Once upon a time, when the internet was still just a twinkle in the eye of Tim Berners-Lee, the advertising industry was simple. A client paid an ad agency to put together some creative work. The agency then paid the relevant media to run the press ad, air the commercial or put up the poster on a billboard, just like we all saw in Mad Men.
But now, with traditional advertising going the same way as print journalism, it’s a very different story. Digital advertising is the only show in town and it’s one that was estimated to be worth a staggering $125 billion a year in 2019 and rising. But the fact that ads have to be incorporated into websites means that there are a number of different intermediaries who play a part between the creation of the ad and its appearance on screens.
This has given a number of entry points for ad fraudsters to intervene. They hijack the media spots for their own ads, often posting inappropriate content and trying to commit illegal activity. This could be anything from introducing spyware onto an unsuspecting person’s computer or mobile device to running a ransomware campaign.
Others try more oblique forms of deception such as the scam which used bots linked to smart TVs to fool advertisers into thinking that far more people were watching their ads than was the reality, and charging them for the privilege.
Generally, it’s been noted that the ad fraudsters out there are becoming far more sophisticated in the way that they operate. Recently Facebook revealed that there had been an attack on thousands of its users called Silentfade which created damage valued at over $4 million. It worked by misappropriating session cookies and then using them to log into their account from a bot operating near to each victim. In the process, it disabled multiple security warnings and also blocked users from reversing the changes.
Two years earlier, cybercriminals believed to based in Russia ran a campaign tagged as Methbot which was believed to be stealing up to $5 million a day by creating false sites including the Huffington Post and Fox News, and generating fraudulent ad views using a complex network of bots.
While the FBI and the US Ministry of Justice have now become involved in tracking down fraudsters like the team behind Methbot, more and more advertisers are now taking the approach that prevention is better than detection. So, many are now working with third parties who can provide them with ad verification services. These work in a number of ways, for example by making sure that the ads that appear on the intended site are fully compliant and are displayed as intended. By using sophisticated scanning methods and identifying warning signs they can block the offending and fraudulent ads long before they get the chance to go live.
Just like computer hackers, ad fraudsters continue to become more sophisticated and harder to stop. So it’s a battle that’s set to intensify before it is finally won.