Threat Lab Archives - Integral Ad Science

The Threat Lab Analyzes the Year’s Highest Ad Fraud Spikes

IAS Team — Wed, 28 Feb 2024 12:00:00 +0000

In the Threat Lab’s recent Fraud Trends Report, the team advised advertisers and publishers to be wary of ad fraud when it’s at its peak. In the Q4 2023 analysis, the Threat Lab defined October, November, and December as the holiday season — and predicted that these months are particularly dangerous from an ad fraud perspective. The team further anticipated that November, specifically its fourth week, would be the hardest hit by ad fraud.

Now that we can look at global data from the 2023 holiday season, the Threat Lab team wanted to analyze the accuracy of advising caution during this time and understand what this can teach marketers about protecting ad campaigns during particularly turbulent periods.

When is fraud at its highest?

The graph below maps out global ad fraud rates for each day in 2023. The period highlighted in dark green represents the dates between October 12 and December 4, which overlaps with our definition of the holiday season. With a median ad fraud rate 67% greater than the rest of the year, the holiday season stands out as a period of disproportionately high ad fraud activity — so much so that 2023’s highest ad fraud rates all fall within the highlighted period.

What’s the deal with Black Friday?

However, certain dates pop more than others. The graph below shows that ad fraud peaks during November 24, 25, and 26 — also known as 2023’s Black Friday weekend. The median ad fraud of these three days was 36% greater than other dates in the holiday season, and a whopping 122% greater than the rest of the year. The top three most hostile days of 2023 were the Saturday after Black Friday, the Sunday after Black Friday, and Black Friday itself.

What makes this trend even more peculiar is that November 27, which was the Monday after Black Friday, experienced a 28% decrease in ad fraud relative to the day prior — signaling the highest single day drop of the entire year. This drop suggests that the already disproportionately high holiday ad fraud climaxing on this specific weekend isn’t accidental.

How does fraudulent traffic compare to legitimate traffic?

To understand why the holiday season is so hostile, we compared fraudulent traffic with legitimate traffic.

Although legitimate traffic does increase gradually throughout the year with periodic dips, there aren’t major inconsistencies during the holiday season. Fraudulent traffic, on the other hand, increases dramatically. This comparison suggests that the spike in ad fraud during the holiday season isn’t due to a change in legitimate traffic behavior — it’s linked to fraudulent traffic becoming more active.

So why does this happen? It’s most likely that advertisers aggressively increase their ad spend in the weeks leading up to Black Friday. And once Black Friday ends, they use the remainder of their budget on the following weekend. The challenge with this is that there is a finite supply of high quality inventory available. The increased demand pressures advertisers to buy low quality inventory, exposing their campaigns to higher risk of ad fraud.

How IAS Can Help

When high quality inventory is limited, the risk of fraud infiltrating campaigns is much higher. This risk can be avoided by adopting ad fraud mitigation and protection, which helps keep advertisers from spending their ad dollars on low quality inventory that comes with a higher likelihood of ad fraud.

IAS ensures the most precise fraud detection possible with our three-pillar approach. Our fraud technology is based on a set of methodologies that detect the evolving threat of ad fraud with incredible accuracy. Our approach includes:

Behavioral and Network analysis: our 10+ billion daily impressions provide a macro view of bot activity
Browser and Device analysis: real-time signals at the ad call
Targeted Reconnaissance: malware analysis, software disassembly, and the infiltration of hacker communities guides detection and identification of emerging threats

It’s never too late — or too early — to protect your campaigns from fraud. Be prepared for fraudsters whose activity changes with the seasons. Contact an IAS representative today to find out how to fight fraud and drive superior results.

The post The Threat Lab Analyzes the Year’s Highest Ad Fraud Spikes appeared first on Integral Ad Science.

