It has infiltrated everything from art to the military, and now it’s becoming increasingly troublesome in the ad tech sector through malware, phishing, and scams. 

At an AdMonsters Ops session on June 6th, “AI + Malvertising = ?,” attendees heard from Jerome Dangu, Chief Technology Officer and Co-Founder, Confiant, and Louis-David Mangin, CEO and Co-Founder, Confiant, about how AI is affecting ad tech and how we can stay aware of what is to come. 

Confiant has been in the ad security business for 10 years, giving the company a great deal of experience in recognizing bad actors and helping publishers identify these risks as well. According to Confiant, ad tech has two dimensions of security risk: victim and vector. 

Victim refers to specific types of fraud, namely bot fraud, attribution fraud, and arbitrage fraud. Vector refers to the types of ways bad actors attempt to infiltrate, through malware, phishing, and scams. Of these, scams are the bread and butter of those attacking through advertising. 

Why AI Matters In Ad Tech Today 

Ad tech is a marketplace that reaches a wide range of people, and because of this, it can be used as a vector for cyber criminals to reach others and deliver attacks. It’s important to know what our responsibility is in terms of protecting users, Mangin says. 

While ad tech is not the only ad-based vector, those who are looking to scam others out of money do not distinguish between different facets of the internet; they will go wherever they can to make the most profit. 

Ad tech is also growing very quickly, and while this is a good thing for the industry it also means more opportunity for attacks. Mangin suggests it is important to consider how we control the possible infiltration and whether our current systems are up to the task as AI continues to permeate all parts of society. 

Our industry also lacks transparency, which is advantageous to the buyer, but causes a major blindspot when it comes to cybersecurity. Confiant has set up a website, buyers.json, to help create more transparency in the industry and to help limit malicious attacks. 

There is already an established attacker base in the ad tech space, with at least 35 different groups that specialize in compromising ad tech systems. Confiant has also established a website that maps out these bad actors, matrix.confiant.com. 

Cybercrime is generating trillions of dollars, and preventing these attacks is privatized, meaning you have to pay a private company to help you if you are the victim of a cybercrime. Cybercriminals also only need to succeed a fraction of the time to make their attempts worth it, and things will only continue to get more challenging as AI helps create more effective attempts with less human effort. 

The Future of AI 

The world is currently buzzing about the unintended consequences of AI technology that have resulted from those with good intentions, but the ad tech industry should be concerned with bad actors whose intentions are malicious from the start. Ads are the best way to reach people today, leaving our industry open for a slew of attacks, particularly as AI technology improves. 

AI has a control problem, as evidenced by malfunctions that have been in the news recently. For example, the Air Force allegedly performed a simulation with AI where the AI drone killed its operators and even attempted to blow up the control tower while programmers worked to reprogram the drone to prevent further casualties. And. it has been proven that Chat GPT has the ability to lie to users. 

“We’re fundamentally tinkering with intelligence here,” Mangin shares. We don’t quite understand the technology yet, which leads to complications. He notes that a large company was recently working with Confiant to try to create security to block AI attacks, but could not create proper defenses since they could not figure out how the AI had reached a particular conclusion. 

The technology for AI is open source and every week there are huge improvements happening. Regulation is on the way soon, but while governments can enact regulations that large companies will have to follow, those who are operating in small numbers or as individuals will still be able to do what they want.

Deep Fakes And Scams

We’ve all seen AI-generated photos that look incredibly real, such as the Pope wearing a fantastic puffer jacket. This same technology that can create these photos can manipulate videos or audio to sound like it is coming from an authentic source. These deep fake videos can create trust with the people who watch them and convince them to buy into a scam. 

Another improvement in this technology that is on the way is sending malicious calls to AI programs rather than call centers with real humans. This will increase the number of people scammers are able to attack because they won’t have to physically staff call centers to complete the scam. 

It’s crucial that we as an industry are on the lookout for what is on the horizon. Bad actors will find a way to optimize access to targets through AI, and they will monetize this access. Of course, AI can help us to complete tasks, but it can also hurt, so we must be vigilant about keeping user data safe.

The post The AI Revolution Is Coming: Confiant Explains What To Look Out For And How To Help Keep Users Safe appeared first on AdMonsters.

• Do bad ads prompt users to leave a news site or app? Do they report those poor experiences to the publisher?
• What is the impact of a bad ad on the consumer’s propensity to return to that site, recommend it to others, or make a purchase on it?
• Do bad ads send users a message that publishers care more about making money than they do about their safety?

To gain that understanding, we surveyed 250 consumers about the impact of a “bad” advertisement on their perceptions of a website or app. We defined a bad ad to survey takers as “any advertisement — including the web page or app that clicking on it brings you to — that you find unpleasant, inappropriate, untruthful, or has some kind of computer virus associated with it.”

Then we talked to publishers to hear their reactions to the data, and also learn some pro tips that we could pass on to our readers.

Enter your email below to download your free copy of How Bad Ads Affect Consumer Perception of Publishers! 

This playbook, created in partnership with GeoEdge, will dive into the results of our survey, highlighting both the challenges and solutions. 

[download-link]Download your copy of the How Bad Ads Affect Consumer Perception of Publishers playbook by clicking on this link now![/download-link]

The post AdMonsters Playbook: How Bad Ads Affect Consumer Perception of Publishers appeared first on AdMonsters.

Confiant found a cookie-stuffing campaign running across multiple programmatic ad platforms around Black Friday. What did that teach us? Bad actors will use any tactic or occasion to exploit the supply chain. 

While ad fraud is not the core focus of Confiant’s business, they work to weed out threat actors who use the programmatic process and ad networks for malicious purposes. 

In this case, the bad actor was DatalyMedia, the mastermind behind the campaign.

What is Cookie Stuffing? 

