Since bots and other deceptive programs were developed, they’ve primarily existed to defraud financial institutions or retailers. The bots would pretend to be real, generate fake ad impressions, and then steal money — digital media was merely collateral damage.
But in 2016, the Methbot attack targeted digital media specifically.
For a period in December, a group of criminals referred to as “Ad Fraud Komanda” (or “AFK13”) stole between $3 million and $5 million dollars daily from advertisers and publishers. By faking clicks on video ads, the Methbot attack was the biggest digital ad fraud ever discovered, according to the security firm White Ops.
AFK13 was a well-oiled, detail-oriented machine, and it began by creating more than 6,000 domains and 250,267 distinct URLs. While the URLs appeared to be from well-known publishers such as ESPN and Vogue, a video ad was the only thing that could be hosted on the page. This cyberattack focused on brands connected to exchange and demand-side and supply-side platforms. By taking money from programmatic exchanges, they stole money from advertising brands directly.
The New Bully on the Block
Attacks like Methbot steal money from advertisers and exchanges by taking the place of legitimate publishers and limiting the exposure to the target audience they’ve bought into. Publishers also lose money because the opportunity to generate more revenue for their sites is stolen from them.
While the Methbot attack was the largest attack against digital media we've known, a cyber attack like this won’t be a one-time occurrence. Ad fraud and bots are ever-evolving, so these attacks will keep happening, especially as programmatic becomes more prevalent in every media plan.
The sense of ease makes using a programmatic platform appealing, but over automating without any internal regulations by those exchanges leaves companies open to serious liability that makes large-scale cyberattacks possible. Brand advertisers and publishers are going to have to rethink how they manage their businesses.
3 Steps to Avoid Cyberattacks
The key to avoiding attacks is understanding and preventing IVT (invalid traffic). IVT refers to artificial clicks and impressions — both intentionally and accidentally fraudulent — that can come from many different places. Some more benign sources include publishers clicking on their own ads, repeated clicks or impressions by users, and publishers using various methods to encourage clicks on their ads, such as implementing an ad in a way that causes a large number of accidental clicks.
But bots are also a big source of invalid traffic. IVT takes a variety of forms, but the effect is the same. They falsely inflate costs for an advertiser and earnings for a publisher. Here are three ways to identify and prevent IVT:
1. Know Your IVT.
To prevent invalid traffic, you have to know where it’s coming from. Whether it’s the result of bots, clicking your own ads, partnering with untrustworthy parties, or improper ad implementation, you need to know what the source of the problem is before you can fix it. In the case of bots, instead of looking at your traffic reports as a whole, break them up into segments. You can do this by using URL channels, custom channels, or DoubleClick for Publishers ad units. By observing your traffic in segments, you can better understand the effect of changing traffic sources or implementation on your ad traffic.
Implementing third-party systems into your analytics can also help in your efforts to understand IVT. Systems like Moat monitor IVT for you, sending email alerts when it detects several forms of IVT. Marketers who use Moat also don’t have to worry about paying for nonhuman impressions, as using Moat for programmatic platforms removes IVT before the bidding process.
2. Block IVT.
Understanding IVT is just a stepping stone in preventing attacks. While it helps you by calling out when issues occur, you still have to take action. Vendors like DoubleVerify and Integral Ad Science activate ad-blocking systems when they encounter IVT, stopping the invalid activity in its tracks and keeping it from happening in the first place.
This is an effective method, but be aware that it is not a cure-all. The blocking can lead to ad server discrepancies, which could negatively affect your normal campaign performance and delivery.
3. Work Straight With the Publisher.
By dealing directly with digital publishers or partnering with someone who does, you can work something out so that you don’t have to pay publishers for IVT — and if you’re working with an advertising partner or an analytics partner, it should not charge you for IVT.
This gives publishers the incentive to give the best inventory possible before those impressions are allocated for exchange demand. It also assures advertisers that they don’t have to worry about IVT because if anything shows up, they don’t have to pay for it.
The Methbot attack is only the beginning. By understanding IVT and taking steps to prevent it, you can defend yourself from the increasingly frequent cyber attacks on digital media.
What is your biggest scare about cyber attacks? How are you working to combat cyber attacks on digital media?