Fraudsters Have Media Plans, Too

Like any good media planner, fraudsters are attuned to time of year, seasonality, demographics, ad formats and trends in consumer behavior.

With football season and the MLB playoffs in full swing, they seem to have turned their attention to pro sports sites.

“We see a lot of sophisticated invalid traffic targeting premium sites,” said Amit Joshi, director of product and data science at fraud detection company Forensiq, which recently uncovered a bot that’s targeting sports team websites.

All 32 NFL team domains are affected. The bot appears to hijack a browser and loads ads without the site being aware of it. It’s unclear exactly how Sports Bot, as Forensiq calls it, gets deployed, but it’s likely through malware.

Forensiq was tipped off to Sport Bot’s shenanigans when the company’s machine-learning traffic detection algorithm identified likely fraudulent activity among roughly 75% of pre-bid requests to NFL team sites.

After cross-referencing the NFL data with other sports team websites for the NBA, NHL and MLB, it became clear that team domains were particularly exposed, having yet to implement Ads.txt, the anti-spoofing method introduced by the Interactive Advertising Bureau. The volume of invalid traffic to team sites is higher than to larger websites, like or, both of which have published their Ads.txt files.

The approximate daily cost due to unchecked Sports Bot? Somewhere around $6.8 million a week or between $350 million and $700 million annually, according to Forensiq’s estimate.

Once malware is installed on a computer, operators control the bots and can direct them to any site or vertical they want, said Forensiq CEO David Sendroff

“In theory, when the NFL season is over, they can effectively just redirect the traffic to other domains,” Sendroff said.

The fact is, bots follow human interest and sophisticated fraudsters follow trends.

“The rate of fraud activity consistently matches that of marketers throughout the year, suggesting that fraudsters prepare and scale their activities to match increased advertising activity,” said Ziv Peled, VP of global client services at AppsFlyer.

A fraudster’s so-called media plan is in fact almost identical to a legit media planner’s plan, because fraudsters follow the money.

Fraudsters will, for example, hide their fake clicks within weekday traffic flow at times when marketers are primarily targeting consumers online. “If there is a spike in fraud on the weekend, when people spend less time on the internet, that would automatically be more suspicious,” said Rich Kahn, CEO of digital marketing firm eZanga.

In times of high demand, like during the holidays or in the midst of a sports season when spending ramps, publishers usually buy more traffic to serve more ads.

But “botmasters don’t have to be market geniuses” to benefit from that uptick, said Michael Tiffany, president and co-founder of White Ops. “They’re just seeing their own demand going up.”

It’s not that consumers browse the internet twice as much in Q4 as they do in Q1. Most of the increased traffic levels during key times of year is generated by bots, Tiffany said.

“When demand drops, publishers see their fill rates drop, so then they spend less money on traffic sourcing [and] the bot surge ends,” Tiffany said. “Any time the demand for advertising outpaces supply on real human impressions, fake impressions are available to fill the gap. There is even a peak in March when digital ad spending rises at the tail end of Q1.”

Fraudsters can be quite cunning at figuring out where the high-quality demand hangs out and when. But fraud doesn’t just fill the gap seasonally when demand outpaces supply.

“We also see it across formats and demos,” Tiffany said. “This is why we saw higher levels of fraud affecting Asian, Hispanic and other demographically narrowed campaigns in a past ANA study. Bots that match those profiles are always in high demand.

Enjoying this content?

Sign up to be an AdExchanger Member today and get unlimited access to articles like this, plus proprietary data and research, conference discounts, on-demand access to event content, and more!

Join Today!


  1. “In times of high demand, like during the holidays or in the midst of a sports season when spending ramps, publishers usually buy more traffic to serve more ads.”

    This statement would be more accurate if it read “…publishers buy cheap third party traffic for pennies knowing that it is laced with bot traffic.”

  2. Simple idea to STAMP OUT identity fraud, card fraud and cybercrimes forever

    Identity fraud, card fraud and cybercrimes are growing so fast ONLY because we rely on unreliable signature, PIN and password systems to concede transactions. These crimes will be stamped out for ever if we make these systems reliable as described below by the inventor.

    Signatures are unreliable because they do not even expose fraudster’s gender in the event of crime. To make signatures reliable all we have to do is to apply ID sticker supplied by banks (small sticker with person’s photo, name and logo of bank printed on it) and countersign.

    PIN and password systems are unreliable because criminals can obtain them. To make PIN reliable all we have to do is to store it on key size thumbprint activated memory stick the way PIN is stored in contactless cards. Call this electronic PIN as EPIN which will change to new value after each transaction. Use EPIN as reliable password to stamp out cybercrimes.

    Your support to implement proposed system will be appreciated.