disguised as normal browsers –
Internet Explorer; constantly
adapting to avoid detection
18. October 2016 / Page 17marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Any device with chip/connectivity can be used as a bot
Traffic cameras
used as botnet
(Engadget, Oct 2015)
mobile devices
connected
traffic lights
connected cars
thermostat connected fridge
Security
cams used as
DDoS botnet
(Engadget, Jun 2016)
(TechTimes, Sep 2016)
20. October 2016 / Page 19marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Tech toolset - javascript tag installed on-site or in-ad
In-Ad (ad iframes)On-Site (publishers’ sites)
• For publishers to detect and
characterize each visitor to the website
• Installed just like Google Analytics via 2
lines of code
• For advertisers (served as
an ad tag) to characterize the
user that caused the ad to load
ad tag / pixel
(in-ad measurement)
javascript embed
(on-site measurement)
21. October 2016 / Page 20marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Visual difference between good publishers, networks
good publishers
ad exchanges/networks
22. October 2016 / Page 21marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
End of month traffic and impressions fulfillment
Impressions surgevolume bars (green)
Stacked percent
Blue (human)
Red (bots)
red vs blue trendlines Caused by bots
23. October 2016 / Page 22marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Real traffic surges caused by humans on news site
Traffic surges
volume bars (green)
Stacked percent
Blue (human)
Red (bots)
red v blue trendlines
By humans
24. October 2016 / Page 23marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
AdMonsters Publishers Study – Class of May 2016
AdMonsters Publishers Study
• 30 days, directly measured
• 30 publishers/sites
• 1 billion pageviews
• ocean of blue
25. October 2016 / Page 24marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Declared/search bots should be low, no ads served
- searched for "HTTP_USER_AGENT:smartbrief"
- searched through 98784 visits in 101 batches.
- found 11519 matches (11.66%).
- searched for "HTTP_USER_AGENT:moatbot"
- searched through 98784 visits in 101 batches.
- found 2064 matches (2.09%).
- searched for "HTTP_USER_AGENT:googlebot"
- searched through 98784 visits in 101 batches.
- found 425 matches (0.43%).
- searched for "HTTP_USER_AGENT:bingbot"
- searched through 98784 visits in 101 batches.
- found 85 matches (0.09%).
Smartbrief Bot GoogleBot
moatbot Bingbot
26. October 2016 / Page 25marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Ad Fraud Risks for Advertisers
(scenarios illustrated with examples)
27. October 2016 / Page 26marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
How many impressions do you want to buy?
Rectangular traffic patterns
– turn bots on, turn bots off on demand
28. October 2016 / Page 27marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
http://www.olay.co
m/skin-care-
products/OlayPro-
X?utm_source=msn
&utm_medium=cpc
&utm_campaign=Ol
ay_Search_Desktop
What premium sites do you want to buy from?
Click thru URL
passes fake source
“utm_source=msn”
buy eye cream online
(expensive CPC keyword)
1. Fake site that
carries search ads
Olay.com ad in
#1 position
2. search ad
served, fake click
Destination page
fake source declared
3. Click through to
destination page
29. October 2016 / Page 28marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
How many clicks/sessions/views do you want?
click on links
load webpages tune bounce rate
tune pages/visit
“bad guys’ bots are advanced enough to fake most metrics”
30. October 2016 / Page 29marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
What click through rates are you shooting for?
Programmatic display
(18-45% clicks from advanced bots)
Premium publishers
(0% clicks from bots)
0.13% CTR
(18% of clicks by bots)
1.32% CTR
(23% of clicks by bots)
5.93% CTR
(45% of clicks by bots)
Campaign KPI: CTRs
31. October 2016 / Page 30marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
What is your target viewability?
Bad guys cheat and stack
ALL ads above the fold to
make 100% viewability.
Good guys have to array ads on
the page – e.g. 50% or lower
overall average viewability.
Fraud SitesGood Publishers
“100% viewability?
Sure, no problem.”
AD
32. October 2016 / Page 31marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Need 0% NHT traffic? Or Middle East traffic?
• “IntegralAdScience filtered traffic, she says,
can be monetized on any banner network
from “the exchanges.”
• Pixalate filtered traffic, she says, can be
monetized on any search feed.
• MOAT filtered traffic, she says, works well
with video networks but not one in
particular.”
Source: Shailin Dhar, Ad Fraud Researcher
33. October 2016 / Page 32marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Case Examples of
Reducing Ad Fraud
34. October 2016 / Page 33marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Line item detail reveals obvious fraud
Line item details
Overall average
9.4% CTR
“fraud hides easily
in averages”
35. October 2016 / Page 34marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Once detected, we turn off specific referring source
102,231 sessions
0 sessions
goal event – no change
36. October 2016 / Page 35marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Advertiser increased ads served to humans, less to bots
• By systematically reducing spend to sites that had the highest incidence of bots,
the advertiser increased ad impressions served to humans, and lowered those
served to bots
37. October 2016 / Page 36marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Advertiser increased goal events by serving to humans
Period 1 Period 2 Period 3
20% confirmed humans
30% confirmed humans
190k
5k
220k
6k
280k
7k
total goal events
average daily goals
10% confirmed humans
38. October 2016 / Page 37marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Advertiser turned off highly suspicious placements
.xyz domains suspicious mobile apps
39. October 2016 / Page 38marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Best Practices of Savvy Advertisers
“don’t assume your agency took care of it”
• Challenge all assumptions – don’t assume someone else
“took care of it.” Verify, by demanding detailed reports,
because fraud hides easily in averages
• Check your Google Analytics - question anything that looks
suspicious; more details that can reveal fraud and waste
• Corroborate measurements – measure different parameters
together and see if they still make sense; reduce false
positives or negatives
• Use conversion metrics – CPG client uses click-and-print
digital coupons; pharma client uses doctor finder zip code
searches, plus clicks to doctor pages; retailers use sales
40. October 2016 / Page 39marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
About the Author/Researcher
October 2016
Augustine Fou, PhD.
acfou@mktsci.com
212. 203 .7239 (New York)
41. October 2016 / Page 40marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Dr. Augustine Fou – Recognized Expert on Ad Fraud
2013
2014
SPEAKING ENGAGEMENTS / PANELS
4A’s Webinar on Ad Fraud
AdCouncil Webinar on Ad Fraud
TelX Marketplace Live Panel on Cybersecurity
ARF Audience Measurement / ReThink
IAB Webinar on Ad Fraud / Botnets
AdMonsters Publishers Forum / OPS
DMA Webinar – Ad Fraud & Measurement
2016
2015
42. October 2016 / Page 41marketing.scienceconsulting group, inc.
linkedin.com/in/augustinefou
Harvard Business Review – October 2015
Excerpt:
Hunting the Bots
Fou, a prodigy who earned a Ph.D. from MIT at
23, belongs to the generation that witnessed
the rise of digital marketers, having crafted his
trade at American Express, one of the most
successful American consumer brands, and at
Omnicom, one of the largest global advertising
agencies. Eventually stepping away from
corporate life, Fou started his own practice,
focusing on digital marketing fraud
investigation.
Fou’s experiment proved that fake traffic is
unproductive traffic. The fake visitors inflated
the traffic statistics but contributed nothing to
conversions, which stayed steady even after the
traffic plummeted (bottom chart). Fake traffic is
generated by “bad-guy bots.” A bot is computer
code that runs automated tasks.