Bots Set Their Sights On Targeted Ads

BotnetsTargeted advertising and programmatic buying changed the advertising landscape by enabling marketers to purchase and scale impressions from specific audiences.

But the growth in targeted ads has also caught the attention of fraudsters, who are increasingly using botnets to generate and sell impressions to advertisers, according to Michael Tiffany, co-founder and CEO of the online security firm White Ops.

“What we found running our bot-detection technology across the ads ecosystem is that on a network level and campaign level, some of the most sophisticated, targeted ad buys also had really high bot levels,” said Tiffany during a presentation at the Advertising+Data Science Congress (AdsCon) on Thursday.

Bots that control an individual’s PC can direct the Web browser to certain sites, including legitimate websites, and and sell those impressions on an exchange. An advertiser looking for a particular impression may bid on that impression without knowing that it is actually a bot.

A botnet, Tiffany added, could also place items into online shopping carts, abandon them, and sell the impressions based on those actions. One impression may cost only a few cents, but when duplicated across millions of browsers and sites, the process becomes highly lucrative.

“The adversary that we’re up against is actively undermining our data models and using signals of success against us,” Tiffany said. “Ad targeting has created an opening for fraudsters to dramatically increase the volume of available impressions on the Internet and drive down prices.”

The percentage of impressions that are being reported as fraudulent impressions by vendors and security companies range from 20% to 30%, said Steve Sullivan, VP of advertising technology at the Interactive Advertising Bureau.

“It is difficult to say exactly how extensive this problem is and it is difficult to trace,” he said. In addition, there are few incentives for tech vendors to root out these fraudulent practices, Sullivan noted.

“Everybody gets paid for the fraud except the actual brand manager who is laying out the money,” Sullivan said. “In fact, a demand-side platform might even get punished for saying they’ve identified a bot-controlled stream of traffic since another DSP could snap it up and get first priority in the future by buying agencies.”

This issue is less prevalent on mobile devices due to the limited uses of third-party cookies and the fact that many marketers lack large mobile budgets.

“As more transactions are done using mobile apps, there will be an incentive for botnets to infiltrate mobile devices,” said Kiril Tsemekhman, SVP and chief data officer at Integral Ad Science. “It’ll immediately translate into ad fraud since most of mobile advertising is programmatic from inception.”

In addition, it is nearly as easy for a bot to infiltrate videos as it is to attack display ads on a desktop computer, Sullivan noted. A bot can use an infected browser to play a video on a Web page and generate another impression.  As banner ads on desktops fade in popularity, videos “could be the next big target” among fraudsters, Sullivan said.

And even though companies like White Ops,, Integral Ad Science and others offer solutions to combat online fraud, it is not enough unless all the involved players get involved.

“It’s great if companies use some type of fraud protection,” Sullivan said, “But unless everyone does something about it, there’ll still be a market for this kind of fraud.”


Enjoying this content?

Sign up to be an AdExchanger Member today and get unlimited access to articles like this, plus proprietary data and research, conference discounts, on-demand access to event content, and more!

Join Today!