Advertising fraud online is being called the second largest organized crime scheme globally, according to Digital News Daily. About 3/4 of US fraudulent advertising traffic is now considered "sophisticated" invalid traffic, according to recently released data.
Looking over IP addresses and blacklists no longer helps companies combat this fraud, according to Guy Tytunovich, CHEQ founder-CEO, and a former Israeli military intelligence officer. He started CHEQ to advocate for free internet. "If we can't help sustain digital advertising by blocking these fraudsters, then we can't help sustain the beautiful concept called the free internet," he said.
He continued: “The industry needs to understand that for the last 10 years, vendors have been talking about different methods for detecting fraud through probabilistic and simplistic approaches. At the end of the day, which I learned working for the defense intelligence in Israel, it’s a cat-and-mouse game. These methods no longer work.”
Tytunovich's company, CHEQ, continues to build out a military grade ad verification service. Their service has analyzed 4.1 billion ad requests made in the United States across 1.2 million websites between October 2018 and February 2019. This number was up about 20% YOY and about 18% of the online traffic to advertisements was found to be fraudulent.
Of this fraudulent traffic, 77% of it was classified as "sophisticated invalid traffic" (SIVT), which relies on far more advanced malicious methods to defraud the advertising system than "general invalid traffic" (GIVT). While GIVT can be detected by IP and user agent blacklists, SIVT requires sophisticated capabilities, such as operating system and device fingerprinting, bot traps and network behavior analysis.
In its evaluation, CHEQ found "570 million SIVT attacks, each using a triple-lock of interwoven frauds that combines sophisticated domain-masking, invalid-referrals and viewability fraud in a coordinated attempt to evade detection."
Other techniques that were used included domain spoofing, where scammers create hidden iframes and webpages to run that consumers never see. There have also been various means used to falsify location data. CHEQ found and blocked 743 million instances of combined GIVT and SIVT ad requests.
And the fraud isn't just with ads, he said: “Now there’s a thing called ‘fake news,’ and I’m not even talking about fact-checking Trump. I’m talking about Russian or Chinese hackers trying to influence elections in Democratic countries using cyber-security hacking methods to distribute fake or false news. This didn’t exist 20 years ago before the information highway made it available for rouge countries to behave that way.”
Ad fraud and cyber threats will need to be taken more seriously, Tytunovich said. As we head into a reality where autonomous vehicles become more prominent, cyber threats will become far more pronounced than they have been in the past.
The concern for Tytunovich has turned from groups like Al Qaeda getting their hands on nuclear devices or chemical weapons 15 years ago, to now getting their hands on a keyboard and an internet connection.