The Big Online Advertising Swindle

Uploaded on 2018-01-19 in NEWS-Cybersecurity News, FREE TO VIEW

Conmen and fraudsters thrive in confusion. And few places are more confusing and opaque than the jargon-ridden world of online advertising. Which is odd really, since the entire social media edifice, Google, Facebook, Twitter, Snapchat, depends on it. 

2017 was the year of the tech-lash, when people and politicians started to push back against tech-led disruption. But there’s potentially a far more significant threat looming for the tech giants: ad fraud.

Every year tens of billions of pounds are spent in this war for your attention, and some of the world’s finest minds are engaged. But on another level it’s not simple at all. There are ‘demand side’ platforms that decide which online ad space to buy and for how much (mostly done via some complicated big data analysis); and ‘supply side’ platforms which sell the space to them. 

The two are matched up on exchange sites which run real-time auctions every millisecond of every day. Whenever you refresh a web-page, a nano-auction is conducted over who will offer the highest amount to show you an advert, which is surely one of the strangest things about the internet.

This system is boring, clever, complicated, automated and opaque all at once.

Hardly anyone fully understands how it all fits together, including the advertisers who are paying for it, and regulators who, as far as can made out, are struggling to get to grips with it.

This is a perfect cocktail for online fraudsters who have, of course, rustled up some ingenuous scams. 

Recent magazine articles presented nine types of digital ad fraud, such as cookie stuffing, impression fraud, and domain spoofing. Some website owners create sophisticated proxies which fire meaningless bot traffic at a site to artificially boost their numbers and lure advertisers in. Others ‘stack’ adverts which have no chance of being seen, hiding ads under ads under ads, so although they are running, no-one sees them. 

A couple of years back one bunch of Russian criminals built thousands of websites, generated a truckload of fake views and clicks via half a million ‘users’ (who were in fact bots) and managed to scoop up roughly £2.3m ($3m) a day in adverts, even though the whole thing was smoke and mirrors.

This outright fraud doesn’t even include gentle exaggeration that goes on all the time, such as social media companies generously measuring levels of engagement on their sites. 

These factors would surely sink any other industry within a week. According to Cnet, only 38 per cent of traffic on the web is human. One estimate is that only nine per cent of digital adverts have a shot at being seen by a real person. No-one knows for sure, but according to various reports, online ad fraud in 2016 was somewhere between £4bn and £9bn ($6bn to $12bn). 
Several analysts reckon about 50 per cent of all ad money spent online is basically nicked. Yes: as much as half of the underlying economic model of the free-services-in-exchange-for-ads system that keeps social media afloat could be fraudulent. It’s bonkers this receives so little coverage outside the ad-tech world (where it is talked about incessantly).

Perhaps the weirdest thing of all is that hardly anyone ever gets caught – the only significant case  was a couple of years back, when an Estonian called Vladimir Tsastsin was sentenced to seven years after raking in millions of dollars from one of these scams over several years. In his recent book, Throwing Rocks at the Google Bus, tech writer Douglas Rushkoff sums this insanity up quite nicely: ‘Malware robots watch ads, monitored by automated tracking software that tailors each advertising message to suit the malbots automated habits, in a human free feedback loop of ever narrowing personalisation. Nothing of value is created but billions of dollars are made’ 

There are lots of reasons this isn’t getting sorted. No one wants to rock the boat too much, and plenty of people still get paid even if it is fraudulent. (Although advertisers always lose). Everyone in the chain seems to think it’s someone else’s responsibility. And for all its faults online advertising still allows far greater nuance and accuracy in terms of targeting a market of people you want to reach. 

But in the end, if advertisers and marketers start to wonder if their online ad spends are really worth it, it would be an existential threat to some of the big tech firms. And if internet users themselves also get fed up and start downloading ad-blocking software, then the whole thing will be blown to smithereens. 

This is why companies are upping their efforts on trying to stamp this out, especially the big players like Google, who take this very seriously. They currently have 100 people dedicated to fighting fraud of this kind, and boot anyone off their ad platform if fraud is suspected. 

2018 will be the year when this is either fixed, perhaps there will be some use found for the exciting new block chain technology everyone is talking about but no-one really understands, or it starts to seriously impact the way the internet works. 

Over the last year, pressure from newspapers and MPs committees has been applied to tech firms to get them to change their behaviour. But we will see that nothing focuses the mind of these companies quite so well as the bottom line. 

Spectator

You Might Also Read:

Australia To Challenge Facebook & Google Over Media Disruption:

Bashing Facebook Is Not The Answer To Curbing Russian Influence Operations:

Social Media & The New Advertising Model (£):
 

 

« Iran’s Internal Conflict Plays Out On Social Media
Massive Breach: 3m Healthcare Records Compromised »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Magnet Forensics

Magnet Forensics

Magnet Forensics' family of digital forensics products are used globally by thousands of law enforcement, military, government and corporate customers.

Onapsis

Onapsis

Onapsis is a pioneer in cybersecurity and compliance solutions for cloud and on-premise ERP and business-critical applications.

Certego

Certego

Certego is a company of the VEM Sistemi Group specialised in providing managed computer security services and to combat Cyber Crime.

Israel Aerospace Industries (IAI)

Israel Aerospace Industries (IAI)

IAI offers a holistic approach that provides defense forces, governments, critical infrastructures and large enterprises with end-to-end cyber security & monitoring tools.

Exonar

Exonar

We enable organisations to better organise their information, removing risk and making it more productive and secure.

AllegisCyber Capital

AllegisCyber Capital

AllegisCyber is an investment company with a focus on seed and early stage investing in cybersecurity and its applications in emerging technology markets.

Axonius

Axonius

Axonius is the only solution that offers a unified view of all assets and their coverage, empowering customers to take action to enforce their organization’s security policies.

ACA Group

ACA Group

ACA Group are a leading governance, risk, and compliance (GRC) advisor in financial services.

Emagined Security

Emagined Security

Emagined Security is a leading provider of professional services for Information Security and Compliance solutions.

InfoExpress

InfoExpress

InfoExpress provides network security solutions that enhance productivity and security through better visibility, improved security, and automating device and mobile access to the network.

Informer

Informer

Informer provides an Attack Surface Management SaaS platform alongside penetration testing services. We combine machine learning and human intelligence to reduce cyber risk.

MetaCert

MetaCert

MetaCert’s Zero Trust browser software reduces the risk of organizations being compromised with a phishing-led cyberattack by more than 98%.

PPC Protect

PPC Protect

PPC Protect is an entirely automated click fraud prevention solution.

Across Verticals

Across Verticals

Across Verticals is a boutique cyber security consulting firm that specializes in holistic, deeply technical and end to end cyber security advisory services based on industry best practices.

EdgeWatch

EdgeWatch

EdgeWatch is a platform that helps information accredited security practitioners discover, monitor, and analyze devices that are accessible from the Internet.

Data Defenders

Data Defenders

Data Defenders provide information security technology solutions that empower consumers, businesses and governments with safe and secure IT and cybersecurity infrastructures.