Digital Advertising Is A $Billion Ripoff

A new report says Internet advertising revenues in the US totaled $107.5 billion for full-year 2018, the first time that figure has topped $100 billion. The report, commissioned by the Interactive Advertising Bureau (IAB) and conducted by PwC, said revenue in 2018 was 21.8% higher than full-year 2017 revenue of $88.3 billion.

That double-digit growth in Internet advertising comes as TV advertising increased 1.4% and radio grew 1% from 2017 to 2018, according to the report.

Meanwhile, newspaper advertising decreased 6.9% and magazine advertising fell 2.1% in 2018 year over year. But the problem has ramifications for more than just the digital advertising market.

Digital ad revenue provides much of the financial underpinning of e-commerce and online-based businesses. Media agencies suffer when their analytics tools report a substantial amount of web traffic, but the amount of revenue doesn’t support the number of visitors tracked by their systems.

Online ad fraud has become so profitable that malware creators and botnet masters are developing new programs and theft techniques in order to keep making a profit, according to Michael Tiffany, president and co-founder of the bot detection company White Ops.

“To make money, the bad guys make it look like there are more people looking at ads than there really are,” he said. “This is a big deal because other crimes leave evidence. You might have missed a ransomware infection, but someone asks for bitcoin…But ad fraud succeeds by going unnoticed.”

Scams works in myriad of ways, though every method depends on advertising ecosystem’s inherent complexity.

There could be as many as nine different companies involved in the chain of serving one web user with a single ad, and every one of those transactions presents an opportunity for scammers to get involved, said Amy King, vice president of product marketing for Pixalate, an ad technology company.

One technique, called ad spoofing, exploits advertisers’ inability to directly place ads on the websites with audiences they are trying to reach. Advertisers buy ad space in a real-time auction for sites that look like known, trusted media outlets, but in fact are set up by scammers. A site that may look like ESPN or the New York Times, for example, might in fact be a much less reputable page that receives hardly any traffic.

It’s also common for fraudsters to inflate ad numbers via pixel stuffing, when an ad is hidden in a picture. Then there’s ad stacking, which occurs when multiple ads are hidden under a single banner or display.

These are just a sample of the perhaps dozens of techniques scammers have developed over the past decade, and more methods are in the works now.  But ad fraud has become the most profitable form of cybercrime today mostly because of the way scammers leverage botnets.

Technique

One common technique works like this: A web user clicks on a malicious link in a phishing email, unwittingly infecting their computer with malware. The hackers who control that malware use it to call up an invisible web browser on that user’s machine without their knowledge, and visit junk websites or click on advertisements.

That hacked computer is one of perhaps millions of legitimate machines controlled as part of a botnet that scammers use to inflate web traffic and ad impressions, meaning advertisers are paying for access to humans who don’t exist.

Scammers, impersonating legitimate companies, also sell their fake traffic to real publishers trying to attract as many engaged visitors as possible, in order to satisfy advertisers. Meanwhile fraudsters are cashing in from both sides.

Google’s Problem

Unchecked Internet fraud isn’t just a problem for advertisers and publishers, it also represents an “existential” threat to Google, said Per Bjorke, a senior product manager who leads Google’s ad traffic quality team. A large portion of the company’s business relies on advertising revenue and, if clients cease to trust the advertising ecosystem, that spells trouble for Google’s short and long term plans, Bjorke said.

“It’s very simple,” he said. “The future growth of Google and other companies hinges on the fact that online advertising is trusted, and that there will be a return on investment on ad budgets … It’s very important for us because people could stop investing in advertisements.”

The same is true for publishers and the ad industry overall. Some solutions are available, though there’s no single way to stop scammers from skimming off the top.

CyberScoop:      CNBC:        IAB:     Image: Nick Youngson

You Might Also Read:

Social Media & The New Advertising Model (£)

The Big Online Advertising Swindle:

 

 

« A Predictive Tool For Armed Police
Two Years After WannaCry Severe Risks Remain »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

IGEL Technology

IGEL Technology

IGEL Technology is one of the world's leading thin client vendors. Thin clients increase data security and compliance.

National Cyber Security Centre Finland (NCSC-FI)

National Cyber Security Centre Finland (NCSC-FI)

The NCSC-FI develops and monitors the operational reliability and security of communications networks and services in Finland.

Chubb

Chubb

Chubb is the world’s largest publicly traded property and casualty insurer. Commercial services include Cyber Risk insurance.

Allegro Software

Allegro Software

Allegro provide secure software for the Internet of Things.

Cybraics

Cybraics

Cybraics nLighten platform implements a unique and sophisticated artificial intelligence engine that rapidly learns your environment and alerts security teams to threats and vulnerabilities.

Wayra UK

Wayra UK

Wayra UK, part of Telefónica Open Future, has been chosen to run a new cyber accelerator facility to help UK start-ups grow and take the lead in producing the next generation of cyber security systems

WetStone Technologies

WetStone Technologies

WetStone develops software solutions that support investigators and analysts engaged in eCrime Investigation, eForensics and incident response activities.

Squalio

Squalio

Squalio is an information technology group that delivers solutions and services for secure and effective IT management.

C3.ai

C3.ai

The C3 AI Suite supports configurable, pre-built, high value AI applications for predictive maintenance, fraud detection, anti-money laundering, sensor network health and more.

Honeywell Process Solutions (HPS)

Honeywell Process Solutions (HPS)

Honeywell's Industrial Cyber Security Solutions help plants and critical infrastructure sectors defend the availability, reliability and safety of their industrial control systems.

StartupXseed Ventures

StartupXseed Ventures

StartupXseed Ventures is a smart capital provider for Deep Tech, B2B, Early Stage Startups. We support, NextGen Tech Entrepreneurs, who have potential to deliver the outsized growth.

SuperCom

SuperCom

SuperCom are a global secure solutions integrator and technology provider for governments and other consumers facing organizations around the world.

Aware

Aware

Aware is the only comprehensive AI solution for governance, risk, compliance and insights for leading collaboration platforms.

Covenant Technologies

Covenant Technologies

Make Covenant Technologies the only choice for your IT and cybersecurity recruitment needs. We deliver quality candidates at the forefront of the cybersecurity and IT industry.

Relatech

Relatech

Relatech is a Digital Enabler Solution Knowledge (D.E.S.K.) Company that offers digital services and solutions dedicated to the digital transformation of businesses.

Cybersecurity Elastic Laboratory (CEL)

Cybersecurity Elastic Laboratory (CEL)

CEL specialize in providing top-tier services in vulnerability diagnosis and penetration testing, offering a comprehensive suite of solutions to mitigate cyber risks.