Home Ad Exchange News DoubleVerify Uncovers A New Type Of Scam In CTV

DoubleVerify Uncovers A New Type Of Scam In CTV

SHARE:
Woman falling asleep on the sofa at home while watching TV, she is holding the remote control

Ad verification company DoubleVerify recently shut down a new type of scheme in connected TV that uses screensavers to hijack streaming devices in order to generate fake ad impressions – even when the screen is off.

DoubleVerify estimates that the scam, dubbed “SmokeScreen,” is bilking advertisers out of more than $6 million a month and shows how fraudsters are becoming more sophisticated.

The latest scheme was uncovered in April and differs from previous multimillion-dollar “spoofing” scams that DoubleVerify and other ad verification providers have shut down in recent years. Most of those fraud schemes used server-side ad insertion to generate fake CTV inventory across a large number of apps, IP addresses and devices.

The bot-based SmokeScreen scam ran various fraudulent screensaver apps, primarily targeting those with external CTV devices, the kind manufactured by companies such as Amazon and Roku (DoubleVerify declined to name specific devices that were impacted).

Once downloaded by users – who are unaware the screensavers are being used to run bogus traffic – the app continuously generates multiple fake ad requests to exchanges.

“You turn off your television and it just continues to request ads,” Jack Smith, DoubleVerify’s chief product officer, told AdExchanger, adding that the scheme dupes advertisers, publishers and the platform.

SmokeScreen scammers created multiple selling accounts to hide their activity. The fake impressions also appeared as if they originated from premium CTV apps, or spoofing, which ultimately siphoned revenue away from publishers and bilked advertisers out of ad spend.

Assuming an average $20 CPM, DoubleVerify estimates that from April to May, the scam impacted about 10,000 CTV devices and generated more than 300 million ad requests worth more than $6 million.

DoubleVerify blocked the activity on May 23 after observing odd patterns of pre-bid impression requests, mainly that they were being generated overnight, between 12 a.m. and 5 a.m., when traffic typically decreases because most people are not watching TV and screens are off.

“Normally you’d think that a screensaver would be more active at night,” Smith said. “But when we started looking at the data for these kinds of apps, what we saw was that the number of impressions being requested were fairly constant, which makes no sense. To us it was new, but it became fairly obvious because the normal device patterns didn’t match.”

Additionally, the volume of impressions coming from hijacked devices throughout May was three times higher than authentic traffic on devices that weren’t compromised.

Subscribe

AdExchanger Daily

Get our editors’ roundup delivered to your inbox every weekday.

Even after DoubleVerify blocked the scam for its clients, the company noticed that the operation seemingly “doubled down” on its attempt to dupe advertisers – the number of ad requests significantly increased and are still being generated.

“They probably recognized that they weren’t making as much money and decided to generate more fake impressions because we shut it down,” he said.

DoubleVerify uncovered the invalid traffic because it evaluates whether pre-bid ad requests made by video players are fraudulent and sends the information to DSPs, Smith said.

“We’ll see the request, but we won’t bid on it,” he said, adding that DoubleVerify updates a list of fraudulent apps 100 times a day. “And in some cases, if for whatever reason it sneaks through, we have the ability to filter out and block in CTV environments – we have a secondary layer of protection there.”

Smith added that it was unclear how long SmokeScreen had been running before DoubleVerify shut the scheme down. Some scams are blocked within hours or days of being identified. DoubleVerify said its video filtering tool played a critical role in detecting SmokeScreen impressions early.

“As soon as we recognize the scheme, we shut it down,” Smith said.

A recent report by DoubleVerify found that post-bid fraud and sophisticated invalid traffic rates were down 30% year-over-year, from 2% to 1.4% across desktop, mobile app, mobile web and CTV.

Speaking on the company’s Q2 earnings call on July 29, CEO Mark Zagorski said that while fraud rates decreased, there’s still a significant amount of fraud – and it continues to evolve in CTV.

Fraudulent apps are becoming more common in the space, he added, often appearing to look “totally innocuous” and even including legitimate content.

“The interesting thing about this type of fraud is we saw this earlier in mobile,” Zagorski told investors. “Every new device spurs a new type of fraud.”

Must Read

A comic depicting Judge Leonie Brinkema's view of the her courtroom where the DOJ vs. Google ad tech antitrust trial is about to begin. (Comic: Court Is In Session)

Your Day One Recap: DOJ vs. Google Goes Deep Into The Ad Tech Weeds

It’s not often one gets to hear sworn witnesses in federal court explain the intricacies of header bidding under oath. But that’s what happened during the first day of the Google ad tech-focused antitrust case in Virginia on Monday.

Comic: What Else? (Google, Jedi Blue, Project Bernanke)

Project Cheat Sheet: A Rundown On All Of Google’s Secret Internal Projects, As Revealed By The DOJ

What do Hercule Poirot, Ben Bernanke, Star Wars and C.S. Lewis have in common? If you’re an ad tech nerd, you’ll know the answer immediately.

shopping cart

The Wonderful Brand Discusses Testing OOH And Online Snack Competition

Wonderful hadn’t done an out-of-home (OOH) marketing push in more than 15 years. That is, until a week ago, when it began a campaign across six major markets to promote its new no-shell pistachio packs.

Privacy! Commerce! Connected TV! Read all about it. Subscribe to AdExchanger Newsletters
Google filed a motion to exclude the testimony of any government witnesses who aren’t economists or antitrust experts during the upcoming ad tech antitrust trial starting on September 9.

Google Is Fighting To Keep Ad Tech Execs Off the Stand In Its Upcoming Antitrust Trial

Google doesn’t want AppNexus founder Brian O’Kelley – you know, the godfather of programmatic – to testify during its ad tech antitrust trial starting on September 9.

How HUMAN Uncovered A Scam Serving 2.5 Billion Ads Per Day To Piracy Sites

Publishers trafficking in pirated movies, TV shows and games sold programmatic ads alongside this stolen content, while using domain cloaking to obscure the “cashout sites” where the ads actually ran.

In 2019, Google moved to a first-price auction and also ceded its last look advantage in AdX, in part because it had to. Most exchanges had already moved to first price.

Thanks To The DOJ, We Now Know What Google Really Thought About Header Bidding

Starting last week and into this week, hundreds of court-filed documents have been unsealed in the lead-up to the Google ad tech antitrust trial – and it’s a bonanza.