Fraud in Generative AI: A deep dive into how Gen AI affects marketers

IAS Team — Thu, 25 Jan 2024 13:00:00 +0000

The IAS Threat Lab evaluates the impact of generative AI in digital advertising

Generative AI has been commanding conversations in digital media lately. While generative AI isn’t a new concept, it has recently caught fire due to the prevalence and effectiveness of chatbot AI platforms, like ChatGPT. The onslaught of this technology has moved several tech giants to create their own version of an AI chatbot — and has inspired malware authors and fraudsters to do the same.

The IAS Threat Lab evaluated the effects of generative AI on ad fraud, how it could speed up the prominence of ad fraud in the digital advertising industry, and how we continue to protect marketers from these emerging threats.

What is generative AI?

Generative AI is artificial intelligence that’s able to create text, images, audio, video, or other media. This technology works by learning the patterns of information or data that it ingests, and generating new, similar information.

Let’s take a look at some ways marketers could be fooled by fraud powered by generative AI.

Fake websites and falsified user agent data

Generative AI can create realistic-looking websites filled with fake content, including articles, reviews, product listings, and more. It’s also possible to have AI ingest legitimate content from outside sources and have it launder the content into seemingly original articles and news stories. These sites can then be used to host fraudulent ads and generate fake impressions.

It doesn’t stop there. Fraudsters can leverage generative AI to create websites that closely mimic legitimate publishers, fooling marketers into thinking they’re placing their ads on reputable platforms. While not strictly fraudulent, this tactic can also be leveraged in Made-For-Advertising (MFA) sites in which a website with seemingly legitimate content overruns the majority of viewable space with advertisements.

MFA sites can be created at scale by an individual with the help of generative AI. Due to the positive viewability and brand safety metrics of placing ads on these domains, these sites can fool marketers into believing they’re generating quality impressions — but in reality, these ad placements are low quality and a waste of ad spend. In fact, the Association of National Advertisers (ANA) reports that MFA websites represent a shocking 21% of impressions.

Generative AI can also falsify impressions by creating fake user agent strings, making it appear as if impressions are coming from legitimate devices and browsers. Fraudsters use AI models trained on vast datasets of real user agent data to generate plausible but entirely fake user agent strings. The data is then inserted into requests made by automated bots or scripts and allows for fraud at scale with the intention to bypass behavioral fraud detection.

Fraudulent user profiles and testimonials

Generative AI can create highly detailed user profiles. These fake profiles are often complete with demographic information, interests, and online behaviors with the intention of mimicking genuine user interactivity. Fake profiles often come hand-in-hand with AI-driven bots that can simulate user behavior, like mouse movements and ad interactions, to make fraudulent activity look natural.

Along with fake profiles, generative AI can be used to produce large volumes of positive reviews and testimonials for products or services, artificially boosting popularity and trustworthiness. This type of activity is seen consistently on major retail domains, video streaming platforms, and financial coverage websites. They tend to be relatively obvious by having overly detailed information in their comment or review, and having an outlandish amount of “likes” that have been generated by bots.

How can you prevent AI-based ad fraud?

IAS’s ad fraud detection tools can help marketers mitigate the impacts of AI-based fraud. With advanced analytical, behavioral, and deterministic modeling techniques, IAS can detect and stop fraudulent activity powered by automation and AI.

In addition to fraud detection products, marketers should verify the authenticity of website content and reviews to identify potential fraud. Plus, marketers should conduct thorough vetting of publishers to ensure they’re legitimate, along with regular audits of ad campaigns, websites, and user engagement patterns to identify and address suspicious activity.

Marketers can also leverage IAS’s AI-driven MFA detection and avoidance product. Our MFA site technology improves transparency into advertiser campaign quality, identifies where spend is being allocated, and informs optimizations to minimize waste on MFA sites so marketers can take back control of their media quality and cut down on wasted spend.

Don’t let your brand get caught up in the blurry lines of what’s real and what’s not on the internet. Contact an IAS representative today to find out how to fight fraud and drive superior results.

