Those of us who’ve been in the industry for 20-plus years remember when ad clutter was a significant issue with programmatic. Back then, ad networks and open exchanges maintained media quality teams who were tasked with eyeballing sites that wanted to do business with them. 

What Goes Around Comes Around

I remember speaking to one such media quality team member who told me that a human reviews every site in their network to count the number of ad placements. If there were too many ad placements the publisher was barred from selling its inventory through her company’s exchange. This was a key selling point.

And it wasn’t a one-and-done exercise. Her team spot-checked sites even after they had been approved. This was an imperative exercise as sites with ad clutter were widely viewed as inferior, and the ad exchange didn’t want to get a reputation for low-quality inventory. 

Then in 2007, Paris-based Alenty, one of the industry’s first ad-visibility platforms, introduced the concept of viewability. By the mid-2010s, new viewability reports, such as RealVu and Google’s Active View for Google Ads hit the market, and advertisers began to advocate for a way to determine if their ads are in view before they’re displayed.

While ad clutter and viewability are separate issues, there is an undeniable correlation between them, as excessive ads can affect viewability rates and slow down page loads. Consumers with little patience click away from the site, blowing the advertiser’s chance to get in front of them and the publisher’s opportunity to earn some money.

Viewability became an urgent issue in 2013 when comScore released a report showing that 54% of display ads weren’t seen by consumers, but advertisers still paid for them. In response, advertisers said they’d no longer buy impressions that were not viewable, and publishers, fearing a significant loss of revenue, began optimizing their sites so that more of the ads could be seen by users. Those efforts had a downstream benefit: reducing ad clutter. Once viewability took hold, concerns about ad clutter went down.

But today it’s back with a vengeance, though it has a new name: Made For Advertising (MFA) websites. The implication of some in the industry is that MFAs are inherently wasteful to marketers as consumers are repelled by sites that are littered with ads. But is that a safe assumption?

America’s Long History with MFA Media

Growing up in the 1970’s I remember the excitement around Pennysaver, a weekly circular that was delivered to our doorstep. In addition to coupons offered by local stores, the circular was the place where things like guitar lessons and gymnastic classes were announced. My brothers wistfully read the classifieds for the things they weren’t allowed to have: dirt bikes, lawn darts and BB guns. In the 2007 movie, Juno, Juno finds the couple who will adopt her baby in her local Pennysaver. 

The truth is some people just like advertising. The ad circular was the first section a former boyfriend of mine reached for when the Sunday paper was delivered. As a postdoc in physics, he couldn’t afford to buy a lot of electronics, but he enjoyed reading the ads because he had a strong interest in technology.

Kerry Rosenthall, a musician, aerobics teacher and avid gardener who lives in Vermont, still likes to read the local circulars. She — like 44% of U.S. shoppers — consults them before doing her weekly shopping.

And it’s not just printed circulars that attract consumers. BeFrugal, a site that offers cashback and coupons for over 5,000 stores sees 1.4 million visits each month, according to Similarweb.

And in 1982, Roy Speer and Lowell Paxson showed the world that Americans would watch advertising as a form of entertainment. That’s the year they founded the Home Shopping Network (HSN) in St. Petersburg, FL, and by 1985 it had expanded nationwide. Today, HSN reaches 94 million households via broadcast TV. Its site, HSN.com, ranks in the top 30 of the top 500 internet retailers and features 15,000 product videos, according to an HSN press release.

Confessions of MFA Shoppers

Rosalie Zuppardo, a researcher who lives in Spencer, MA, likes advertising and even subscribes to Ocean State Job Lot, a weekly online circular. “I have found things that I normally wouldn’t have seen [but were] presented to me in ads, and I think, oh that could be a good idea.”

Zuppardo doesn’t hesitate to click on articles she sees in her Facebook feed if they feature topics she’s interested in, including pet rescue, home decor and skating. Many of those sites are ad-heavy and meet the industry’s definition of MFA, but if the content is compelling, she’s undaunted by the number of ads. If inspired, she’ll buy the products advertised.

Eric Benjamin, a 56-year-old owner of a real estate group in Tucker, Georgia, also likes advertising and freely admits to liking sites that are cluttered with ads. “If I’m online, I definitely look at the ads. If I have time, I’ll definitely go down rabbit holes,” he said. “For me, it’s a time issue, not an ad clutter issue.”

Based on conversations with Zuppardo and Benjamin, one can make the case that there are genuine MFA shoppers out there and that brands that advertise with MFAs may find enthusiastic audiences. However, there are limits to their enjoyment of ads.

Shopper Rules

While some shoppers like advertising — and seek it out with online circulars and clicking on sites the industry calls MFAs — there’s also a lot they really don’t like. All three consumers interviewed for this article say they don’t like pop-ups. Rosenthall likes to cook and the Web is her cookbook of choice, but she says, “If there’s any annoyance or interference from the ads, I get away from the site immediately no matter how good the recipe is.”

Zuppardo and Benjamin say the same thing: advertising should educate and entertain, not get in the way of what they’re doing. “Sites that have too many pop-ups, too many redirects, or slow down my computer are obnoxious. When this happens advertising isn’t helpful. It sets me back and I get annoyed,” explained Zuppardo.

