Digital Advertising Fraud

The most efficient way to host advertising on web pages or social media is through some form of programmatic advertising.  The owner (publisher) of the site sells space to an agent who will fill it with adverts.  The publisher will receive revenue based on click-throughs from the advert or possibly just page impressions.  The agent will be using programmatic advertising to serve adverts that are most appropriate to the audience of the host page, these are more likely to be clicked on and should earn the agent and host the most commission.  The advertising organisations bid for page space on a ‘Cost Per Mille’ (CPM) model; paying for sets of 1,000 impressions.  One of the simplest solutions would be Google AdSense.

This methodology should benefit everyone except perhaps the humble web surfer who will see pages padded with adverts.  The advertiser optimises revenue with adverts targeted to an audience that is most likely to click onto them.  The host does not have to search for appropriate advertisers and is assured that whatever is hosted will have a good chance of generating revenue.  It is no surprise that ways have been found to make money out of the system at the expense of the various bodies involved.

Although the programmatic advertiser should be doing everything possible to prevent their system being exploited or compromised they are in the business of making money from a large number of relatively small transactions. They cannot monitor all of these in detail and will be relying on their software algorithms and the vigilance of their users to keep the system efficient. Any organisation hosting or paying for web and mobile adverts through a computerised delivery system needs to consider the checks and balances in place. They also need to make use of them. The service should provide reports of activity and allow the consumer to make changes on what they host or where. If the wrong messages are appearing on the wrong sites then neither host nor creator will be getting the income or leads they expect from the deal. These issues may be apparent from the URLs where adverts are hosted or the company names of advert creators.

At the front end scammers will create pages whose prime purpose is to host adverts, collect clicks and their revenue. The content of these pages is not going to be of high quality. It might be copied or computer generated. The ‘better’ examples will be constructed to maximise their Google search rank. Another trick is to use look alike URLs. These will all pull traffic away from high quality original content, frustrate the reader and make it harder for genuine creators to get their message across. Original corporate creators may use some degree of click bait content to attract visitors and promote their business model but will need to set a standard above the fraudulent host sites to keep visitors on their pages.

If the advertising contract is paying by impression rather than click through all the fraudster needs to do is convince the contractor to display an advert. Here is an incentive to display as many adverts as possible with the ultimate extreme being pixel stuffing; reducing the dimensions of each advert to a single pixel. Clearly the author of these adverts is not going to see any click through traffic. Website hosts that are paid by the click can take advantage of click fraud by sending automated clicks to their adverts and pull in the cash. These types of scam not only provide income from their websites but also harm the advert creator as they will be paying for content that will not be converted to income.

The genuine website host is not immune to the fraudster if they rely on automated advert engines. There is some control over the subject of the advert but as this is largely algorithm based there could be unfortunate exceptions with improper placements. The host is at the mercy of the programmatic engine and this could pick up malware. This has been coined the label malvertising and results in compromised adverts hosting malware appearing on the host’s website.

Costs per impression can seem reasonable but with enough traffic they do add up.  The expected conversion rate will never be high but by allowing scammers to hijack the system users are paying for nothing.  In addition fraudulent content can affect the user’s opinion of the brand and its Internet presence.  Relying on the programmatic advertising engine to sort it all out is not enough.  The process needs to be audited and any advertising plan modified to maximise its effect.

More from Security

03/09/2024

Google and Facebook Single Sign On (SSO)

Single Sign On (SSO) options are commonly seen through providers such as Google, Facebook and to a lesser extent Apple.  There are also less …

Read post

13/08/2024

Ransomware in Healthcare

The ThreatLabz 2024 Ransomware Report highlights the relative susceptibility of the healthcare industry to ransomware attacks.  312 attacks on the Healthcare industry were reported …

Read post

29/07/2024

Bad Bots

Kindus has discussed the role of bots on the Internet and how webmasters can use ‘robots.txt’ to control them.  Unfortunately many bots do not …

Read post

22/07/2024

Lessons from the Cloudstrike Outage

On July 19, 2024 at 04:09 UTC, CrowdStrike released an update for ‘Falcon Sensor 7.11’ or above to Windows systems.  This caused a system …

Read post

Sign Up

Sign up to our newsletter list here.

    Successful sign up

    Thank you for signing up to our newsletter list.

    Check your inbox for all the latest information from Kindus

    Categories