By David Malamed
Online ad fraud is a growing and increasingly damaging problem for the digital advertising industry.
A recent online advertising campaign by automaker Mercedes-Benz was viewed more often by automated computer programs than by human beings, the Financial Times reported. “The ads were inadvertently placed onto fraudulent websites by Rocket Fuel, a Nasdaq-listed ad technology company that went public in September  with a market capitalization of nearly [US]$1 billion.”
The scam was discovered by Telemetry, a UK firm that specializes in detecting online advertising fraud, a problem that has beset the fast-growing advertising medium, which is worth about US$120 billion, an increase of 15% from 2013.
Jalal Nasir, CEO of Pixalate, a California-based ad tech data company, estimated that ad fraud could cost [online] marketers as much as US$11 billion in 2014, a 22% increase over 2013. “It’s clear,” he said, “that ad fraud is running amok.”
In a sample of 365,000 ad impressions brokered by Rocket Fuel over three weeks, Telemetry found that 57% were clicked on by automated computer programs, often referred to as bots. “Telemetry detected the bots by identifying anomalies in traffic to the ads,” the Financial Times reported. “Virtually all of the suspect traffic came from five small Internet service providers. And the computers ‘viewing’ the ads used Linux, an operating system rarely used on desktops, though they attempted to disguise this by simulating popular web browsers that only work on Windows or Macs. Telemetry said it had traced the ownership of the bot network to two people in the UK, who directed the bots to websites they owned, thereby making money from the ad sales. The websites have since disappeared.”
Rocket Fuel, which acts as an intermediary between advertisers and online publishers, is not considered to have had any knowledge of the deception. It questions the accuracy of Telemetry’s numbers, and Mercedes-Benz says that during the entire campaign fewer than 6% of views were questionable.
Rocket Fuel says it employs sophisticated technology to weed out online ad fraudsters, who continue to find ingenious software programs that mimic how real people browse the Internet. In February, it identified and rejected 500 billion bid requests from online publishers because of inventory quality concerns, the Financial Times said.
It’s not surprising that the Internet has proved to be a gold mine for ad fraud artists. Before the net, to place an ad a company would pay newspapers and magazines a fixed amount based on the circulation and prestige of the publication. On the Internet payment is based on the number of visitors to a site and the number of visits on the company’s ad.
This formula opens the door for fraud — wide open. What’s to stop an unscrupulous perpetrator from using bots or teams of low-paid workers to repeatedly click on a site to make it seem that the click through rate (CTR) is greater than it actually is?
“Click fraud by malicious bots results in a damaging trickle-down effect,” says the Multichannel Merchant website. “Click fraud impacts the ecommerce site paying for advertising by maxing out daily budgets and making it pay for clicks and impressions that are not real people. It is not uncommon for online retailers who fall victim to click fraud bots to report CTRs as much as 10 to 20 times the normal rate. Click fraud also hurts the reputation of the ad network because the advertisers ultimately see lower conversions from the ad network. Ultimately, click fraud hurts the reputation of the advertising industry by diluting the confidence in online advertising.”
It can also mislead advertisers by making them think they’re reaching more people than is the case.
Online ad fraud is so rampant, says Ad Age, that when top digital-advertising executives descended on Palm Desert, Calif., in February for the Interactive Advertising Bureau’s annual leadership meeting, one topic dominated conversation: fraud. In the hallways and on stage, industry leaders made it clear that the problem was out of control and needed to be stopped. In a town hall meeting one participant even suggested putting a bounty on perpetrators. “What about ‘Wanted, dead or alive?’” he said. ‘Twenty-five thousand dollars to each company who puts one of these guys out of business. Make it $100,000!’”
Search engine Google has long been an obvious target of ad scammers. In February, as part of an effort to boost its advertising fraud squad, it announced the acquisition of Spider.io, a three-year-old London-based company that specializes in weeding out fraudulent online ad clicks.