Both she and Benjamin are hyper-aware of the level of fraud and ad scams that appear on advertising-heavy sites and have developed their methodologies for assessing legitimacy. When Zuppardo is interested in an ad, she’ll click, but she’ll always check the About Us section to see if the company’s description relates to the product offered. If it doesn’t, she’ll assume the site has been hijacked and its ads are scams. She also doesn’t trust sites or ads with bad grammar.

Benjamin is wary of any ad that is “clickbaity” or makes promises that are too good to be true. “Sure an ad may promise to buy my house for cash, but how much cash? It’s probably a ripoff,” he said. He’ll click on ads on smaller publications that lead to lesser-known eCommerce sites because he’s found interesting products that way, but his scam radar is always active.

Zuppardo makes a point of reporting all the scams she encounters to Facebook, where she typically sees scammy ads or articles that lead to sites with fraud. And she’ll go back to the post where she saw the article or ad and warn other Facebook users in the comments section. She seems exasperated that Facebook has shown little interest in the file of scams she’s amassed, and has consequently taken it upon herself to educate other consumers, even if she doesn’t know them.

At this point, it may be too early to make any broad pronouncements regarding the worthiness of MFAs. Many sites are scammy, but at least some deliver benefits for consumers and the brands that want to reach them. It’s also clear from my admittedly small survey of consumers that any legitimate MFA must abide by the rules that avid shoppers demand, namely get rid of pop-ups and other annoyances, and be hyper-vigilant about keeping fraud and scams off their sites. And, they must take care to develop content that is worthy of their attention. The MFA shopper doesn’t need a lot of content, but it needs to be quality.

New Guidelines for Defining MFA Sites

In an ideal world, all of these MFA consumers’ rules will be translated into a new set of media quality metrics that help SSPs determine if a site is one they want their ads to appear.  

Recently, the ANA, 4A‘s, WFA, and ISBA came together to create guidelines to help advertisers identify MFA sites so that advertisers can avoid them. Sites that can be categorized as MFA, are those that have one or more of the following characteristics:

• Ad placement and density
• Generic or low-quality content, non-specific content, or content that appears across multiple sites.
• Ads that refresh automatically and frequently
• A high percentage of paid traffic sourcing with little to no organic audience
• Templated and poorly designed website

Add excessive pop-ups to the list above and these guidelines may get the MFA shopper’s seal of approval.

The post MFA Sites: Are They All Bad? appeared first on AdMonsters.

To get a sense of publishers’ plans, for a life without third-party cookies AdMonsters surveyed a mix of national and small, web and mobile publishers about a range of issues.

To see the results and gain insights from The Attention Playbook, created in partnership with Emodo, please enter your business email to download your free copy of The Targeting and Metrics Evolution: Are Publishers Ready for Attention’s Dominance? below!

[download-link]Click Here to Download your copy of The Targeting and Metrics Evolution: Are Publishers Ready for Attention’s Dominance? Playbook now![/download-link]

The post The Targeting and Metrics Evolution: Are Publishers Ready for Attention’s Dominance? appeared first on AdMonsters.

Currently, MFA sites account for at least one in five online impressions, consuming 15% of global programmatic ad spend and generating 26% more carbon waste than legitimate publisher sites.

Major brands are paying for advertising on these low-quality sites, almost certainly without their knowledge. The number of these sites is likely to increase as AI-generated content continues to be more commonplace and as the industry phases out the use of third-party cookies. This is because MFA sites rely in part on outdated contextual targeting tactics to bring in clicks. 

What are MFA Sites? 

There is no standard definition of what makes an MFA site at this time, but there are several key identifiers. MFA websites will be full of “filler content,” such as AI-generated nonsense, clickbait, unnecessary slideshows, and interlinked websites. This content provides a negative user experience and is unlikely to result in anything more than a negative brand impression of advertisers that appear on such sites.  

A major reason these sites are increasing in popularity is that they deliver the near impossible: lots of eyeballs at dirt-cheap prices. While they masquerade as legitimate sites, those eyeballs don’t translate to quantifiable business outcomes for buyers. It feels as if they should be labeled as fraudulent, but unfortunately, most of these sites do not meet current industry standards for invalid traffic (IVT). 

MFA sites also have higher carbon emissions than their legitimate site counterparts — approximately 26% more. This is because they are generating a substantially higher number of requests per impression to SSPs and resellers than other sites, which increases waste.  

How do MFA Sites Negatively Impact Publishers? 

MFA publishers are able to game the system to acquire the clicks they need to continue generating advertising revenue. The sites may be full of scammy content, but they aren’t considered fraudulent as of now because they operate within the existing rules set in place to ensure media quality. 

Low-quality media has been in existence since digital media was created, but the MFA problem is increasing the volume of low-quality media exponentially. Unfortunately for publishers, in the supply chain, MFA site content appears to be brand safe and is cheap, making it difficult for buyers to avoid.

There are solutions currently in place to seek out higher quality media, such as buying via private marketplaces (PMPs), but it is tricky to avoid this content entirely. The result? MFA publishers are taking a large share of the advertising revenue pie away from legitimate sites with trusted users. 