Cookie stuffing is ad fraud where a malicious campaign triggers arbitrary numbers of invalid ad conversions by generating fake clicks. It is a source of invalid traffic (IVT), which makes it a form of ad fraud. 

Cookie stuffing targets several types of campaigns, including cost-per-click (CPC) ad campaigns, various types of cost-per-lead (CPL), and cost-per-action (CPA) campaigns. Malicious actors typically generate fake clicks by loading click URLs in hidden iframes inside ads as they render.

Don’t expect this malicious practice to die down anytime soon. According to the World Federation of Advertisers (WFA), “ad fraud is likely to exceed $50 billion globally by 2025 on current trends, second only to the drug trade as a source of income for organized crime.” 

Both publishers and advertisers should worry about this practice as it affects them both. For publishers, their web page is under attack because cookie stuffing causes page latency. This derives from a massive network overload when the advertising landing pages load in hidden iframes. For advertisers, cookie stuffing distorts targeted data and degrades campaign effectiveness. 

In addition, for publishers and advertisers, cookie stuffing creates liabilities for violating privacy compliance regulations and steals money from the ad tech ecosystem. 

DatalyMedia’s Strategy

According to the data, DatalyMedia has executed its cookie stuffing schemes since at least 2015. Over time, the infrastructure and techniques DatalyMedia uses for the affiliate marketing fraud scheme have barely changed. 

DatalyMedia was caught implementing these tactics to maintain its presence in the ad tech ecosystem by:

• Creating over 100 ad serving domains.
• Partnering with ad platforms. DatalyMedia was active on at least four different advertising DSPs in 2022.
• Approaching ad security vendors about the status of their domains, claiming legitimate needs. 
• Cloaking
  • They used this tactic to circumvent detection.
  • The script that DatalyMedia executes has a cloaking component that loads one or multiple hidden iframes.
  • If the cloaking test fails, the bad actors replace the iframe with an empty image.
  • If the cloaking test succeeds, the iframe URL redirects to a secondary domain with similar cloaking. 

The Ad Tech Cartel: Laundering Via Network of Fake Sites

As one of the biggest crime syndicates in the ad tech ecosystem, DatalyMedia and other malicious actors utilized an illegal tactic that kept criminal empires afloat for centuries –– laundering. However, they laundered user data instead of money.

Similar to money laundering, DatalyMedia created two traffic paths, a dirty path that commits fraud and a clean one with legitimate traffic that hides the malicious traffic. 

DatalyMedia served programmatic ads on Publisher A’s website in the dirty path, as indicated in the graphic. These ads are cloaked in an invisible iframe to hide the cookie stuffing scheme. 

The Affected Players (Both Directly and Indirectly)

As the graphic below highlights, many aspects of the supply chain are affected by cookie fishing. As highlighted in this graphic, the amount of revenue lost serves as a warning for how diligent publishers and advertisers must be to protect themselves from ad fraud. 

The next steps: 

• The scheme uses an intermediary website (Bad Publisher B), making the conversions look legitimate to the defrauded affiliate networks and brands.
• The “dirty” path uses a POST HTTP request to Bad Publisher B, while the “clean” path uses a GET request.
• The “clean” path uses native ad networks to create traffic in the style of ad-driven content websites, but the real purpose is to create an audience to support the conversions driven by the “dirty” path.
• Traffic generated from the “dirty” path is indistinguishable from the “clean” path traffic.

Final Results

DatalyMedia’s cookie fishing scheme was quite successful. It generated a significant amount of revenue from ad fraud, but their schemes are no longer a secret due to the work of companies like Confiant. 

The study estimated that DatalyMedia served approximately 125 million display ad impressions in 2022.

DatalyMedia has had three major periods of seasonal activity over 2022: Winter, Summer, and Fall, and an all-time peak on Black Friday – November 25, with a volume of over 9x their daily 2022 average. 

The lack of industry focus on this issue has allowed these fraudsters to thrive,” says Jerome Dangu, CTO & Co-Founder at Confiant. “specifically in the case of DatalyMedia for a mind-blowing eight years.” 

Publishers and advertisers, this is your call to action to keep your eyes open for malicious actors. The supply chain is open season for ad fraud schemes, and neither you nor the consumer is immune to their attacks. Lurking under your landing pages and ads are schemers itching at the thought of stealing your revenue.

Read Confiant’s article here: https://blog.confiant.com/malvertiser-makes-the-big-bucks-on-black-friday-637922cd5865 

The post Confiant Catches Cookie Fishing Scheme: The Bad Actors of Black Friday appeared first on AdMonsters.

It begs the question, what do we predict will happen this year? NFT’s took the world by storm. Retail media and ID solutions revolutionized practices around privacy-centric data. How will these practices evolve further in 2023? 

At the beginning of 2022, AdMonsters published our predictions for the year. With the help of industry professionals, we predicted that brands would triple down on first-party data, the changes in Google’s privacy sandbox, and the CTV boom. Will the predictions be spot on this year? Let’s look forward together to see how we predict the new year will pan out. 

Big Tech

The walled gardens have always been a major influence on the ad tech ecosystem. In fact, Google and Meta (the duopoly) captured 85% of ad spend. 

Since they’ve monopolized revenue and inventory, any significant change they implement will affect the ad tech industry. For example, the announcement of Google’s third-party cookie depreciation sent ad tech into a tailspin because Chrome dominates traffic. 

This year, some experts predict a new king is in town. Amazon is gaining ground on Google’s empire and the game of thrones persists. 