The post Fraud in Generative AI: A deep dive into how Gen AI affects marketers appeared first on Integral Ad Science.

How Does Bot Traffic Vary Over Time?

IAS Team — Mon, 18 Dec 2023 05:00:00 +0000

The IAS Threat Lab deep dives into ad fraud trends

It’s no secret that the digital advertising landscape is rampant with malicious bots designed to commit ad fraud. Safeguarding any campaign from fraud is essential — but the threat of fraud is especially present during the holiday season. With ad budgets at their highest for the year, fraudsters are prepared to take advantage and ramp up their operations.

In this report, the IAS Threat Lab investigates bot activity to determine trends over time. The team set out to answer: How does bot traffic vary in a 24-hour period? How does it vary over a week? A month? The Threat Lab observed bot traffic over a 391-day period, analyzing billions of impressions each day to understand how bot attacks vary and how predictable — or unpredictable — these attacks may be.

Here’s a sneak peek at what we found.

People sleep, bots don’t

The Threat Lab analyzed billions of impressions across both human traffic and bot traffic. The impressions showed that bots mirror the activity patterns of the humans they are trying to impersonate: both bots and people spend the largest chunk of traffic between 8 a.m. and 4 p.m.

However, human traffic is sporadic, and bot traffic is quite consistent. We noticed this pattern in late-night activity — human traffic drops dramatically during the hours of 10 p.m. and 3 a.m., while bot traffic showed less variation. Conversely, during the early morning hours of 4 a.m. to 9 a.m., human traffic picks up much faster than bot traffic.

Fraudsters take their weekends off

Weekdays tend to have higher bot traffic volume than the weekends. On average, weekday bot traffic tends to be 21.2% greater than bot traffic on the weekends. For humans, weekday traffic is only 6.9% greater than weekend traffic.

But why is weekday traffic so much higher for bots? At the end of the day, although bots are largely automated, they still require oversight from their human operators. These individuals, like any employee at a corporation, most likely work on the weekdays and take their weekends off, causing a dip in bot traffic.

Look out for the holiday season

From an ad fraud perspective, holiday seasons are a particularly dangerous period for marketers and publishers. Bot traffic is at its highest during the holidays, with November seeing a higher volume than any other month of the year. Bot traffic in November is 22% greater than the bot traffic in October, and 57% greater than bot traffic in January.

Even within November, bot traffic grows as the month progresses, peaking in the fourth week. It then continues to stay high throughout December, making marketers particularly vulnerable to ad fraud and warranting extra protection against malicious bots during the holiday season.

Bottom line

Ad campaigns can be seriously impacted by timing — no matter the time of year. It’s crucial to ensure your brand’s ads are shown to real people, in the right place, and are free from fraud during this holiday season and as we enter the new year.

Download the IAS Fraud Trends Report now for more details, and click here to learn more about IAS’s ad fraud product suite.

The post How Does Bot Traffic Vary Over Time? appeared first on Integral Ad Science.

The State of Fraud in Private Marketplaces

IAS Team — Thu, 31 Aug 2023 23:59:00 +0000

The IAS Threat Lab evaluates fraud in PMP transactions

Marketers widely believe private marketplaces (PMP) create an environment that is resistant, or even immune, to ad fraud. Given the basis for creating a PMP relationship between trustworthy advertisers and publishers, it seems like this could be the case. Unfortunately, the inherent flaws in programmatic open marketplaces still manage to trickle down to PMP transactions.

What is a PMP?

A private marketplace is a digital marketplace where programmatic advertising transactions can take place between trusted and exclusive parties. Within PMPs, a publisher can invite an advertiser to participate in a private auction that occurs in a Real-Time Bid (RTB) environment. PMPs are essentially a programmatic relationship between a publisher and one or more advertisers, attempting to create a clean and trusted environment for premium ad space to be bought and sold.