Why Should Advertisers Steer Clear of MFA Websites?

The biggest problems for advertisers whose content appears on an MFA site are the quality of the clicks they receive and the negative effect on their brand reputation — both of which can hurt an advertiser’s bottom line. 

Click quality is undermined by MFAs because they pack many different advertisements onto one page, which can lead to a buyer’s ad getting lost in the shuffle. MFA sites sometimes also place ads in positions where they aren’t visible, but can generate accidental clicks. In this case, a brand’s click rate will increase but the consumer is unlikely to actually spend time on their site. 

Brand reputation can also take a hit when consumers see an ad on a website that feels like a scam site. MFA content is often unnecessarily sensational, leaning into tabloid-style stories that many advertisers would rather not be associated with. 

How Can We Put a Stop to MFA Sites? 

Advertisers can avoid MFA sites by purchasing ads via PMPs, using supply path optimization (SPO) strategies, and up-to-date contextual and quality controls. It is also crucial for the entire advertising ecosystem that advertisers fund legitimate publishers rather than MFA sites.

SPO strategies help eliminate intermediaries so buyers have a closer connection to the publisher. This can help them see which investments are going to lead to tangible results. They can take this one step further by keeping their contextual and quality controls updated since MFAs rely on outdated systems to dupe advertisers into buying low-quality content. 

Advertisers can set up exclusion lists to prevent bids from reaching sites that are known MFAs. They should also actively seek out high-quality content sites, even if the cost of advertising is more expensive. 

Ad tech partners can help reduce traffic to MFAs by blocking these sites from premium programmatic deals. Unfortunately, the existence of MFAs is so pervasive that some in the industry worry that eliminating MFAs will do nothing more than send inventory to competitors. Ad tech partners must put pressure on MFAs to improve their user experience or remove this inventory completely. 

Ideally, the industry can come together to set standards that keep MFA sites at bay or these sites will continue to steal ad dollars from reputable publishers and damage buyers’ brand reputations.

The post What Are Made for Advertising (MFA) Sites and Why Are They a Scourge on Ad Tech and Sustainability? appeared first on AdMonsters.

With billions flowing through programmatic channels worldwide, the incentive for fraudsters to ply their craft was just too great.

Finally, the industry had enough. In 2014, the Trustworthy Accountability Group (TAG) was established to cultivate confidence and trust in digital advertising by facilitating collaboration among players across the supply chain to uphold quality and brand safety standards.

On June 21, TAG released its fifth consecutive fraud benchmark report for Europe, and for a fifth year in a row, IVT rates in TAG Certified Channels were below 1%.

Some Channels More Problematic Than Others

At least in Europe, some channels are more problematic than others. For instance, desktop display and video have IVT rates of 1.54% and 1.30% respectively. CTV isn’t far behind with 1.28%.

CTV Improved Steadily throughout 2022

Throughout 2022, CTV IVT rates exhibited a downward trend in each quarter, but it is important to note that this pattern may not necessarily reflect future trends as it could be influenced by other factors within the CTV marketplace.

Mobile in-app video and display formats consistently maintained lower IVT rates throughout the quarters, exhibiting stability over time.

The Caveat

It’s not as if all campaigns in the European markets studied show low rates of IVT. The report takes pains to point out that less than 1% fraud is only attainable in campaigns that run through fully TAG Certified Channels. These are channels in which every entity — publisher, ad tech platform, agency — have achieved TAG Certification Against Fraud.

The post What 5 Years of Minimal Fraud Should Tell the Market appeared first on AdMonsters.

It has infiltrated everything from art to the military, and now it’s becoming increasingly troublesome in the ad tech sector through malware, phishing, and scams. 

At an AdMonsters Ops session on June 6th, “AI + Malvertising = ?,” attendees heard from Jerome Dangu, Chief Technology Officer and Co-Founder, Confiant, and Louis-David Mangin, CEO and Co-Founder, Confiant, about how AI is affecting ad tech and how we can stay aware of what is to come. 

Confiant has been in the ad security business for 10 years, giving the company a great deal of experience in recognizing bad actors and helping publishers identify these risks as well. According to Confiant, ad tech has two dimensions of security risk: victim and vector. 

Victim refers to specific types of fraud, namely bot fraud, attribution fraud, and arbitrage fraud. Vector refers to the types of ways bad actors attempt to infiltrate, through malware, phishing, and scams. Of these, scams are the bread and butter of those attacking through advertising. 

Why AI Matters In Ad Tech Today 

Ad tech is a marketplace that reaches a wide range of people, and because of this, it can be used as a vector for cyber criminals to reach others and deliver attacks. It’s important to know what our responsibility is in terms of protecting users, Mangin says. 

While ad tech is not the only ad-based vector, those who are looking to scam others out of money do not distinguish between different facets of the internet; they will go wherever they can to make the most profit. 

Ad tech is also growing very quickly, and while this is a good thing for the industry it also means more opportunity for attacks. Mangin suggests it is important to consider how we control the possible infiltration and whether our current systems are up to the task as AI continues to permeate all parts of society. 

Our industry also lacks transparency, which is advantageous to the buyer, but causes a major blindspot when it comes to cybersecurity. Confiant has set up a website, buyers.json, to help create more transparency in the industry and to help limit malicious attacks. 

