Old Fraud, New Tricks, Big Threats: Combatting the Latest in Ad Fraud

By OpenX in Publishers|April 4, 2019

For all the progress that’s been made on the quality front in the last year, digital advertising is still stumbling when it comes to keeping bad actors at bay. Nearly 70% of ad agency executives still cite fraud as the biggest hindrance to ad budget growth — topping out concerns around other important topics such as measurement.

From “declaration fraud” to hijacked ad creative, and all the other scams seeking to rip off the ad industry that have surfaced over the last several weeks, it has never been more clear that bad actors will do anything to get a piece of the advertising pie.

However, what stands out in the latest batch of schemes is that most fraudsters aren’t creating new types of fraud, rather they’re just employing a series of tricks to exploit loopholes in the systems the industry has put in place.

The good news is that the fixes are relatively easy. Specific tactics can shut down some of these workarounds and reduce or eliminate fraud altogether. Here’s a quick guide on what you can do:

(1) Malware Invading Legitimate Creative

The problem: In the past, fraudsters used basic/generic creative to run malware attacks, but now they are using copies of advertisers’ real ads and injecting them with malicious code. Through the use of malware or redirects, this type of fraud imposes negative impacts on publisher revenue and harms brands’ reputations in process by delivering a poor user experience.

The fix: First, do what you can to stop the problem at the source. Ensure your DSPs keeps a watchful eye on who has a seat in their platform as this is the most common way bad actors get access. Then take advantage of your SSP/Exchange’s position in the supply chain. Since they are often the “last line of defense,’ ensure that the technology company you work with is looking at and scanning all ad creatives to identify anomalies, not just sampling the creatives as many players do to save money. Sophisticated partners will be able to spot code inconsistencies even if things look right from a creative standpoint.

(2) “Declaration Fraud”

The problem: Buyers bid for ads under the assumption that publishers and exchanges are sharing accurate info about ad units, but after what we’ve seen with domain spoofing, this may not always be true. As a result, some buyers are now bidding on what they believe to be large, full screen mobile video ads, but instead getting very small video ads.

While this can be or accidental due to tech challenges that make it hard to properly flag video sizes, it can also be intentional. Shady exchanges or publishers can manipulate the description of the inventory to make it seem more appealing to buyers.

The fix: Exchanges play a key role in validating publisher inventory. As a buyer, you should look at post-impression reporting to examine rendersize and catch video mismatches and then hold your publisher or exchange partner accountable to fix any discrepancies.

(3) Risky “Resellers”

The problem: The IAB’s ads.txt initiative rapidly gained industry adoption because it provided a simple way for buyers and sellers to protect themselves from domain spoofing. It’s been an extremely effective approach, but bad actors have found a loophole.

Fraudsters take advantage of a publisher’s public ads.txt file by opening accounts with an ad network listed as an authorized reseller. Then, using the ad network as an intermediary to appear legitimate, the fraudsters send fraudulent traffic to buyers via the ad exchanges.

The fix: Publishers should make sure resellers, or ad networks, only offer their inventory to exchanges where they have a direct relationship with the site owner. Buyers should ensure that their exchange partners do not offer any reseller inventory that is derived from more than one hop, meaning they should make sure that any reseller inventory their exchanges offer  come from a reseller that has a direct relationship with the publisher.

With all that said, it’s not surprising to see an influx of fraud emerge in digital advertising. The digital ad space is a lucrative and growing industry, and there’s a lot of money to be made by both legitimate players and bad actors.

What has fallen by the wayside in many instances is simply consistency and focus. There is an urgent need for more action to be taken from buyers, sellers and intermediaries to create a truly healthy, well lit, safe and valuable digital advertising marketplace. The sheer enormity of the money at stake – tens of billions of dollars – will forever make digital advertising an attractive playground for criminal actors. Their con game counts on complacency.