Digital Ad Fraud: How the Money Flows

Money Fall

Whilst the problems associated with ad fraud are well documented, the mechanisms by which malicious players act, along with how it is possible for the money to flow from legitimate sources to hackers, is discussed less frequently. To that end, in this exclusive article for ExchangeWire, Dr Augustine Fou (pictured below), independent ad fraud researcher, discusses how the money flows to the advertising conmen.

I often get asked these two questions when I talk about digital ad fraud: “Who are the bad guys and how do they get paid?” These are actually the same question, intertwined. Once you understand one, you will easily understand the other.

So let’s start by looking at how the money flows. And, for all those industry practitioners who are about to pounce, this is, of course a simplified view.

Brand marketer pays media buying agency

A big brand advertiser allocates a large budget for digital ads – their digital media spend. They give those media dollars to a media buying agency whose job it is to spend it all. The media agency finds the largest ad exchanges and divides up the media spend to many of them based on how much inventory each can sell them and the price. Sometimes these ad exchanges may even stretch a little, or a lot, and sell ‘inventory’ they don’t even have yet. What’s the harm in stretching the truth a bit, or a lot? They have to make the sale, right? Now that they’ve contractually sold the inventory they didn’t have yet, they have to scramble to make sure they deliver what they already sold.

Dr Augustine Fou

Dr Augustine Fou, Independent Ad Fraud Researcher

But keep in mind, display ads are supposed to be shown when humans visit webpages. And the quantity of display ads – the inventory – doesn’t materialise until they do. You may have a prediction on the quantity, given historical data. But what happens if there is a huge spike in visits due to some major news event, or a major Kardashian sighting? Or what happens if it was a slow month and not enough humans came to the sites or used the apps to generate the quantity of ad impressions you were predicting – and more importantly, the quantity needed to fulfil the order they already promised? This puts the ad exchange that sold the inventory in a bind and they start to hammer the sites that belong to their exchange to get more ad impressions.

Media agency buys inventory from ad exchanges

These sites are longer-tail sites and there are hundreds of thousands of them. ‘Long tail’ means more niche; and more niche means fewer humans are actually interested in that niche topic. How do they reliably grow traffic and therefore ad revenues? Right. They just buy the traffic – also known as ‘sourced traffic’.

Ever wonder where all that traffic comes from? Maybe there are a whole bunch of humans sitting around with nothing to do, who would go to your specific webpages when you tell them to go. Or maybe not. There aren’t enough humans alive on earth to generate the more than one trillion bid requests per day that flows through programmatic exchanges.

So if the large volume of sourced traffic were not from a large number of humans going to specific long-tail sites to generate the enormous quantities of page views and ad impressions, what could it possibly be? Right. Bots.

Sites buy traffic from traffic brokers and resellers

Bots are software programs or malware on devices that can be directed to repeatedly load webpages to generate ad impressions. If you have a large botnet, a single command can get them all to behave reliably and reproducibly to deliver the exact amount of traffic you need, especially if you’re running behind on your numbers. We see tell-tale signs of such botnets on large numbers of sites where the traffic volume on the very last day of the month jumps upward. Do you know of a large group of humans who only visit websites on the last day of the month? I don’t. But a botnet will do exactly what they are programmed to do.

Most people probably don’t have their own botnets; and they probably don’t need to. In fact, just a handful of hackers can create and maintain large botnets and simply ‘rent time’ on these botnets, like vacation timeshares, for various things like DDoS attacks which overwhelm sites with too much traffic, or digital ad fraud. They can just point a portion of this traffic to sites that pay them for the traffic because they want to make more ad revenue.

Traffic sellers or traffic brokers are the conduit. If a traffic seller has a client (a site) that wants to buy one million page views, they can have the hacker direct the botnet to deliver exactly one million page views with one command, after the money is paid, of course. Some have even set up self-serve interfaces so traffic brokers and resellers can just buy it, specify the parameters, and pay for it on credit cards or wire transfers without ever bothering the hacker – it would indeed be rude to disturb them on their super yacht docked in the south of France.

Bots are faithful, reliable click traffic deliverers

And there are many layers of traffic brokers and sellers, because each is just arbitraging an opportunity. If they can buy the traffic at a lower CPM than they can sell it for, they are profitable. And don’t buy the BS about sourced traffic being legitimate because they come from content discovery platforms. Of course, some humans click that click-bait, but if you just take a 1% click through rate (10 clicks in 1000 impressions), it would take 100,000 impressions to deliver 1000 clicks worth of traffic. That’s 100x too costly to make the economics work. So the only way to reliably get 1000 clicks is to create it all.

So the hackers who maintain botnets get paid by traffic sellers who are renting time on their botnets – they only need a portion of the traffic these botnets can generate. Traffic brokers and resellers pay the next guy in the food chain – and as long as there is still an arbitrage opportunity, they consider themselves ‘being entrepreneurial’ for seizing those opportunities. The sites got the traffic they needed to inflate their own ad revenues. And the ad exchanges got the volumes they needed to fulfil the stretch goal they sold. And the agencies could show their clients how many billions of impressions they bought for them at lower CPMs, what savings and ROI! Yay!

So who are the bad guys, you ask? Who do you think the bad guys are now?