There is already an established attacker base in the ad tech space, with at least 35 different groups that specialize in compromising ad tech systems. Confiant has also established a website that maps out these bad actors, matrix.confiant.com. 

Cybercrime is generating trillions of dollars, and preventing these attacks is privatized, meaning you have to pay a private company to help you if you are the victim of a cybercrime. Cybercriminals also only need to succeed a fraction of the time to make their attempts worth it, and things will only continue to get more challenging as AI helps create more effective attempts with less human effort. 

The Future of AI 

The world is currently buzzing about the unintended consequences of AI technology that have resulted from those with good intentions, but the ad tech industry should be concerned with bad actors whose intentions are malicious from the start. Ads are the best way to reach people today, leaving our industry open for a slew of attacks, particularly as AI technology improves. 

AI has a control problem, as evidenced by malfunctions that have been in the news recently. For example, the Air Force allegedly performed a simulation with AI where the AI drone killed its operators and even attempted to blow up the control tower while programmers worked to reprogram the drone to prevent further casualties. And. it has been proven that Chat GPT has the ability to lie to users. 

“We’re fundamentally tinkering with intelligence here,” Mangin shares. We don’t quite understand the technology yet, which leads to complications. He notes that a large company was recently working with Confiant to try to create security to block AI attacks, but could not create proper defenses since they could not figure out how the AI had reached a particular conclusion. 

The technology for AI is open source and every week there are huge improvements happening. Regulation is on the way soon, but while governments can enact regulations that large companies will have to follow, those who are operating in small numbers or as individuals will still be able to do what they want.

Deep Fakes And Scams

We’ve all seen AI-generated photos that look incredibly real, such as the Pope wearing a fantastic puffer jacket. This same technology that can create these photos can manipulate videos or audio to sound like it is coming from an authentic source. These deep fake videos can create trust with the people who watch them and convince them to buy into a scam. 

Another improvement in this technology that is on the way is sending malicious calls to AI programs rather than call centers with real humans. This will increase the number of people scammers are able to attack because they won’t have to physically staff call centers to complete the scam. 

It’s crucial that we as an industry are on the lookout for what is on the horizon. Bad actors will find a way to optimize access to targets through AI, and they will monetize this access. Of course, AI can help us to complete tasks, but it can also hurt, so we must be vigilant about keeping user data safe.

The post The AI Revolution Is Coming: Confiant Explains What To Look Out For And How To Help Keep Users Safe appeared first on AdMonsters.

• Do bad ads prompt users to leave a news site or app? Do they report those poor experiences to the publisher?
• What is the impact of a bad ad on the consumer’s propensity to return to that site, recommend it to others, or make a purchase on it?
• Do bad ads send users a message that publishers care more about making money than they do about their safety?

To gain that understanding, we surveyed 250 consumers about the impact of a “bad” advertisement on their perceptions of a website or app. We defined a bad ad to survey takers as “any advertisement — including the web page or app that clicking on it brings you to — that you find unpleasant, inappropriate, untruthful, or has some kind of computer virus associated with it.”

Then we talked to publishers to hear their reactions to the data, and also learn some pro tips that we could pass on to our readers.

Enter your email below to download your free copy of How Bad Ads Affect Consumer Perception of Publishers! 

This playbook, created in partnership with GeoEdge, will dive into the results of our survey, highlighting both the challenges and solutions. 

[download-link]Download your copy of the How Bad Ads Affect Consumer Perception of Publishers playbook by clicking on this link now![/download-link]

The post AdMonsters Playbook: How Bad Ads Affect Consumer Perception of Publishers appeared first on AdMonsters.

From 2022 to 2023, his company monitored and analyzed billions of live advertising impressions across premium websites, apps, and SSPs to assess the overall ad quality in today’s digital ecosystem. The results, published in GeoEdge’s Q1 Ad Quality Report are worrying, which is why Yuval is sounding the alarm.

The results show that scammers changed tactics around 2020, shifting from using auto-redirects to lure users to malicious domains, to relying on clickbait ads to take them to these destinations.

Yuval is concerned that if the industry doesn’t make a serious dent in malicious ads and malvertising, consumers will cease to click on ads and even cut back on their online news consumption — developments that will have far-reaching ramifications for the industry and society as a whole.

To understand the extent of the problem, we asked Yuval about GeoEdge’s most recent Ad Quality Report.  

How Malvertising Shapes Behavior and Threatens An Industry

AdMonsters: Your report shows a significant uptick in malicious and clickbait advertising since the first of the year. Can you explain why that is?

Yuval Shiboli: I think we can thank the recession and its impact on market expectations for that. With advertisers cutting back their ad spend, floor prices are dropping, publishers are accepting lower bids, which is causing the average CPM to decrease.

This phenomenon leads to a greater volume of low-quality ads being placed in publications, as there is a strong correlation between the price and quality level of advertising.

Additionally, now that some SSPs are loosening their tight grip on advertisers, it’s easier to enter the market with new scams and tactics.

AdMonsters: Of all the impressions that are filled with ads, what percentage of those ads are scams or malicious?