Amazon will 1-Up Google. “Amazon is the new (and improved) Google. While the latter holds its death grip firmly on the ad products side of the business, Amazon not so quietly builds up an ever-growing tech stack to cover all marketing needs. Talk at its Unboxed conference celebrated its clean room capabilities. As the leading Retail Media Network, there’s ample cause to celebrate. The question remains whether these moves will put it in the antitrust crosshairs or if they can keep flying under the radar of government scrutiny, unlike their compatriots at Meta, Twitter, and Google.” – Eliza Nevers, Chief Product Officer, Lotame

Economic Shifts Will Rattle Big Tech Into More Rounds of Layoffs. “Industry dynamics are seeing tectonic shifts. The pandemic created unusual dynamics and may have delayed a reckoning, but the digital giants finally got too big and overshot the surrounding market dynamics. As a result, all of the major players, with the possible exception of Amazon, are already doing layoffs – we’ve seen announcements from Amazon, Meta, Twitter, Snap, Microsoft, and even Disney. When it comes time to cut the digital fat, the first cut is rarely enough. We’d expect to see more layoffs next year, some from the same players who have already announced a first pass. In the surrounding recessionary environment, startup and growth capital is scarce and more expensive. Some young companies in the industry won’t be able to secure funding. So we also expect to see numerous close shops or seek a quick sale. How hard and how many? Hopefully, we won’t know next year until we see green shoots. One thing we can predict with relative certainty: Elon Musk will be one of the three remaining Twitter employees by the end of Q1.” – Mike Woosley, COO, Lotame

Meta will Flake on Metaverse Investments. “The handwriting is on the wall for the Metaverse based on Meta’s last earnings report. Facebook “invested” $9B on this metaverse thing – and every drop of that $9B came from its profits. Its VR service has just 200,000 users. As a digital property that puts its traffic somewhere between “Catster” and “The Fluffy Kitty” in the public interest.  Advice to Meta: if you want to expand in VR, be like Microsoft and buy a gaming company for $75B. Meta will drastically curtail its investment by the middle of 2023.” – Mike Woosley, COO, Lotame

Privacy and Identity Solutions 

Privacy was the talk of the town in 2022, and the ad tech industry could barely keep its name out of their mouths. Some predict the conversation around privacy will change in 2023, and others think the discussion will be less prevalent. Here’s what industry experts think: 

Privacy Switches Focus. “Brands and publishers are building on their first-party data capabilities and ID alternatives. Still, these tactics alone will not solve the tightening of privacy regulations and the deprecation of third-party cookies. While personalization does not equal identification, the industry has long conflated the two. 2023 will be the year that marketers shift their strategies from ID-based personalization to creative-based personalization.”  – Alistair Goodman, CEO, Emodo

Shrinking Identity Landscape: Learn to Walk the Cookieless Walk. “Despite urgency doubling around the need for identity solutions, 2023 will bring little to no progress as Google continues to kick the can down the road. As long as cookies exist, marketers will use them. Even those with mandates to target only first-party data won’t realize their identity partners rely on cookies. With zero real use cases to prove those aforementioned in-market cookieless solutions work, the most exciting development in 2023 will be far fewer companies in business. The identity landscape will continue to shrink over coming quarters from more than 100 transactable IDs to a top four or five.” – Eliza Nevers, Chief Product Officer, Lotame

Privacy Will Lose Its Importance. “Privacy, although hugely important, will become less of a focus for marketers this year. We are hearing that it is still a consideration but differs from the focal point it has been in the past. Google continues to punt changes opening up questions about when and if it will begin to deprecate cookies. Additionally, new regulations have shown exactly what limitations are on the horizon, so some uncertainty has been removed around what changes will take place and when.” – Matt Sotebeer, Chief Strategy Officer at Digital Remedy 

Data Fraud and Misinformation 

The industry has created systems to stop the increase of ad fraud, but that does not mean the practice has died down. Bad actors became more creative with sneaking misinformation and scams into ads.  

We saw that in our 2023 Malvertising preview, which noted that every aspect of the supply chain was affected. We also saw it with the increase in political ad fraud during the midterm elections. 

The industry must work together to educate themselves and consumers on how to detect and block ad scams. The more publishers understand the origins of these attacks, the more they can do. This will allow publishers to put better security in place to protect themselves and the consumer.

Mis/disinformation. “Our research finds that 68% of consumers globally are worried that levels of mis/disinformation are growing. This poses a huge threat to brands as 3 in 5 (61%) consumers would be less likely to purchase from a brand that appears alongside mis/disinformation. In the face of economic uncertainty in 2023 and beyond, brands must ensure advertising spend is driving strong ROI. Ads appearing alongside false or misleading content is a form of wastage—with the added risk of creating reputational damage. In the year ahead, we’ll see a greater emphasis placed on solutions that ensure ads appear in brand-safe environments. AI-driven tools that leverage semantic science—such as deep learning, machine learning, and ontology—will provide confidence and clarity to advertisers and publishers looking to defund mis/disinformation and reinforce the authenticity of their brand values.” – Dan Slivjanovski, CMO of media measurement company, DoubleVerify

Mobile

What does the future of mobile advertising hold? The consensus is that mobile advertising brands will expand into new partnerships and develop privacy-centric strategies. 

New privacy changes and tech advances forced app publishers to re-evaluate how they drive their ad ARPDAU. AdMonsters recently hosted a webinar “The Future of Monetization,” that spoke to the future of mobile monetization. One of our panelists, TK  Krishnamurthy asserted that brands should prioritize users’ needs before considering revenue. Creating a great user experience will boost revenue at the end of the day. 