PMPs are like a hybrid between traditional direct buying and programmatic. The open-ended nature of the auction is reduced by limiting the crowd of buyers. On the flip side, the benefits of RTB environments are still leveraged in order to facilitate an automated and seamless bidding process.

Why should advertisers use a PMP?

The use of PMPs has advantages and disadvantages. On the upside, advertisers can ensure they are paying for premium inventory on trusted publishers and inventory slots can be hand-picked for maximum consumer impact. Plus, along with the benefits of both programmatic and direct buying, content suitability and viewability metrics are assured to be positive—and fraud avoidance is also a likely result.

On the other hand, participation for advertisers in PMPs comes at a premium price point. PMPs also require significant manual interaction and are more time consuming than an open exchange, and there’s no guarantee of ad relevance or having a captive audience.

The assumption is that PMPs assure that advertisers can purchase premium inventory (albeit at premium costs), have their ads prominently displayed adjacent to appropriate content with positive viewability metrics, and lack typical fraud generating behavior.

Due to the benefits of brands being able to protect their reputations with more meaningful ad placements, PMPs have significantly grown in usage in recent years. This is why it is even more crucial to get to the core of the “fraud-free” assumption and understand what’s really at stake beyond placement.

The truth behind fraud in PMPs

To put it simply, PMPs can’t completely prevent fraud. Having evaluated IAS PMP data since the beginning of 2023, we discovered that PMP fraud occurs about 19% as often as it does on an open exchange, indicating there is truth to a lower volume of fraud comparatively. However, we also noted that the CPMs of fraudulent PMP transactions were consistently about 6% higher than they were for non-fraudulent PMP transactions.

While there’s certainly something to be said about a reduced fraud rate in PMPs, fraud actors are clearly aiming for higher CPMs with specific targeting of PMP transactions.

How could this be the case? Unsurprisingly, it all comes back to the thorn in every advertiser’s side: Bots. While the relationship between the advertiser and publisher may be trusted, this still does not prevent bots from eating up impressions by “visiting” any given domain. Plus, even trusted publishers may source traffic — and if that source hasn’t been fully vetted, it’s highly likely to contain fraudulent traffic. And a universal truth is that benign bots (or general invalid traffic) are mostly welcomed for services like SEO and indexing, which creates a significant volume of invalid impressions in PMPs, leading to direct losses for advertisers who participate in PMPs as a substitute for ad verification.

In addition to the significant portion of general invalid traffic in PMPs, we also noted a wide array of sophisticated invalid traffic, like user-agent spoofing, device spoofing, geo spoofing, and anomalous behavioral deviation.

By correlating these factors, we were also able to identify likely cohesive botnet traffic, indicating concerted efforts of fraud.

What can you do to avoid PMP fraud?

That’s where IAS can help. Our unique three-pillar approach uses machine learning and unmatched scale to provide the most accurate detection and prevention while most solutions rely on a simple automated check. The industry-leading fraud detection technologies offered by IAS continue to attract significant investment from marketers.

IAS captures up to 280 billion interactions daily from around the world, and trillions of data events are measured each month globally. We provide real-time fraud prevention for programmatic buys with pre-bid targeting segments that leverage MRC-accredited fraud technology. To learn more about our fraud prevention solutions, contact your IAS representative.

The post The State of Fraud in Private Marketplaces appeared first on Integral Ad Science.

IAS Threat Lab collaborates with Google to take down malicious app

IAS Team — Mon, 15 May 2023 13:05:45 +0000

The digital landscape is prioritizing privacy now more than ever before. Internet users worldwide understandably want to ensure security when browsing the web. However, fraud can be found anywhere – even in apps that may identify themselves as safe.

The Scheme:

The IAS Threat Lab recently uncovered an elaborate fraud scheme in a virtual private network (VPN) app targeting Android phones called Oko VPN. Developed by VIP Internet Security LTD., the app was labeled as a free VPN service that anonymizes a user’s web traffic and made available in the Google Play Store in July 2022.

