The Big Online Advertising Swindle

Uploaded on 2018-01-19 in NEWS-Cybersecurity News, FREE TO VIEW

Conmen and fraudsters thrive in confusion. And few places are more confusing and opaque than the jargon-ridden world of online advertising. Which is odd really, since the entire social media edifice, Google, Facebook, Twitter, Snapchat, depends on it. 

2017 was the year of the tech-lash, when people and politicians started to push back against tech-led disruption. But there’s potentially a far more significant threat looming for the tech giants: ad fraud.

Every year tens of billions of pounds are spent in this war for your attention, and some of the world’s finest minds are engaged. But on another level it’s not simple at all. There are ‘demand side’ platforms that decide which online ad space to buy and for how much (mostly done via some complicated big data analysis); and ‘supply side’ platforms which sell the space to them. 

The two are matched up on exchange sites which run real-time auctions every millisecond of every day. Whenever you refresh a web-page, a nano-auction is conducted over who will offer the highest amount to show you an advert, which is surely one of the strangest things about the internet.

This system is boring, clever, complicated, automated and opaque all at once.

Hardly anyone fully understands how it all fits together, including the advertisers who are paying for it, and regulators who, as far as can made out, are struggling to get to grips with it.

This is a perfect cocktail for online fraudsters who have, of course, rustled up some ingenuous scams. 

Recent magazine articles presented nine types of digital ad fraud, such as cookie stuffing, impression fraud, and domain spoofing. Some website owners create sophisticated proxies which fire meaningless bot traffic at a site to artificially boost their numbers and lure advertisers in. Others ‘stack’ adverts which have no chance of being seen, hiding ads under ads under ads, so although they are running, no-one sees them. 

A couple of years back one bunch of Russian criminals built thousands of websites, generated a truckload of fake views and clicks via half a million ‘users’ (who were in fact bots) and managed to scoop up roughly £2.3m ($3m) a day in adverts, even though the whole thing was smoke and mirrors.

This outright fraud doesn’t even include gentle exaggeration that goes on all the time, such as social media companies generously measuring levels of engagement on their sites. 

These factors would surely sink any other industry within a week. According to Cnet, only 38 per cent of traffic on the web is human. One estimate is that only nine per cent of digital adverts have a shot at being seen by a real person. No-one knows for sure, but according to various reports, online ad fraud in 2016 was somewhere between £4bn and £9bn ($6bn to $12bn). 
Several analysts reckon about 50 per cent of all ad money spent online is basically nicked. Yes: as much as half of the underlying economic model of the free-services-in-exchange-for-ads system that keeps social media afloat could be fraudulent. It’s bonkers this receives so little coverage outside the ad-tech world (where it is talked about incessantly).

Perhaps the weirdest thing of all is that hardly anyone ever gets caught – the only significant case  was a couple of years back, when an Estonian called Vladimir Tsastsin was sentenced to seven years after raking in millions of dollars from one of these scams over several years. In his recent book, Throwing Rocks at the Google Bus, tech writer Douglas Rushkoff sums this insanity up quite nicely: ‘Malware robots watch ads, monitored by automated tracking software that tailors each advertising message to suit the malbots automated habits, in a human free feedback loop of ever narrowing personalisation. Nothing of value is created but billions of dollars are made’ 

There are lots of reasons this isn’t getting sorted. No one wants to rock the boat too much, and plenty of people still get paid even if it is fraudulent. (Although advertisers always lose). Everyone in the chain seems to think it’s someone else’s responsibility. And for all its faults online advertising still allows far greater nuance and accuracy in terms of targeting a market of people you want to reach. 

But in the end, if advertisers and marketers start to wonder if their online ad spends are really worth it, it would be an existential threat to some of the big tech firms. And if internet users themselves also get fed up and start downloading ad-blocking software, then the whole thing will be blown to smithereens. 

This is why companies are upping their efforts on trying to stamp this out, especially the big players like Google, who take this very seriously. They currently have 100 people dedicated to fighting fraud of this kind, and boot anyone off their ad platform if fraud is suspected. 

2018 will be the year when this is either fixed, perhaps there will be some use found for the exciting new block chain technology everyone is talking about but no-one really understands, or it starts to seriously impact the way the internet works. 

Over the last year, pressure from newspapers and MPs committees has been applied to tech firms to get them to change their behaviour. But we will see that nothing focuses the mind of these companies quite so well as the bottom line. 

Spectator

You Might Also Read:

Australia To Challenge Facebook & Google Over Media Disruption:

Bashing Facebook Is Not The Answer To Curbing Russian Influence Operations:

Social Media & The New Advertising Model (£):
 

 

« Iran’s Internal Conflict Plays Out On Social Media
Massive Breach: 3m Healthcare Records Compromised »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Berkman Klein Center for Internet & Society

Berkman Klein Center for Internet & Society

The Berkman Klein Center for Internet & Society is a research center at Harvard University that focuses on the study of cyberspace.

Lutech

Lutech

Lutech is an Italian ICT engineering and services company. Business solution areas include cyber security.

Flexential

Flexential

Flexential helps organizations optimize their journey of IT transformation while simultaneously balancing cost, scalability, compliance and security.

Secucloud

Secucloud

Secucloud GmbH is a provider of high-availability cyber-security solutions, offering a cloud-based security-as-a-service platform, particularly for providers.

Prescient

Prescient

Prescient’s Cyber solutions supplement your firm’s existing data security infrastructure with specialized investigations that identify unconventional cyber risks.

Travelers

Travelers

Travelers is a leading writer of US commercial property casualty insurance and one of the world’s largest global insurers for cyber insurance.

CloudOak

CloudOak

CloudOak is a cloud channel provider for hybrid cloud Backup as a Service (BaaS), Disaster Recovery as a Service (DRaaS) and Archiving to Small to Medium Business (SMB).

Osirium

Osirium

The Osirium PxM Privileged Access Management platform addresses both security and compliance requirements by defining who gets access to what and when.

The Security Company (TSC)

The Security Company (TSC)

The Security Company is a leading provider of creative employee security awareness programmes.

Dutch Innovation Park

Dutch Innovation Park

Dutch Innovation Park in Zoetermeer is a breeding ground for applied IT solutions in the field of cyber security, e-health, smart mobility and big data.

Montreal International

Montreal International

You’re an entrepreneur planning to launch a company in an innovative sector such as AI, cybersecurity, 'deeptech' or fintech? You’ve found the right place!

Securden

Securden

Securden provide an all-in-one Platform for Next-Gen Privileged Access Governance, helping you to prevent identity thefts, malware propagation, cyber attacks, and insider exploitation.

ValueMentor

ValueMentor

ValueMentor is a leading cyber security service provider in the Middle East. We enable clients to reduce risk by taking a strategic approach to cybersecurity.

Paradyn

Paradyn

Paradyn-managed security services can provide a holistic view of your business environment, no matter how simple or complex it is.

Wavex Technology

Wavex Technology

Wavex Technology is an award winning IT Services firm offering clients a secure and fully managed IT service.

CERT.JE

CERT.JE

CERT.JE is responsible for promoting and improving the cyber resilience across the critical national infrastructure, business communities and citizens in Jersey.