An opportunity for growth. “Global macroeconomic changes reshape how businesses think about growth demands and create opportunities for those who are willing to adopt. As the mobile ecosystem evolves, advertisers will continue to get pushed to experiment with new channels to remain competitive. Mobile-first businesses will go beyond mobile inventory to new forms of audience reach that are novel for mobile performance, such as Connected TV. Measurement is also evolving as it takes a broader set of tools and methods – from media mix modeling to up-to-date platform support – to have a holistic view of channel portfolio performance.”– Andrey Kazakov, VP of Demand, AppLovin

The Integration of Digital Marketplaces into Mobile Games and Apps. “The opportunity and monetization that can be unlocked by integrating digital marketplaces into mobile games and apps are vast. After all, there are already billions being spent annually on digital items across every other gaming platform. As a partner of AppLovin, Lion Studios integrated an NFT in-game event into Match 3D and saw strong engagement and an increase in Average Revenue Per Daily Active User (ARPDAU).This led to a significant increase in in-app purchases and drove a new and meaningful revenue source through royalty fees generated from users trading their assets on the marketplace. Looking at recent years, mobile game developers that invested in new monetization methods early are the ones who gained advantages in the market. For developers looking to unleash their user engagement potential in 2023, the time to invest is now.” – Rafael Vivas, General Manager of New Initiatives, AppLovin

Web3: The Digital Landscape

Many believe Web3 capabilities won’t impact how business is run in the ad tech ecosystem on a major scale but is this truly the case? Industry sentiments are mixed. 

Awareness around Web3 grew immensely in 2022 with the rising popularity of NFTs and metaverse in ad campaigns. For example, TMB and Pet collective launched an NFT campaign that sold out in seconds. Their partnership proved that Web3 capabilities are profitable and a creative way to engage with your audience. The key is creating an experience that connects with your audience’s needs. 

Web3 capabilities are also a potential solution to the new privacy regulations because it promises to give consumers control of their data. In Web3, a small monopoly of owners won’t store consumer data assets. Instead, the consumer will control their own data and decide if they want to sell it or not.  

NFTs Represent the Evolution of Digital Item Ownership. “Digital marketplaces are widely accepted amongst gamers worldwide, and billions of digital items are transacted through them annually already. We believe that NFTs are an evolution of digital ownership. They present a new opportunity for users to re-sell their earned or purchased digital items and drive incremental revenue for developers. Previously, if you wanted to see whether a user truly owned an item, you had to log into that game and interact with that user inside of it. Now, with NFT technology, you can easily identify someone’s digital ownership of assets on a public ledger and easily exchange that ownership. Digital marketplace monetization should be at the forefront of developers’ minds when aiming to keep users engaged with new creative games.” – Rafael Vivas, General Manager of New Initiatives, AppLovin 

Web3 will Continue to Climb, but not Without Hurdles. “The recent FTX collapse has sparked a lot of uncertainty and fear within the crypto/NFT market. However, despite this, we are still seeing a lot of interest from brands to launch Web3 activations. Because the Metaverse’s focus is on community, brands will find different and new ways for consumers to interact with them and each other digitally. One of the Metaverse’s greatest strengths is its ability to build community. The rise of the Metaverse won’t occur without hurdles though. We can expect to see challenges in adoption and use cases. We will need elevated virtual reality technology and much more robust avatar standards and architecture.” – Jack Cameron and Billy Huang, the co-founders of Insomnia Labs

Web3 Breaks New Ground for Brand-Consumer Relationships. “With the recent surge in privacy laws, Web3 could be the answer brands and businesses are looking for in the future. Within Web3, we see NFTs as a brand loyalty program that could identify and curate a closer group of consumers than ever before. Also, DAOs will allow people to have a stake, enticing them to participate actively in the community. Wholistically, Web3 provides technology to build new things and empowers brands to communicate with their consumers more intimately than ever before. Consumers can now connect and interact with the brand more intimately and with other fellow consumers who share the same passions and interests. Web3 will unlock new opportunities for brands to become more “cool” and connect deep, long-lasting relationships with their consumers.” – Jack Cameron and Billy Huang, the co-founders of Insomnia Labs

Further Experimentation in the Ad Tech Space

Revenue diversification is essential in the era of the ad spend slowdown and a possible “ad recession.” 

Consequently, the ecosystem is forced to evolve and experiment with new mediums to help drive revenue and user engagement. Whether that means experimenting with Web3 or augmented reality, creativity is key to standing out in the crowd. 

Creative Ad Monetization. “The gaming industry has always thrived on creativity and experimentation. The current economic downturn is forcing us to double down on this even more. As launching new gaming hits has become more difficult, we are seeing more and more developers take risks and be open to changing their previously winning formula. We currently see and predict that we will continue to witness the game industry developing in its monetization strategies. Whether it’s adopting hybrid monetization, with IAP partners integrating ads and ad-based developers trying to crack IAPs or new ad formats such as app open or native, I expect to see a lot of new and creative monetization strategies emerge in 2023.” – Daniel Tchernahovsky, VP of Global Business Development, AppLovin

Augmented Reality and AI. “Augmented reality is gradually growing out of its infancy and could soon become an indispensable part of a digital marketing strategy. More and more brands have started integrating AR features into their apps and online campaigns. Consumers are trying out AR and experiencing upgraded customer journeys – think of using Google Lens to translate restaurant menus or trying on make-up and glasses virtually. Whoever scores with the most creative and intuitive implementation this new year can set new standards and secure a long-term competitive advantage.” – Florian Hübner, CEO and Founder at Uberall

“Augmented reality is already making its way into online campaigns and setting the first benchmarks in the hybrid customer experience. The beauty chain Douglas, for example, recently launched an AI-powered digital tool for analyzing customers’ skin types and offering tailored product suggestions. Personalized customer experiences like these will continue to evolve rapidly in the coming year and beyond, further changing the standards in digital marketing. Success with customers and the competition will be determined by the actual benefits of these tools and the creativity with which they are implemented.” – Florian Hübner, CEO and Founder at Uberall. 

The post That’s So AdMonsters: 6 Ways We Predict Ad Tech and Digital Media Will Evolve in 2023 appeared first on AdMonsters.

Whether you’re craving a rewatch or want to catch up on some much-needed viewing, AdMonsters’ webinars are available at your leisure. This year, our webinar series dealt with the future of monetization, malvertising schemes, and how publishers use data to close deals. 

Here is the replay of our Top 3 webinars in 2022. 

