The Big Online Advertising Swindle

Uploaded on 2018-01-19 in NEWS-Cybersecurity News, FREE TO VIEW

Conmen and fraudsters thrive in confusion. And few places are more confusing and opaque than the jargon-ridden world of online advertising. Which is odd really, since the entire social media edifice, Google, Facebook, Twitter, Snapchat, depends on it. 

2017 was the year of the tech-lash, when people and politicians started to push back against tech-led disruption. But there’s potentially a far more significant threat looming for the tech giants: ad fraud.

Every year tens of billions of pounds are spent in this war for your attention, and some of the world’s finest minds are engaged. But on another level it’s not simple at all. There are ‘demand side’ platforms that decide which online ad space to buy and for how much (mostly done via some complicated big data analysis); and ‘supply side’ platforms which sell the space to them. 

The two are matched up on exchange sites which run real-time auctions every millisecond of every day. Whenever you refresh a web-page, a nano-auction is conducted over who will offer the highest amount to show you an advert, which is surely one of the strangest things about the internet.

This system is boring, clever, complicated, automated and opaque all at once.

Hardly anyone fully understands how it all fits together, including the advertisers who are paying for it, and regulators who, as far as can made out, are struggling to get to grips with it.

This is a perfect cocktail for online fraudsters who have, of course, rustled up some ingenuous scams. 

Recent magazine articles presented nine types of digital ad fraud, such as cookie stuffing, impression fraud, and domain spoofing. Some website owners create sophisticated proxies which fire meaningless bot traffic at a site to artificially boost their numbers and lure advertisers in. Others ‘stack’ adverts which have no chance of being seen, hiding ads under ads under ads, so although they are running, no-one sees them. 

A couple of years back one bunch of Russian criminals built thousands of websites, generated a truckload of fake views and clicks via half a million ‘users’ (who were in fact bots) and managed to scoop up roughly £2.3m ($3m) a day in adverts, even though the whole thing was smoke and mirrors.

This outright fraud doesn’t even include gentle exaggeration that goes on all the time, such as social media companies generously measuring levels of engagement on their sites. 

These factors would surely sink any other industry within a week. According to Cnet, only 38 per cent of traffic on the web is human. One estimate is that only nine per cent of digital adverts have a shot at being seen by a real person. No-one knows for sure, but according to various reports, online ad fraud in 2016 was somewhere between £4bn and £9bn ($6bn to $12bn). 
Several analysts reckon about 50 per cent of all ad money spent online is basically nicked. Yes: as much as half of the underlying economic model of the free-services-in-exchange-for-ads system that keeps social media afloat could be fraudulent. It’s bonkers this receives so little coverage outside the ad-tech world (where it is talked about incessantly).

Perhaps the weirdest thing of all is that hardly anyone ever gets caught – the only significant case  was a couple of years back, when an Estonian called Vladimir Tsastsin was sentenced to seven years after raking in millions of dollars from one of these scams over several years. In his recent book, Throwing Rocks at the Google Bus, tech writer Douglas Rushkoff sums this insanity up quite nicely: ‘Malware robots watch ads, monitored by automated tracking software that tailors each advertising message to suit the malbots automated habits, in a human free feedback loop of ever narrowing personalisation. Nothing of value is created but billions of dollars are made’ 

There are lots of reasons this isn’t getting sorted. No one wants to rock the boat too much, and plenty of people still get paid even if it is fraudulent. (Although advertisers always lose). Everyone in the chain seems to think it’s someone else’s responsibility. And for all its faults online advertising still allows far greater nuance and accuracy in terms of targeting a market of people you want to reach. 

But in the end, if advertisers and marketers start to wonder if their online ad spends are really worth it, it would be an existential threat to some of the big tech firms. And if internet users themselves also get fed up and start downloading ad-blocking software, then the whole thing will be blown to smithereens. 

This is why companies are upping their efforts on trying to stamp this out, especially the big players like Google, who take this very seriously. They currently have 100 people dedicated to fighting fraud of this kind, and boot anyone off their ad platform if fraud is suspected. 

2018 will be the year when this is either fixed, perhaps there will be some use found for the exciting new block chain technology everyone is talking about but no-one really understands, or it starts to seriously impact the way the internet works. 

Over the last year, pressure from newspapers and MPs committees has been applied to tech firms to get them to change their behaviour. But we will see that nothing focuses the mind of these companies quite so well as the bottom line. 

Spectator

You Might Also Read:

Australia To Challenge Facebook & Google Over Media Disruption:

Bashing Facebook Is Not The Answer To Curbing Russian Influence Operations:

Social Media & The New Advertising Model (£):
 

 

« Iran’s Internal Conflict Plays Out On Social Media
Massive Breach: 3m Healthcare Records Compromised »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Nixon Peabody LLP

Nixon Peabody LLP

Nixon Peabody LLP is an international law firm with offices across the USA, Europe and Asia. Practice areas include Data Privacy and Cyber Security.

GovCERT.HK

GovCERT.HK

GovCERT.HK is the Government Computer Emergency Response Team for Hong Kong.

Sentia

Sentia

Sentia is an IT and infrastructure firm, with focus on Outsourcing, IT operation and management, Hosting, Co-location, Network, and IT security.

ThreatSTOP

ThreatSTOP

ThreatSTOP is a cloud-based automated threat intelligence platform that converts the latest threat data into enforcement policies to stop attacks before they become breaches.

Coursera

Coursera

Coursera provides universal access to the world’s best education, partnering with top universities and organizations to offer courses online. Subject areas include Computer Security & Networks.

Cryptsoft

Cryptsoft

Cryptsoft provides key management and security software development toolkits based around open standards such as OASIS KMIP and PKCS#11.

Cybersprint

Cybersprint

Cybersprint's Digital Risk Protection platform continuously monitors your digital footprint so you can make informed decisions on exposure to online threats, identify vulnerabilities and take action.

Digiserve

Digiserve

Digiserve by Telkom Indonesia is an end-to-end managed solutions provider committed to empowering enterprises in Indonesia.

SterlingRisk Programs

SterlingRisk Programs

SterlingRisk’s Cyber practice brings experience working with a wide array of clients across a broad spectrum of industries.

EnigmaSoft

EnigmaSoft

EnigmaSoft is known for its PC anti-malware remediation utility and service under the tradename SpyHunter.

Arkphire

Arkphire

Arkphire provide solutions across every aspect of IT to help your business perform better.

Blumira

Blumira

Blumira provides comprehensive, hybrid cloud security monitoring and reporting for organizations of all sizes, enabling them to detect and respond to cloud security threats quickly and effectively.

Commonwealth Scientific & Industrial Research Organisation (CSIRO)

Commonwealth Scientific & Industrial Research Organisation (CSIRO)

CSIRO is Australia's national science agency. We solve the greatest challenges through innovative science and technology.

WheelHouse IT

WheelHouse IT

WheelHouse IT secures, manages, and advances businesses with innovative, cost-effective IT solutions.

Tsaaro Academy

Tsaaro Academy

Tsaaro Academy is a unique privacy certification training platform and here you earn a privacy certification CEH, CISM and DPO from India’s No.1 Privacy training platform.

Simpson Associates

Simpson Associates

Simpson Associates is a Data Transformation and managed services provider that helps organisations gain valuable insights from their data and make better-informed decisions.