Yuval: It depends on the country. In the US, it’s one out of every 170 ads. In the UK it’s one out of every 140.

AdMonsters: Wow, I thought it was one out of a thousand or so.

Yuval: You’re not alone. Most people in the industry believe the same, but the problem is much more severe.

87% of Clickbait Ads From Just Two SSPs

AdMonsters: Your report says that 87% of the clickbait ads you’ve measured stem from just two SSPs. Are publishers aware of where these ads come from?

Yuval: If they work with an ad security solution they’ll be able to see exactly how each SSP performs, and which ones deliver the most clickbait ads and malvertising. Those ads won’t be displayed, of course. But they should take that data to the SSP and ask them to address it. 

GeoEdge relays ad quality data to SSPs, but the amplification of our collective voice is bound to compel SSPs to take action.

AdMonsters: Are the SSPs responding to your reports?

Yuval: Some are, some aren’t. Again we see a strong correlation between performance and response. The platforms that don’t pay attention to the reports deliver the most low-quality ads.

AdMonsters: As the largest SSP in the market, how does Google fit in the uptick of scams?

Yuval: Everybody on both the sell side and buy side works with Google, and everyone assumes that its platforms are clean and safe. We’ve found the opposite is true, and that of all the SSP providers, Google is the least motivated to block bad ads. Now that so many SSPs have left the market, no one can stop working with them, and they know it.

...of all the SSP providers, Google is the least motivated to block bad ads.

I just read Google’s 2022 Ad Quality Report, in which they reported for the entire year they blocked 5.2 billion ads, which sounds like a lot. But read the fine print, and we learn that most of those ads are blocked for reasons such as copyright infringement or third parties using trademarks they’re not entitled to use. On one page of the report, however, we see that Google blocked just 4.5 million ads for malicious or unwanted software. We know that hundreds of millions of such ads are served. If Google did more to stop such ads, we could spare the consumer a lot of pain.

Misleading Product Offers Most Notorious Clickbait

AdMonsters: What are some of the clickbait ads you see most frequently?

Yuval: There’s a section in the Ad Quality Report where we detail the top five scams that we block. The most frequent are misleading product offers, such as fantastical financial offers. This time last year the scams were all about crypto, but they are less so now. Now we’re seeing ads promising medical transformations, such as hair regrowth, that type of thing.

Celebrity endorsements are another common tactic. These ads will say things like, “See what Elon Musk invests in,” in order to lure people into a scam investment.

AdMonsters: Why are these obviously fake ads getting through the SSPs?

Yuval: The successful scammers use fingerprinting and cloaking to ply their craft. Ad cloaking is a sophisticated camouflage technique that scammers use in the programmatic ad environment to hide malicious creatives and landing pages. With cloaking, scammers only expose scam ads after their campaigns have been scanned by the SSP and deemed safe. 

The fraudsters are very selective in who they show their malicious ads, looking for users who are scam-worthy, meaning there is no security detection software in the environment.

AdMonsters: The report talks about luring people to malicious destinations. Explain this scam.

Yuval: These are ads that typically involve fake celebrity endorsements that lead users to a page that’s designed to look like a legitimate site, such as People magazine. For instance, scammers these days are using fake Kevin Costner endorsements for a range of products, such as CBD gummies. The user clicks, is taken to a malicious page, and enters his or her credit card information for a product that never arrives.

AdMonsters: According to your research, forced browser notifications are one of the most frequent techniques to scam users. How do they work?

Yuval:  These types of scams exploit push notification functionality, which itself isn’t inherently bad. Forced browser notification scams occur when a user clicks on the scammer’s ad and is taken to a landing page but in order to access the content, the user must click “allow.” Most people don’t understand what it means to allow a site to push notifications to their browsers, so they click. Once they do, it opens a gateway for the scammer to push all sorts of notifications to the user, such as a popup saying that a virus has been detected on their computers.

How Publishers Can Keep Scams Off of Their Sites

AdMonsters: How can publishers keep such scams off of their sites?

Yuval: First, the SSPs need to test campaigns on a continuous basis so that they are prevented from purchasing inventory to begin with. And publishers need to look at the entire ad experience, meaning the ad and the landing page to which users are led.

AdMonsters: Who is responsible for combating these types of scams within the publisher’s organization?

Yuval: It typically falls to the AdOps group, which is responsible for monetizing the site and generating revenue. Typically we don’t see a position like a “fraud czar” or something like that. The AdOps people we’ve spoken to are highly frustrated because they don’t have the tools to fight malvertising effectively or to even tie back bad ads to the SSPs that sold them. They spend a lot of time optimizing revenue, A/B testing, and trying new SSPs, but then they hear about a malicious ad from the editorial team and they’re at a loss as to how it arrived on their sites or how to prevent them.

AdMonsters: Are there tools to prevent malicious ads, and to verify that the landing pages aren’t full of malvertising?

Yuval: Yes, of course, and the strongest ones are those that can detect scams after a user clicks on the ad, a functionality that is critical now that the majority of scams occur post-click. But publishers must be willing to pay for them. They need to hear from their users that malvertising and malicious ads are spurring distrust in online news.