How Publishers Use Data to Close More Deals With Advertisers

More than ever, data ethics and transparency are essential to data gathering. Overtime, consumers grew skeptical of how publishers and advertisers use their data but now evolving privacy regulations address those concerns. 

The industry has a long road to rectify past mistakes, but progress is afoot. There is a plausible future that balances ethical data collection and revenue efficiency. Not only does this webinar delve into that notion, but also how finding the right cadence is beneficial for publishers and advertisers to continue to drive revenue.

First-party data will build a sustainable advertising ecosystem that is fully future-proofed. Need an example? 

Watch Stephanie Mazzamaro, VP of data product & operations, Trusted Media Brands (TMB) and Thomas Baart, customer success manager, EMEA, at Permutive to learn how they used their partnership. The collaboration  helps TMB increase audience size by 22X, increase RFP win rate by 31%, and use first-party data to drive 94% of their direct-sold campaigns. 

2023 Malvertising Preview

Trends such as iframe sandboxing, vendor adoption, and better threat sharing all contributed to decreases in forced redirects. Thanks to the due diligence of ad quality vendors, tools are available to ward off malvertising and bad actors. 

While these tools are helpful, they, unfortunately, do not fully solve the issue. Bad actors only get better at the games they play. Secret holes in the open web allow malicious schemers to find innovative ways to attack both publishers and consumers.

Now, this isn’t the time to become complacent. You should ask yourselves: 

• How can I identify a malvertising scheme? 
• What are the malvertising trends for the upcoming year? 
• How can I play a role to help decrease the prevalence of these schemes? 

AdMonsters chatted with senior executives at Confiant about the different types of malvertising scams, trends to look out for in 2023, and industry collaboration. 

The Future of Monetization

Are you contemplating the future of your monetization goals? Here’s what you should consider: 

• Privacy regulations shifted how the entire industry runs its businesses. 
• The power dynamic between the consumer, publisher, and advertiser are changing. 
• Tech innovations made app publishers reevaluate their ARPDAU. 

Don’t fret. You can reach your monetization goals, but it’s time to shed your old practices and evolve. While ad revenue is vital to any thriving business, it must not outweigh the needs of your audience. 

“Monetization is important, but it is a secondary metric,” said Ram “TK” Krishnamurthy, General Manager (Meson) and VP of strategic partnerships, InMobi. “It is something that has to be done, but in a way that helps you retain the user.” 

In an ad spend slowdown, “The Future of Monetization” is an essential viewing. TK and Adam Sadur, head of programmatic, SmartNews, spoke about how publishers are taking control of their monetization destiny, what to expect in 2023, and more. 

The post AdMonsters 2022 Rewind: The Great Webinar Replay appeared first on AdMonsters.

However, that did not hinder bad actors from evolving new practices to keep up their schemes. There’s still a lot more work to be done before publisher sites are scam free. Lurking under secret holes in the open web, bad actors are finding innovative ways to attack both publishers and consumers. 

Now isn’t the time to become complacent. The industry as a whole should be on the lookout for these scams. You should be asking yourselves: How can I identify a malvertising scheme? What are the malvertising trends for the upcoming year? How can I play a role to help decrease the prevalence of these schemes? 

During our Nov. 30, 2022 webinar, 2023 Malvertising Preview, AdMonsters chatted with Confiant malvertising experts Jerome Dangu, CTO & Co-Founder, John Murphy, Chief Strategy Officer, and Eliya Stein, Sr. Security Engineer. They discussed the different types of malvertising scams, trends to look out for in 2023 and industry collaboration. (Watch the video below.)

How to Protect Yourself From Malvertising Schemes

• At the core, malvertising scams are attacks on the supply chain. The more publishers are able to understand where these attacks are coming from, the more you can do. This will allow publishers to put better security in place to protect themselves and the consumer. 
• It’s important to have a good strategy to process your consumer complaints.
  • Consumers’ needs are highly essential to the ad tech ecosystem and understanding their plight with scams will increase the overall UX . 
  • Conduct yearly surveys to see how well your site has thwarted advertising scams. Report the good, the bad and the ugly. Where did we do well and where did we go wrong? 
• There’s a lot that publishers can do with partner selection. Work with security firms such as Confiant who have the knowledge and skill sets to help prevent malvertising scams. 

Looking Toward 2023 

Each panelist was asked to give a final takeaway to leave the audience with as they all look toward fighting the good fight against malvertising scams in 2023. Here is what each one had to say: 

Eliya Stein. Publishers should be careful with what they actually put on their page. Stein honed in on the group’s previous point about supply chain attacks, and said this was an issue that  goes beyond ad tech. 

• For example, “If you are updating a blog post or embedding JavaScript from somewhere that adds some kind of widget. All of these broaden the threat surface for publishers. You have to be very careful with what you introduce onto your website, especially if its code comes from an attacker.”

Jerome Dangu. There is a convergence between advertising, privacy compliance and how tracking is leveraged by bad actors. He highlighted a study that was conducted this year in which they found an attack whose sole purpose was to extract consumers’ device fingerprints and geolocations. 

• “Obviously, big security, big privacy concerns. But also you have a broader issue about who is collecting the data. We know that the bid stream is a very sensitive source of chunks of data that’s available to DSPs at large. This group essentially recreated a semblance of a bid stream from JavaScript execution in the ad creative using really sophisticated obfuscation and extracting this fingerprint data through actual consent pipes. So very sophisticated attacks.” 

John Murphy. Publishers, especially premium publishers, shouldn’t forget the leverage they have. They provide access to users. Both SSPs and DSPs need them and they should use that leverage to help to affect change in the industry. 

• For instance, “The top publishers came down and said we really think buyers.json and DemandChain Object are really important for the industry. For increasing transparency and addressing some of these issues. That’s when you get SSPs to move. By proxy, that’s going to get the DSPs to move because they want to maintain access to those premium publishers and their users. Don’t forget the power that you have as a premium publisher.” 

