Fraud outfits are also organized. When Human identified a botnet of Android smartphones last year being used by an online fraud group, the organization had two-week product update sprint cycles and engineering comments on new code releases that could easily have been from top software developers.
Human’s new $100 million round is planned for the company’s big expansion into new arenas, both in terms of product and international expansion. Today, more than 90% of Human’s clients are based in North America.
Clearly adding international offices is a priority across the category.
DoubleVerify bought the Swiss verification company Meetrics in August of last year, and IAS just acquired its slice of the international pie with Paris-based Context.
Human is also growing into new categories, namely, ecommerce and finance. While IAS and DoubleVerify focus on ad industry use cases, Human aims to counter bot fraud more broadly.
Hassan said that expanding from just programmatic is necessary, because the same botnets that defraud online advertisers and publishers are also used for other tactics, like financial account takeover scams or ecommerce scraping. In the case of ecommerce scraping, automated bots snipe special release items, such as the new PlayStation or limited-edition sneakers, that bad actors know will resell, especially after removing limited products from the market.
“The better you can see across all the market segments, the better you can protect against it,” Hassan said.
Still, digital marketing remains the most alluring form of fraud, and one of the largest vectors right now is in growth marketing, according to Hassan.
During the pandemic, for instance, car companies and dealerships started offering higher and higher rates for leads on in-market customers. (Many people bought cars during the pandemic, but few were visiting lots, so online forms to test drive a car became valuable.) That’s an enticing system for fraud, Hassan said, because a botnet can become a huge queue of deduplicated users who fill out a form to test a car and then are sold to auto companies as leads.
“Anywhere where there’s a form or click-through to sign up, we’re seeing botnets used to game lead generation,” he said.
But fraud and bot protection companies haven’t been sitting idly.
In November of last year, the Department of Justice (finally) succeeded in convicting Aleksandr Zhukov, an architect of the Methbot ad fraud operation, which Human helped expose in 2016. It was the first time a person was actually apprehended and sentenced to jail for online ad fraud.
But Hassan said that companies, even some purported ad fraud protection services, are “playing to lose” against fraudsters by merely trying to minimize losses in their own campaigns rather than changing their approach to root out and overcome fraudsters.
“We still need to fundamentally change the dynamics of the internet, so that the cost of bot attacks is higher than the cost of defense,” he said.