The post How Malvertising Shapes Behavior and Threatens An Industry: A Q&A with Yuval Shiboli, GeoEdge appeared first on AdMonsters.

Recently, HUMAN Security made headlines when it reported it had successfully taken down a massive bot network known as VASTFLUX. At its height, VASTFLUX stole potentially tens of millions of dollars in revenue by launching fraudulent SSPs to host auctions for impressions that didn’t exist, and by using ad seats on DSPs to purchase ads that contained their zero-day payload.

That payload triggered unexpected new sideloaded auctions monetized by their fraudulent SSPs. It was a dazzlingly elaborate scheme that required real seats on DSPs, technical expertise, and supporting infrastructure that cost millions of dollars. This, to HUMAN, is a perfect example of the bot economy.

To learn more about today’s bot networks and how the industry can work together to limit their damage, Admonsters spoke with Zach Edwards, Senior Manager of Threats Insight for HUMAN. 

AdMonsters: You say that bot schemes are on the rise. By how much? What’s the main tactic?

Zach Edwards: We see a huge spike in account takeovers. They’ve increased by 98% in the last six months. Once deployed, Bots break into username-protected accounts and cause all sorts of grief for the victims.

AdMonsters: In a previous email, HUMAN said that the bot economy is flourishing with SaaS delivery and customer support. Does that mean anyone can buy a bot and use it to start stealing ad revenue from publishers and advertisers?

ZE: Not exactly. The more you simplify it, the more impossible that scenario becomes. The amount of money, technical skills, and infrastructure means that bot networks on par with VASTFLUX are out of reach for your college student looking to make quick money.

It’s great for the industry that the barriers are high. But at the same time, the bad actors who exist and target our ad system are not in jail. 

AdMonsters: Then what do you mean by bot SaaS models?

ZE: It’s a software as a malicious service, meaning that bots are sold and used for malicious activities. In this ecosystem, we see overlapping threat actors, people who develop a threat tactic, backburner it for a few years, then bring it out again. 

It’s important to think about this particular service ecosystem as a big affiliate structure, so it’s much more sophisticated than buying a sneaker bot, which anyone can buy on the web.

As you said in the intro, these bot networks require capital, infrastructure, technical expertise, and huge operations to create accounts. I believe that people in the industry will really benefit from an understanding of the operational chunk of a bot network.

AdMonsters: Okay, how do bot operations work?

ZE: There are multiple structures. Often, a bad actor will sign up for a DSP and submit fake or real corporate credentials tied back to a know-your-customer (KYC) process. But, they don’t accurately disclose where they do business or their location. This is where things are imploding.

The fraudsters will lay low, purchasing inventory and displaying ads without malicious code until they build their credentials. Once they’re flying under the radar a bit, they begin to deploy the malicious code. They also have sophisticated detection capabilities. For instance, they can detect when an ad is screened for bots and display an innocuous ad in such scenarios to avoid getting caught. This is the classic fraudulent DSP.

All malicious bot networks need a cashout mechanism, to divert the legitimate actor’s budget into their own pockets. In the case of VASTFLUX — which was discovered by my colleagues, HUMAN Threat Researcher Vikas Parthasarathy, and Data Scientist Marion Habiby, the malicious ads triggered additional invisible auctions. In a sense, the fraudsters cashed out by acting as fraudulent SSPs and selling millions of dollars worth of fake inventory.

AdMonsters: So the bad guys buy one legitimate impression, then sell that same impression to multiple unsuspecting buyers?

ZE: Exactly. To the buyers, it looks like they purchased a legitimate impression, so they don’t put a stop to their buys.

It’s important to note that VASTFLUX targeted real users with some portion of bots involved. But that’s just one investigation. We’re looking into dozens of others where that’s flipped the other way. These schemes rely more heavily on bots compared to real users. 

The latter schemes rely on bots and fake traffic, which they can get from criminal organizations establishing affiliate networks spanning thousands of websites. The crime organization’s customers can purchase traffic to specific websites from different countries, and referral traffic from specific domains and social networks. This process allows the bad actors to customize what the fake traffic looks like or customize which bots they rent. The more enterprising ones can turn around and sell that customized bot network to their customers.

AdMonsters: What can the industry do to recognize when they’re buying fraud?

ZE: We need to recognize we’re buying too many impressions from a specific app. If you buy 30 million impressions a month on a specific app, you definitely want to be in contact with that app publisher. Reaching out to that app publisher and informing them of the exchanges in which you’re purchasing that app’s inventory will create a feedback loop that can let you know if things aren’t lining up. That app publisher may tell you they don’t sell on those exchanges, or that their apps don’t have the number of users required to generate 30 million impressions each month, or you may get a great direct buy deal with a discount on your impressions just by reaching out.

I’m not suggesting that such conversations alone can uncover schemes like VASTFLUX.. Still, they have an excellent way for buyers and sellers to assess if fraud exists in cases when the marketer is buying vast amounts of inventory. And anyway, those dialogs could lead to partnerships or discounts, so they never hurt.

The post A Look into the Flourishing Bot Economy appeared first on AdMonsters.

With the overconsumption of data across various channels, first-party data sets are easier to unify and activate with the right tools. Without them, publishers are disconnected from their audience base and lost to fend for themselves in a wilderness of unclassified data. 