Watch the full webinar in the video player above, or on our AdMonsters Webinars On-Demand Platform.

The post Webinar Replay: 2023 Malvertising Preview appeared first on AdMonsters.

Yet, that does not mean a pesky scam does not sneak through the pipes every now and then. In fact, malvertising – the practice of incorporating malware in online advertisements – is still a prominent practice. Bad actors are evolving their scams and they have proved to be more profitable than before.

Malvertising is detrimental not only to publishers’ revenue but also to their reputation. Scams can help spread misinformation, steal consumer data, and affects overall brand safety. It is important that publishers stay vigilant and look out for these scams. Whether that means developing your own tech or partnering with someone else, it is essential that you keep your eyes peeled for any malicious intent lurking around the corner. 

In preparation for our upcoming webinar with Confiant — 2023 Malvertising Preview, Wednesday, November 31, @ 1 PM EST (Register Now!) — we spoke to LD Mangin, CEO & Co-Founder at Confiant. We discussed how malvertising differs from other types of ad scams, the Confiant Malvertising Elite 8 List, malvertising’s impact on consumers and publishers, and more.   

Andrew Byrd: Malvertising and ad fraud are often categorized as two sides of the same coin. Can you tell me how malvertising differs from ad fraud?

LD Mangin: It is important to recognize that ad tech is a circular supply chain. Impressions flow from the user’s browsers to the advertiser, and then creatives flow from the advertiser’s ad server to the user’s browser. Industry insiders think of the former as the demand path and the latter as the supply path. A cyber attacker sees these as two distinct attack vectors that offer different attack opportunities.  

They compromise the supply path using adware (a subset of malware, which the ad industry knows as ad fraud) to steal the brand’s money. They also compromise the demand path using malvertising, which encompasses a myriad of attack types that are oriented to compromise the user or their device (from malware to tech support scams, to investment scams, to phishing attacks — malvertising has it all). So fundamentally malvertising differs from ad fraud because it targets the user, their data, or their device and not the brand’s advertising budget. 

AB: On your website, you include an Elite 8 List of the most prominent malvertising threats. How were you able to identify these bad actors and what advice would you give to publishers to help them identify a malvertising scheme?

LDM: Accurate visibility is a requirement for effective security. Confiant has spent nine years building unique integrations into the ad tech infrastructure to be able to access the bid stream directly. We integrate pre-auction server side with DSPs, in-auction server side with SSPs, and post auction client side with publishers. These integration setups allow us to monitor the bid stream at a level of accuracy so that we can track the bad actors themselves and not just their attacks.  For pubs who want to understand who is hijacking their infrastructure to attack their users, I recommend they call us! 

AB: Major publishers such as The New York Times, Spotify, and the Atlantic have been susceptible to malvertising schemes. How were they able to become the target of these schemes and how would they be able to prevent them in the future?

LDM: They and every other publisher who connects to programmatic are susceptible to this. Malvertising is an infrastructure ad tech – i.e. it is a cyber attack that leverages the ad tech infrastructure, which means it’s important to recognize that those publishers are not the target, they are the path to the victim: the user.

Malvertisers are threat actors who pay to play. I.e. they pay the ad tech industry to let them target people with their attacks. The single biggest thing any publisher can do to mitigate these attacks over the long term is to support buy-side transparency initiatives (Buyers.json, DemandChain Object, and the client-side declaration of creatives) that allow for better attribution of bad creatives to the buyer.

AB: How does malvertising affect consumers? What kinds of problems arise when they are attacked by malware?

LDM: Losing their life savings to an investment scam, having their device hacked by a tech support scammer, having their credentials stolen… all of those are the results of malvertising. 

Register now for our upcoming Webinar: 2023 Malvertising Preview, Wednesday, November 31, @ 1 PM EST.

The post Keep Watch: Malvertising Schemes Still Lurking Within Advertising Ecosystem appeared first on AdMonsters.

In early March, the Federal Cybersecurity & Infrastructure Security Agency (CISA) encouraged businesses to shore up their cyber security. Meanwhile, Juniper Research warns digital ad fraud and malvertising will cost the industry nearly $68 billion in 2022. 

But does that mean that all publishers are destined to lose substantial sums to nefarious players? Or are there steps they can take to stem those losses and protect their readers and their reputations?

To find out, we sat down with Geoff Stupay, Co-Founder and CEO of clean.io, a company that’s on the frontline of battling cyber threats, malvertising and digital ad fraud.

Susie Stulz: President Biden is warning about cyber attacks and other threats. Should we be more worried than, say, three months ago?

Geoff Stupay: I don’t think we need to worry more — or less — in terms of cyber attacks and bad actors in the environment today. Fear can be paralyzing if you think about it all the time.

The reality is that we need to approach threats from an alert level, meaning continuous vigilance and looking one step ahead of nefarious actors. World events can elevate alert levels, but they don’t change what we do on a daily basis, which is constant monitoring and hypervigilance.

SS: What kinds of threats do publishers face today?

GS: We’ve identified about 27 different varieties of threats, ranging from a standard redirect — think of the Amazon gift card or Update your Adobe Player scams, which hide in plain sight — to product-level scams, which have spiked over the past few months. 

Product-level scams have multiple forms. They can trick people into investing in a dream, such as a unique opportunity to invest in a hot company like Tesla or Netflix, or they can offer a product that the purchaser never receives or isn’t what was advertised. We refer to that as a malicious landing page.

In terms of digital ad fraud, there are a range of scams that aren’t visible to the naked eye, such as invisible ads that are stacked onto legitimate ones, enabling bad actors to receive payment for displaying ads that aren’t seen by real people, or conversions they didn’t drive. These scams are at the intersection of malvertising and IVT.

