Upload
white-ops
View
468
Download
0
Embed Size (px)
Citation preview
#NoMoreAdFraud
Brandon Miller, Carmichael Lynch
Michael Tiffany, White Ops
The Problem
The Criminals
The Solution
The Bot World
In 2014, The Bot
Baseline found fraud
in every kind of
campaign we studied.
The average loss to
bots was 11%.
*
Bots are infecting the system.Fake web browsers go to real (or fake) sites, view real ads,
and demand payment for the service
False assumptions:
Bots are afraid of tracking (nope: hacked
goods make them seem legitimate)
Optimizing for performance, or
viewability, or conversions squeezes out
the bots automatically (nope)
x
x
…our findings show otherwise.
Bot fraud is the
scalable ad fraud
Yes, you should probably care about pixel stuffing,
ad clutter, ad collision, etc. etc. etc. But those things
don’t happen on expensive placements. Those
things don’t add up to $6.3 billion dollars. Those
things don’t funnel money to organized crime. Your
CFO cares about stopping money going to
organized crime. He may not care about ad clutter.
News Junkie
Targeting (and Retargeting)
Missed.
Fake profiles and
stolen cookies =
retargeted campaigns
had more bots, not
less
When publishers get a portion of
their visitors from other sites on the
web, they get bot traffic, too.
Advertiser
Agency
Exchanges
Publisher
Who’s the bad guy?
The real bad guys are
the ones breaking into
everyone’s computers
Fake Sites Awful content
Scraped or copied
content
Objectively measurable
Hosts ads
Makes money
Doesn’t matter; humans don’t visit
The attackers adaptHere they come. Turn the bots
off!
They’re leaving. Turn the bots
back on.
We have a complaint. Clean
it up.
Here they come again…
There are some interesting patterns…
When advertisers demand more
traffic, the differential between
available humans and advertiser
demand for traffic can be made up
with bots.
Bots will often supply traffic as
needed in bursts – in this case,
every Saturday
There are some interesting patterns…
Not all botnets are run by geniuses: some bots are too
dumb to keep daylight hours:
Old Browsers Are Bot Browsers
Bots both:
Cycle through many
fake user-agents
(browsers) to hide in
the noise
Provide real user-
agents, but don’t get
auto-updated
Why are we still supporting old
browsers?!
• Taking on all the botnets at once requires
hardcore malware reverse-engineering and
major intelligence operations.
• We’re in an arms race against the world’s
best cybercriminals.
• It’s fun to point out these patterns, but if all
we had to do was find the patterns, this
problem would have been solved already.
In December 2014, on behalf of a large brand,
the ad agency Carmichael Lynch decided to make an above-average campaign even better.
Carmichael Lynch’s
Anti-Fraud Formula:
Monitor for fraud in all the brand’s campaigns
Use continuous monitoring (Detection) to hold all supply
partners accountable and to reward great ones
Take proactive steps (Prevention) only where it makes
sense for the buyer to take that burden
Solution: Protect high value media investment –
reduce fraud where it hits the hardest by dollars
Campaign Human Bots Bots %
1* 350M 20M 5%
2* 260M 20M 7%
3* 190M 14M 7%
4 76M 3M 4%
5* 63M 10M 13%
1. Top volume campaigns had
expensive bot problems
2. Small but significant bot
percentages across too many
placements to address manually
Top bot problems:
Solution: Anti-targeting!
5.90%
7.80%
6.70%
3.80% 3.40%
2/22, 13 MM 2/23, 15 MM 2/24, 16 MM 2/25, 14 MM 2/26, 13 MM
Bot % of total
Solution: Anti-targeting!
In one day, Carmichael Lynch
cut the brand’s bot percentage
by 43%.
5.90%
7.80%
6.70%
3.80% 3.40%
2/22, 13 MM 2/23, 15 MM 2/24, 16 MM 2/25, 14 MM 2/26, 13 MM
Bot % of total
1. Top volume campaigns had expensive
bot problems
2. Small but significant bot percentages
across too many placements to address
manually
3. Bot fraud varied by placement by time:
being clean today didn’t guarantee being
clean tomorrow
Top bot problems:
In ongoing fraud-cutting activities, Carmichael Lynch
improved traffic by cutting or repairing the worst offenders
Solution: Continuous monitoring
Authorize and approve third-party traffic validation technology
Be aware and involved
Use third-party monitoring
Budget for security
Protect yourself, your users, and your media from ad fraud
✓
✓
✓
✓
✓
*
To defend against sophisticated
and basic ad fraud attacks,