“Advertising helps fund the digital world we love today — inspiring videos, informative websites, entertaining apps and services that connect us with friends around the world,” Google said on a blog post.” But this vibrant ecosystem only flourishes if marketers can buy media online with the confidence that their ads are reaching real people, that results they see are based on actual interest. To grow the pie for everyone, we need to take head-on the issue of online fraud.”
Neal Mohan, Google’s vice-president for display advertising, put it more colourfully. “Ad fraud is the pollution problem of the web,” he told the Financial Times. “If you are out at a national park or trying to get a photograph of a beautiful lake, it is a mound of trash in front of it. Spider.io has been trying to clean that up to get to the pristine environment.”
But click fraud is not the only way to skin the online advertising cat. A baby-faced 22-year-old from Brooklyn, NY, created a more elaborate ruse. In May, Facebook accused Martin Grunin of breach of contract, fraud and other related charges involving ad fraud of approximately US$340,000.
Facebook’s complaint against Grunin, which was filed in US District Court in San Francisco, said that “defendant Martin Grunin is a serial offender who has repeatedly violated Facebook’s terms and applicable law. His unlawful activities include defrauding Facebook, accessing Facebook without authorization, selling access to Facebook advertising accounts without authorization, and tricking Facebook users into visiting commercial websites so that he could earn referral fees.”
Adweek noted that Grunin is accused of running a sophisticated online advertising scheme that could have garnered him millions of dollars if continued unchecked. “Grunin trafficked in Facebook ad accounts that he allegedly opened using faked identities and sold them on the black market where affiliate marketers scooped them up to amass the lucrative marketing inventory,” the publication said. Affiliate marketing is defined as a “type of performance-based marketing in which a business rewards one or more affiliates for each visitor or customer brought by the affiliate’s own marketing efforts.”
In essence, Grunin told Facebook he was a marketing agent who had accounts with 70 seemingly legitimate advertising agencies. He slightly changed the spelling of the legitimate names in the hope that no one would notice the deception. If Facebook did business with him, he would arrange for the 70 firms to buy ad space on the site. In theory, the 70 agencies would pay Facebook the money they collected from the advertisers, less everyone’s take, either directly or through Grunin.
He asked Facebook to authorize a considerable budget for each of his so-called clients, so he could arrange to sell Facebook a large body of ads. It agreed.
One of the ways Grunin allegedly deceived Facebook was to sell advertising space for adult-content websites, which Facebook had banned. The ads on Facebook would appear to be for a company or product that had nothing to do with pornography, but when users clicked on them they would be redirected to the adult site.
“Beginning in early 2011, Grunin placed ads or caused ads to be placed on Facebook that contained sexually provocative content … in violation of Facebook’s Advertising Guidelines,” Facebook alleges. “When users clicked on the ads they were redirected to third-party websites that paid Grunin — either directly or as an ‘affiliate’ of a marketing company — for referring people to the websites.”
According to the New York Post, Grunin saw himself as a younger version of Gordon Gekko, the corporate raider portrayed by Michael Douglas in the 1987 film Wall Street. Gekko famously championed the philosophy that “greed is good.”
In September, the Interactive Advertising Bureau released a three-pronged solution on its website: fraud detection (suppliers must implement technological and business practices to identify ad bots and illegitimate human activity, and prevent such traffic from being sold); source identification (suppliers should provide assurances to buyers that inventory is from a legitimate source; one way to achieve this is by providing the specific URL of an ad placement); and process transparency (suppliers must provide details of the business and technical processes they have employed to meet the first two principles).
That sounds as if it would make an effective ad campaign, one that fraudsters will avoid clicking on to show their approval.
David Malamed, CPA, CA•IFA, CPA (Ill.), CCF, CFE, CFI, is a partner in forensic accounting at Grant Thornton LLP in Toronto.
This article was originally published in the December 2014 issue of CPA Magazine.