The key is to have an intelligent technology stack in place that can detect and evaluate threats in real-time.

SS: It seems as if bad actors have an endless amount of time and motivation to apply their trade. How can publishers protect the readers and their reputation from such scams?

GS: You’re exactly right: scams are profitable and bad actors are extremely well resourced, making it difficult for publishers to defend against them.

The key is to have an intelligent technology stack in place that can detect and evaluate threats in real-time. Partnerships are useful here, and we recommend publishers work with a partner that can spot and evaluate new threats as they emerge and provide real-time protection. 

I also recommend publishers get to know their sites intimately via clear logging, and to establish metrics that tell them when anomalies on their servers occur. This way, if they see a change, they’ll have the details their vendors need to dig into the problem. 

And it’s a good idea to keep an eye on social media to see if readers are complaining about malvertising or scams on your site. If they are, you’ll need to investigate it immediately.

SS: What are some of the things you wish publishers would do to protect themselves and their readers but aren’t yet doing today?

GS: The first is to stop assuming that if they had issues with their sites, their users would report them. This assumption leads publishers to believe they don’t need proactive security systems, which, in turn, makes them inherently vulnerable to bad actors who are constantly probing websites for vulnerabilities.

Second, I’d like to see publishers willing to challenge the status quo that says a certain level of malvertising or threats is unavoidable, which somehow makes it tolerable. We shouldn’t accept “good enough” when it comes to preventing malvertising and fraud. If you see something, say something to your security vendor. 

As an industry, we are always pushing the boundaries from an R&D perspective, and we need publishers to share what they see, no matter how small or inconsequential it may seem. Give us the chance to figure out what’s going on. It’s this level of sharing that leads to the next generation of threat detection.

This ties back to what I said earlier about having clear logging and metrics on your site. GoogleAnalytics can tell you if user sessions are being dropped or if your RPM per session is on the decline. If so, that may be a problem and we want to investigate it, with an eye to developing a preventative mechanism to address it.

SS: As a leader in the space, what keeps you up at night? What worries you most?

GS: I don’t really lose sleep because I’m worried about a specific bad actor. That hasn’t always been the case, but today we have an incredible threat team that’s always pushing the boundaries to stay ahead of the bad guys.

Where I spend most of my time is figuring out how to continue to push protection deeper and wider, which isn’t easy to do. Basically, we need to predict where these scammers might go and where they might iterate.

At the end of the day, it’s a matter of staying vigilant and sticking to a process that allows us to identify new threats — and solutions to them — faster. So what really keeps me up at night is creating and fine-tuning our processes.

To catch these scams, we need to look at real traffic on real instances of ad serving and generate alerts when something violates our threat model.

SS: What motivated you to found clean.io in 2017? What was missing that made you say,  we need to solve this problem?

GS: I was in the publisher space for over 10 years, and relied on header bidding to optimize our revenue. All of the companies I worked with had multiple tools to verify demand, and yet we still continued to struggle with bad ads. I realized an additional approach to scanning was needed.

Here’s why: Bad actors know that their ploys need to survive multiple scans in order to get their ads on a publisher’s page. They’re smart, they’re technically astute, and they’re well-capitalized, which means they’re able to develop ways to evade scanners. They deploy scripts that tell them if they’re in a sandbox environment and therefore subject to detection, and they’ll know to shut off the bad action they’re designed to take. 

To catch these scams, we need to look at real traffic on real instances of ad serving and generate alerts when something violates our threat model.

This client-side approach was the missing piece that the industry needed. A solution needed to be built that ran in real-time, on a real end-user device. One that wasn’t scanning creatives offline or in a sandboxed environment. So, clean was born out of an industry need to be more effective, efficient, and simple. 

SS: So what you’re saying is that while the threats are ever-present and ever-evolving, vigilance can keep them at bay?

GS: Absolutely. The bad guys are smart and motivated, but so are the good guys. And when we work closely with publishers, we can keep them safe.

The post How Can Pubs Protect Their Sites and Audiences From Bad Actors? Q&A With clean.io CEO Geoff Stupay appeared first on AdMonsters.

Digital advertising has undergone radical changes since that first ad, the most significant of which is programmatic. While programmatic has made it easier for publishers to fill impressions, it’s not without challenges.

Programmatic is often a blackbox; publishers have no idea which ads will appear on their sites ahead of time, often because the exchanges themselves don’t know which ads flow through their pipes.

Without transparency and complete control, publishers will continue to contend with scams and other unwanted ads that don’t meet their standards. For many publishers, monetization comes at a cost to quality,  but it doesn’t need to be this way. With the right controls, monetization and quality can be assured.

Beyond those concerns, we wondered how advertising fit in with the experience publishers sought for their audiences. Specifically, we wanted to know:

• Do publishers view advertising as simply a way to monetize inventory, or can it serve as a strategic differentiator for their brands? How can publishers better protect the relationship with their audiences?
• Can they support their brand suitability and strategic goals for advertising via programmatic channels?
• Do they have the controls and tools they need to deliver on their strategic insight?

To find out, we surveyed dozens of publishers across sectors of the publishing industry to assess the existing challenges they face, in terms of brand-suitable ads, and the future they envision for their digital properties.

Enter your email to download your copy below!

This playbook, created in partnership with GeoEdge, will dive into the results of our survey, highlighting both the challenges and opportunities. 

[download-link]Download your copy of the How Publishers Balance Ad Revenue With Ad Quality playbook now![/download-link]

The post AdMonsters Playbook: How Publishers Balance Ad Revenue With Ad Quality appeared first on AdMonsters.

Obviously, marketers want to avoid such placements. But that’s just a start. In an ideal world, your ad will be seen by real people alongside content that makes sense for your brand.

Marketers everywhere want to know, how do we achieve these goals? Fortunately, we asked Criteo to share their best practices for getting the kind of placements that move the needle for brands.