That’s where Lotame’s Spherical comes in. Lotame announced the launch of its new data platform at IAB ALM. In collaboration with various customer data platforms (CDPs), the tech enables interoperability and data portability across brand and media owner tech stacks. 

We spoke with Alex Theriault, General Manager, Spherical at Lotame. We discussed Spherical, the difficulty accessing consumer data, balancing data ethics and monetization, and more. 

Unifying Data Across Silos

Andrew Byrd: According to your research, Nine in 10 CMOs (91%) cite access to customer data as a competitive advantage, but a nearly equal amount (89%) say it isn’t readily available to them. Why do you believe it has been hard for them to access that data?

Alex Theriault: The CMO Council conducted this research (The High Velocity Data Marketer). The report cites “time, as in, there’s not enough of it” as the roadblock to real-time insights and predictive analytics availability. We’d go one step further and include technology and human resources to extract those insights, analyze the right signals and connect them to actionable outcomes. Collecting data for digitally native brands isn’t the challenge anymore.

It’s making valuable use of that data, from unifying it across silos and systems to modeling and enrichment for data-informed audience creation and activating that customer data in faster, smarter, and easier ways across trusted publishers in a privacy-safe way. No small hill to climb, for sure! But with interoperable technology like the Spherical Platform, marketers become data empowered. 

AB: Spherical is Lotame’s first-party data offering. Why did your company need a technology that helps publishers and advertisers gain access to first-party data? How does it differ from other first-party data offerings? 

AT: Media owners and marketers are grappling with unprecedented challenges to the tried and trusted ways they engage customers and acquire prospects. An increasingly fragmented universe of data, evolving privacy regulations, and varying levels of actionable first-party data are the tip of the iceberg. Macroeconomic conditions and the threat of recession are forcing functions for digital companies to find data solutions that actively propel growth today and are future-ready for the cookieless ecosystem and beyond. 

Lotame has always empowered clients to collect, enrich, analyze, and activate valuable first-party data from unknown users. With Spherical, media owners can marry their subscription and advertising initiatives within one platform for true data empowerment. Historically, these two have been siloed and handled by separate teams within different record systems. Whether first-party data is sourced directly by Lotame or ingested from emerging CDP integrations like Salesforce, Tealium, and mParticle, we’re bridging the gap between known and unknown first-party data to solve some genuine and persistent industry pains. 

Third-party cookie deprecation negatively impacted data enrichment and modeling support advertising targeting and customer acquisition. In addition, Spherical is cookieless-ready now with a proven identity framework and award-winning probabilistic ID (Lotame Panorama ID) for activation across platforms, browsers, and devices. And finally, we remain committed to supporting publisher revenue growth and the future of the open web through fair competition. Access to customer data is a competitive advantage, and we believe everyone should be able to drive growth and derive value from it — whether you have it or need it. 

Spherical: A Step By Step Rundown

AB: Can you elaborate on how Spherical works? 

AT: Spherical offers three key, unique components to help publishers and marketers be data empowered: 

• Proven, proprietary technology to unify, manage and activate first-party data
• One of the largest, global, consented data marketplaces to fuel modeling, enrichment, and analytics
• An identity spine to connect, extend and preserve data portability in a privacy-safe way without the need for third-party cookies

With Spherical, media owners and marketers can unify, model, enrich, and activate known and unknown first-party customer data for actionable customer intelligence, data-informed audiences, and identity-powered activation.

For example:

Actionable Customer Intelligence: Build complex audiences and run instant reach estimates to confirm the availability of highly sought-after segments. Enhance campaign reporting with demographic, interest, and intent attributes provided to advertisers for upsells.

Data Informed Audiences: Increase yield by monetizing your most valuable first-party audiences across all domains and screens. Use machine learning-powered lookalike audiences to extend your most valuable, sought-after, and niche first-party data.

Identity-Powered Activation: 

1. Address 100% of site traffic and future-proof targeting in a cookieless world. 
2. With data-empowered inventory across all screens, achieve maximum revenue in direct and programmatic channels.
3. Unlock new revenue streams with flexible data-selling capabilities.

AB: While creating Spherical, you partnered with several CDPs, such as Salesforce, BlueConic, and Rudderstack. Why was it vital for you to partner with these CDPs, and what value do they add to the product? 

AT: Media owners and marketers need to drive growth and revenue from known and unknown consumer touchpoints, so a marriage between CDP technologies and Spherical is a critical competitive advantage. CDPs were deployed for subscription and marketing purposes (email, SMS, etc.), such as building customer and subscriber profiles to personalize communication with existing customers.

By contrast, Spherical addresses the advertising use case (display, video, social, etc.) with activation into the ad tech ecosystem as a critical driver for customer acquisition. What publisher or marketer isn’t looking to unify acquisition and retention? 

Future-Proofing: Balancing Monetization and Data Ethics

AB: With privacy regulations and third-party cookie deprecation around the corner, the industry knows the importance of first-party data. Although, some publishers and advertisers are worried that their revenue will suffer without the third-party cookie. What advice would you give to help them balance data ethics and monetization? 