In reality, Oko VPN was hijacking IP addresses, turning users’ phones into fraud-relaying devices. Any Android phone that installed the app unwittingly donated its IP address for use by Oko VPN to commit ad fraud. The fraudsters exploited the user’s IP address to mask the origin of traffic to send fake ad impressions to video streaming platforms. This IP hijacking scheme is referred to as “residential proxying.”

This app also posed a risk for illicit material/traffic going through users’ home networks, making it possible to make further attacks on users’ home networks – which emphasized the need to remove the app from the Google Play Store immediately.

The Takedown:

Upon detecting the malicious app in March 2023, the IAS Threat Lab contacted the Google Play Store team who conducted their own investigation and confirmed the Threat Lab’s findings. After the Threat Lab identified the scheme, IAS notified Google, which immediately removed the app and enforced Google Play Protect, which warns users and prompts them to uninstall the malicious app.

The Impact:

Oko VPN experienced exponential growth, with more than a million users at the time of its takedown. The Threat Lab team estimates that Oko VPN was generating approximately 100 million fraudulent impressions per month at the time of its removal from the Google Play Store. The team estimates that $10 million in advertiser spend was wasted on this scheme.

Fraud schemes like this are unfortunately quite common – and advertisers need to be aware. The IAS Threat Lab is constantly working to identify new and novel fraud schemes, protecting advertisers, publishers, and consumers from digital ad fraud.

IAS established the Threat Lab to provide targeted reconnaissance of new and emerging fraud schemes. The team employs data analysis and reverse engineering to uncover fraud schemes and determine how they work, which allows the team to protect advertisers, publishers and consumers, by working with partners and authorities to take down the fraudsters.

For details on the scheme, download the Technical Disclosure: Oko VPN.

DOWNLOAD NOW

The post IAS Threat Lab collaborates with Google to take down malicious app appeared first on Integral Ad Science.

Meet the IAS Threat Lab Team

IAS Team — Thu, 11 May 2023 09:00:00 +0000

Get to know IAS’s dedicated team of experts who find and stop fraud operations

Let’s talk about ad fraud. Unfortunately, fraud schemes are all too common to digital advertising — as much as we don’t want to admit it. Fraudsters go to great lengths to hide their operations and often turn to growing or emerging ad formats to carry out fraudulent operations, making it even more difficult to track them down.

That’s why the IAS Threat Lab is fighting more fraud than ever before.

Staffed with experts who identify and take down fraudulent activity, the team provides targeted research of new and emerging fraud schemes. The Threat Lab employs data analysis and reverse engineering to uncover fraud schemes and determine how they work, working with partners and authorities to take down the fraudsters and protect marketers.

Schemes are complex, so a multifaceted strategy must be used to combat fraud. That’s why IAS utilizes a three-pillar approach:

Rules-based detection uses automated rule checks to identify any anomalous behavior patterns
AI/Machine learning goes a step further using big data to detect any hidden, uncommon patterns
Data analysis and reverse engineering to uncover emerging threats

Concerned about fraudsters trying to steal your media spend? Don’t worry — the experts at IAS have it covered. The Threat Lab works diligently to ensure your ad dollars are protected from fraud schemes across the digital landscape.

To learn more about the Threat Lab, download the one sheet or reach out to your IAS representative today.

DOWNLOAD NOW

The post Meet the IAS Threat Lab Team appeared first on Integral Ad Science.

The IAS “Stop the Bot” Challenge

IAS Team — Thu, 02 Apr 2020 04:00:00 +0000

Looking for a technical deep dive? Skip ahead to our Methodology for a full breakdown of these results.

Last month, the IAS Threat Lab released our report on the 404bot, a domain-spoofing, malicious bot that we caught with our sophisticated fraud-detection technologies. While we’re glad to have discovered 404bot, the truth is that not all bots are bad. Some bots help put our technology to the test to ensure our bot detection and mitigation continues to be best in class.