Multiple Aspects to Quality

First and foremost, it’s important to recognize that there are multiple aspects to quality and it differs from brand to brand. Let’s break this down.

Brand safety is a broad approach to quality. The goal is to ensure that all ads meet industry standards, as well as comply with local and global regulations (e.g. don’t show cigarette ads to kids, or fail to include mandated disclosures in ads for specific products).

Brand suitability takes this concept down a level and is customized to the individual brand. It asks: what is a brand’s appetite for a variety of issues? Some brands have a low tolerance for certain types of content, while others are comfortable with topics many consider risky, e.g. COVID-19 and social justice issues.

Quality also entails ensuring that ads are seen by real people who have a genuine interest in what a brand has to offer. The fight against invalid traffic (IVT) has seen many successes, and gone are the days when campaigns saw as much as 40% IVT. IVT detection and removal are particularly important in retargeting campaigns, where high CPMs are an irresistible lure for fraudsters, and in campaigns designed to build the upper funnel.  

Finally, there’s ad safety, which seeks to ensure that the ads are safe for publishers, meaning they have no malware or other egregious content.

Best Practice #1: Work With a Partner That Has Close Relationships With Publishers and Has Built Strong Internal Quality Controls

Programmatic buying has evolved into an incredibly complex ecosystem, and it’s no surprise that the complexity has led to huge challenges. Key among them: how do buyers know what they’re really buying when they purchase inventory on the open exchanges?

The industry has worked together to address some of these challenges; ads.txt and sellers.json are good examples of these efforts. In addition, individual companies have pioneered advances in supply chain optimization. While these initiatives are critical, they alone cannot guarantee the level of quality that brands demand, which is why it’s a good idea to work with a partner that goes to great lengths to vet its supply sources and has a dedicated team and rigorous quality-assurance policies in place. It’s also a good idea to work with partners that have built a dedicated IVT-detection team. 

Specific questions to ask a potential partner:

• How do you vet direct publishers to ensure policy? For instance, Criteo requires publishers to declare their domains so that they can be properly vetted. They also have supply partner guidelines to which all publishers must adhere, such as content-related policies, regulatory policies, and best practices.
• Do you have dedicated teams for IVT detection, ad safety, traffic quality, and do they work closely together to create a cohesive and coherent approach to advertiser and publisher quality?
• What types of education and training do you provide your teams? Do all teams worldwide receive the same level of training?
• What are your inventory controls? For instance, do you have a global block list of publishers that tend to violate your supply partner guidelines? Can this be refined to your brand? 

 Best practice #2:  Take a Holistic View to Quality

Quality is often seen primarily through the lens of the advertisers, as they’re the ones with the budget. In reality, quality is just as applicable to publishers, which is why we need to take a holistic view.

2020 was a difficult year for publishers and their ability to monetize their inventory. COVID-19 led advertisers to deploy overly broad brand-safety solutions, which devastated publisher revenues. Digital advertising isn’t possible without a strong and vibrant publisher ecosystem.

Fortunately, new granular solutions, such as contextual intelligence solutions, take a more nuanced approach to content rather than reject inventory based on broad keywords. This ensures that the advertiser’s brand-suitability needs are met while allowing publishers to monetize more of their revenue.

The ultimate goal is to produce an advertising ecosystem that will build trust and performance among all parties.

Best Practice #3: Buttress Internal Controls with Industry-Leading Partnerships

Partnering with industry-leading fraud detection and prevention vendors is not just a best practice — it’s an absolute must. You can gain a higher level of quality by working with measurement companies that are at the forefront of detecting and removing IVT automatically across all inventory types, including desktop, mobile, video, and CVT, as well as vetting publisher and app quality. 

The best providers offer contextual intelligence tools that help ensure brand suitability. These tools will provide an additional level of bid filtering to remove bid requests that are out of compliance with supply partner guidelines, automatically and at no extra costs.

Best Practice #4: When it Comes to Brand Suitability Think Granular

Granularity is the key to driving brand suitability. The more granular, the more you can protect client campaign performance, as well as safeguard monetization opportunities of your supply partners. As mentioned above, brand suitability is very specific to the brand, and you should plan on spending some time and effort with your partners so they can ensure your ads appear near content that meets your standards.

Working with an external partner that offers contextual intelligence solutions can help protect your brand-specific content categories. For instance, it’s possible to create very specific controls that help brands avoid negative news cycles and to create granular custom content segments on a brand-by-brand basis, such as avoiding content that deals with COVID-19, fast-fashion or non-vegan content. These segments can be used to assess the impact of brand-suitability requirements on campaign performance, and still ensure that campaigns don’t defund the news.

Are these solutions perfect? In truth, they’re still evolving, and scaling brand suitability to the entire internet is incredibly difficult. (Be wary of any partner that promises 100% safety or accuracy, that does not exist). Other technologies, such as sentiment analysis and the IAB taxonomy/GARM brand suitability framework are just beginning to emerge and may deliver even greater granularity in the near future.

Best practice #5: Seek Certifications or Work With Certified Partners

Working with a certified partner, or seeking certification yourself, is a great way to ensure inventory quality. For instance, the Trustworthy Accountability Group (TAG) has several certifications for reducing fraud, and campaigns that run through TAG Certified Channels have less than 1% fraud (proof positive that by industry leaders working together, tough challenges can be solved). 

TAG offers several certifications, including TAG Certified Against Fraud and TAG Brand Safety Certification. The certification process is rigorous and detailed, but it’s worth the effort, according to Criteo, which has achieved both.

Ensuring high-quality inventory and ads isn’t a static process. It’s an ever-evolving process that demands dedicated teams, technology, processes, and partnerships. This is a case of the ends justifying the means; companies that commit to quality will enjoy safe ads in brand-suitable environments.

The post Best Practices for Ensuring High-Quality Inventory & Ads appeared first on AdMonsters.