While live sports events like March Madness are TV’s bulwark, money is sloshing into digital and mobile and fraudsters are looking to score.
“This is the rule of thumb: Where there’s money, there’s a motive,” said Patrick Murray, VP of product at fraud-detection and analytics company DataVisor.
But certain events or times of the year are more amenable to certain fraud schemes.
Domain spoofing, for example, becomes “much more aggressive and unscrupulous” during big events, like the election cycle, the Super Bowl or March Madness, when advertisers trying to capitalize on the related zeitgeist get taken for a ride, said George Levin, CEO of demand-side platform GetIntent.
“And when buyers spend large amounts of their budget within a limited amount of time, they tend to be less careful, making it much harder for them to spot suspicious activities – especially when it happens under big publishers’ names,” Levin said.
That lack of vigilance is also apparent during the holiday season when advertisers often operate on a use-it-or-lose it model.
“They start looking for inventory to make use of their ad budget, and that can mean a certain looseness in terms of verification,” said Amit Joshi, director of product and data science at Forensiq.
The same could be true on the publisher side of the fence. If a fraudster targets a publisher that’s expecting a spike in traffic related to a cultural event, it’s fairly easy to steal without detection, as long as the fraud doesn’t ramp wildly, said Daniel Bornstein, SVP of media and operations at Leaf Group, which operates publisher brands like Livestrong and eHow.
But any real-world event, cultural, sporting or otherwise, only really becomes worth a fraudster’s while when advertisers start focusing their targeting strategy on event-related content and are willing to pay higher CPMs for related inventory.
“Publishers with topical content are incentivized to buy traffic to it when advertisers show interest in paying more for it,” said Jason Shaw, director of data science at Integral Ad Science.
Shaw hasn’t seen that happen around March Madness in any meaningful way yet. Still, fraudsters primarily care about whether there’s an opportunity to siphon ad spend.
And sophisticated botnets are trying to stay up-to-date with tentpole events. There’s Poweliks for instance, a Trojan horse botnet first uncovered in 2014 that’s been primarily used to commit impression and click fraud.
When analyzing an old version of Poweliks, IAS noticed that it was using keywords to execute searches online in order to build profiles and make itself more attractive for retargeting.
At first, the keywords were fairly generic, things like “car,” “insurance,” “bedroom furniture,” “belly fat” and “weight loss,” to trigger garden-variety retargeting related to the sort of thing people look for when they’re researching before a purchase.
IAS had Poweliks running in a protected environment last year right around the time the US election season was starting to pick up steam when the botnet controller pushed a transmission to its zombie army with an updated list of topical keywords, including “Donald Trump.”
“It’s an illustration that the people behind the bots are staying current,” Shaw said. “We saw it taking advantage of topics that were high on people’s radar at the time.”
Although Poweliks is no longer perpetrating search-related ad fraud, it’s interesting to note that an analysis of its keyword list last March (which, admittedly, has more than 4,000 words), included terms like “basketball,” “NCAA,” “Villanova” and “Carolina.”
But a fraudster doesn’t necessarily need to be all that sophisticated to take advantage of seasonal or event-related spikes in spend and traffic.
“As supply becomes constrained, more fraud is bought or run through exchanges, and you get closer to the bottom of the barrel in terms of what quality inventory is available,” said Claudia Perlich, chief data scientist at Dstillery. “It’s not so much that the fraudsters are smart. It’s just the nature of the economic environment.”