AT: Third-party cookie deprecation created an increased urgency around finding an identity solution that addresses and fills the gap. I’d go so far as to say that urgency is a bit late, but every day counts to get ahead of testing and implementing a portfolio of solutions to preserve and grow revenue. My advice for both the buy-side and sell-side is to understand which universal IDs offer the optimum blend of scale, precision, and the ability to honor consumer consent.

Our Panorama ID solution is tested and proven to deliver the results advertisers and publishers need. And all of our solutions are built with privacy by design principles and according to the strictest standards (GDPR, CPRA, etc).

AB: With any new product, there are learning curves. How do you plan to develop Spherical to future-proof the product? 

AT: In 2023, Lotame will focus on five key themes affecting our customers and the industry: customer data management, data connections, identity, analytics, and CTV.

Lotame is enhancing our platform to empower clients to manage data on known and unknown users by bringing it together to support all advertising activities. 

Data connections have always been a unique differentiator of Lotame’s business. With hundreds of connections to bring data in and out of our platform, we are focused on expanding our list of participating CDPs and data warehouses enabled for first-party data ingestion into the Spherical platform, which solves the increasing fragmentation of data into various silos. Further, we are enhancing and expanding our connections on social platforms. 

Identity is core to Lotame’s platform. We continue to evolve the Lotame Panorama graph by adding deterministic links for improved ID resolution. We offer a hybrid solution with the ideal blend of precision, deterministic links, and pseudonymous traffic’s maximum scale and addressability. It is central to enabling data connectivity within our platform and with partners throughout the ecosystem. 

Analytics remains a core focus for Lotame. Clients increasingly leverage our platform and vast data assets to garner valuable insights about their audiences – visitors to their digital properties, customer segments, or consumers exposed to a campaign. We will introduce iterations to existing and new dashboards, including side-by-side and trend analysis. 

Lotame will continue to focus on addressing data targeting in CTV – which our recent Beyond the Cookie 3 research identified as one of the most significant gaps for marketers in the CTV space. Our CTV division is sourcing more data from CTV devices and increasing the availability of our data marketplace within platforms enabled for CTV activation.

The post First-Party Data at Your Fingertips: Q&A With Alex Theriault About Lotame’s Spherical  appeared first on AdMonsters.

Last year, advertisers spent over $327 billion targeting users as they engaged with popular mobile apps, but as HUMAN Security announced yesterday, a chunk of that spending went into the pockets of fraudsters who successfully launched a massive ad fraud scheme.

HUMAN discovered the highly sophisticated scheme last summer. Dubbed VASTFLUX (a combination of fast flux, an evasion technique used by cybercriminals, and VAST, which the criminals exploited to perpetrate this crime). 

Massive Ad Fraud Scheme

In this multistep fraud, attackers purchased mobile inventory via programmatic exchanges and then injected malicious JavaScript code. That code allowed the attackers to stack as many as 25 video ads on top of one another, enabling the fraudsters to register multiple ad views. All ads, of course, were completely invisible to the user, which was instrumental in evading detection.

“What was technically impressive and incredibly concerning about VASTFLUX was the fraudsters hijacked impressions on legitimate apps, which makes it nearly impossible for users to tell if they are impacted,” said Gavin Reid, HUMAN’s newly-appointed CISO, in a statement.

HUMAN discovered VASTFLUX as its data scientists were investigating an entirely different threat. VASTFLUX managed to spoof some 1,700 apps, target 120 publishers, and run ads on 11 million devices.  At its peak, the fraud accounted for more than 12 billion fraudulent ad requests per day.

“It is clear the bad actors were well organized and went to great lengths to avoid detection, making sure the attack would run as long as possible—making as much money as possible,” Marion Habiby, a data scientist at Human Security, told Wired.

A Bot Economy

Thanks to their ability to mimic human behavior, bots are a favored and prolific tool of cybercriminals. Tamer Hassan, CEO and Co-Founder of HUMAN Security says bots are used in 77% of all digital attacks. 

“What’s especially important to understand is there is a bot economy that supports sophisticated organized criminal activity, allowing anyone to buy bots. This allows bad actor groups to function like legitimate businesses and fund other criminal schemes.” 

For instance, his company has seen:

• Botnets leased or even franchised similar to the way other SaaS products are marketed and sold. 
• Customer success services complete with customized solutions and 24/7 support via encrypted chat rooms.
• Marketplaces for everyday users – not sophisticated cybercriminals – to purchase bot support to secure coveted items like tickets, sneakers, etc.

As a result of this economy, malicious actors, such as those behind VASTFLUX, can easily develop, deploy and adapt botnets in order to bilk advertisers while evading detection. 

According to Hassan, the ultimate goal is to eliminate the financial incentive for these schemes, and effort that will require cooperation among everyone in the industry.

“We need to change our approach and embrace modern defense as a core framework for effective intra-industry and public-private collaboration. This approach goes after the economics of cybercrime, ultimately making schemes like VASTFLUX unprofitable while collective protection lowers the cost of defense. Winning the economic game is how we win as an industry against cybercriminals.” 

The post HUMAN Discovers and Shuts Down Massive Ad Fraud Scheme appeared first on AdMonsters.