Marketers have turned on the taps with unprecedented online spending. eMarketer reports that for the first time digital ad spending in the US will exceed traditional ad spending, while by 2023, digital will surpass two-thirds of total media spending. The big winners are being crowned — not least Google (responsible for 38% of digital online spending); Facebook (21%) and rising star Amazon (7%).
However, there is another big winner in the gold rush: fraudsters, and an army of bots sucking up ad impressions and advertising dollars at an alarming rate.
Ad fraud operates through cybercriminals creating millions of fake impressions, particularly using bots. In the worst cases, some online campaigns are never even seen by humans. In a recent study by CHEQ (the ad verification company I work for, we found that 18% of online ad traffic was fraudulent based on 4.1 billion ad requests made in the United States over 1.2 million domains. This fraud is estimated to cost $51 million each day.
The consequences are far-reaching. These bots do not buy, eat or vote. They are not inspired, informed or infuriated by online creativity by brands. Nevertheless, these bots are causing online damage at a great detriment for the entire ecosystem. According to the World Federation of Advertisers by 2025 online ad fraud, enabled substantially by tracking, will become the second largest source of criminal income in the world.
Smart bots are taking Over
While many U.S. advertisers believe that these bot attacks are rudimentary, in fact, today’s online attacks have become a lot more sophisticated and scary.
We found that 77% of the fake traffic in the US is “sophisticated invalid traffic” (SIVT).
SIVT sounds like a disease, and in many ways it is. These “smart bots” use far more advanced malicious methodologies to defraud the advertising ecosystem than the more basic forms of ad fraud or “general invalid traffic” (GIVT).
Cyber fraud researchers analyzing these 570 million SIVT impressions uncovered that each attack involved a triple-lock of interwoven frauds — combining sophisticated domain-masking, invalid-referrals, and viewability fraud—in a coordinated attempt to evade detection. Other prevalent techniques included domain spoofing, in which scammers create hidden Iframes on web-pages to run ads that consumers never see, and various means used by scammers to manipulate and falsify location data.
As the MMA, MRC, and IAB (which provide the industry standards of what constitutes the two types of fraud) underlies curing SIVT requires a different magnitude of detection. Their guidance says it is “strongly encouraged for organizations to report on SIVT”, through a number of detections — including traps, honeypots, properly evaluated captcha function parameter-based fingerprinting.”
Ad fraud: a nightmare across the ad industry
For the entire online ecosystem, the situation is unsustainable. Ad fraud funds crime (criminals responsible for fraud are admittedly slowly standing trial). It can involve malware infecting consumer’s computers. The prevalence of ad fraud in the campaign measurement soup is also making the numbers more than unreliable. More profoundly, the problem is shaking the ad ecosystem by removing ad dollars which support a free internet and many online news sites.
Though perhaps hardest-hitting is the impact of ad fraud on the bottom line. Serving ads to non-humans is vastly reducing the success of messages and campaigns. Many companies are seeing drops of 22% on CPM and extremely low video completion rates. It can also put executives on the hook for not having done enough to spot the problem. In one case, for instance, a publisher came to us and we found 100% fraud views in campaigns. Left unchecked, this type of fraud could lead to serious questions and potential legal issues.
The shift to online technology has caused many challenges for advertisers, but technology also carries an answer to the rise of the bots. The new landscape of protection offered through AI and cybersecurity is belatedly heightening the transparency of the digital ad ecosystem so that advertisers, publishers, and agencies can be more confident that bots can be blocked, and money spent on human views again.
Just as CTOs were shaken out of complacency and into an armed race against cybercrime (31 percent of organizations have experienced cyber-attacks), CMOs must do the same. For now, bots are winning, claiming the upper hand with sophisticated attacks, but brands must hit back, taking a page out of the wider cybersecurity playbook by using the latest technologies, better collaboration, and intelligence. With the rise of smart and dangerous ad fraud, our only hope is countering the attacks with a similar level of sophistication.