Enter: Wombles.

The IAS Data Science Team has been working since late 2019 to perfect Wombles, a crawling bot that allows us to objectively measure the amount of invalid traffic that IAS technology blocks — and how the technology of our closest competitor stacks up. In fact, Wombles lives entirely outside of the IAS Threat Lab as an additional testing mechanism for our own technology, with no connection to our fraud product. Previously, Wombles was used as a brand safety training bot, but our engineers realized he made a great tester for bot traffic, as well. Rest assured, Wombles isn’t just some picture-perfect solution that we engineered to prove our point. As you’ll see shortly, even our technology wasn’t able to catch it immediately, as our models hadn’t been pre-trained to detect its behavior. However, the dynamic learning nature of our tech kicked-in quickly and Wombles didn’t stand a chance.

How does Wombles work? It functions as a pressure test for verification and firewall technologies that underlie IAS and competitive products. By placing Wombles, a relatively unsophisticated bot, on the same inventory and measuring whether it is flagged as valid or invalid traffic, we can determine the difference between IAS and our competitors. (Note: all bot traffic detection should be advanced enough to catch a bot like Wombles which is tasked with doing standard things such as mechanically visiting pages, scrolling around, and using a set of residential IPs to display human behavior.) Think of Wombles as a detective – helping us fight bot traffic by constantly challenging our bot mitigation technology and trying to outsmart it. Below, we can see the results of Wombles pressure testing IAS tech as well as that same pressure test for one of our competitors:

*Please note: Figures are based on monthly projections

These side-by-side graphics show clearly that IAS has a higher cumulative block rate, by a very long way, which means more protection and less wastage of ad spend on bots who don’t shop. But blocking more doesn’t always mean blocking better: under-sophisticated and over-cautious fraud strategies can cause you to miss out on safe, high-value impressions.

In order to conduct the most accurate comparative study, we have to factor out the human traffic that some of our overzealous competitors often flag incorrectly as fraud. The best way to make this distinction is by using a combination of deterministic bot mitigation combined with dynamic machine learning tactics, a pairing that is unique to IAS. Wombles works perfectly to judge this contest because it is a machine itself, so it mimics the behavior of malicious bots and provides a control for the human traffic that often inflates the results of these studies. The data above shows that as IAS models detect and learn from bot traffic schemes like Wombles, they’re able to drastically outperform models that don’t utilize machine learning in their tactics.

[Learn more about machine learning and the three pillars of ad fraud detection.]

__________________

The result? Across the board, IAS technology identified Wombles and began blocking the crawler within the first few hours of deployment. Competitor B, on the other hand, never blocked Wombles, clearly not using any dynamic machine learning.

__________________

Looking to learn more? We ran our study across 5 different industry verticals and found that an average of 90.8% more bot traffic was identified by IAS tech:

Automotive
Consumer Packaged Goods (CPG)
Finance
Pharmaceutical
Retail

*Please note: Figures below are all based on monthly projections

If you would like to skip the vertical breakdown, click here to download the full methodology and request a meeting with IAS.

Auto

CPG

Finance

Pharma

Retail

Thanks to the good work of Wombles, IAS is moving the industry toward a more transparent, better-protected future.

If you’re interested in reviewing the full methodology of the study, fill out the form below.

P.S. – Our findings are not limited to bot traffic. Select the checkbox in the below form to request a meeting with IAS for a personalized brand presentation. Discover how IAS can help you reduce wastage from fraud and protect your brand from unsafe content.

The post The IAS “Stop the Bot” Challenge appeared first on Integral Ad Science.

Have you seen this bot?

Sachin Murme — Mon, 02 Mar 2020 05:00:00 +0000

The IAS Threat Lab has brought the industry’s attention to a growing bot scheme called the 404bot.

Spotted in early 2018, this scheme is rooted in domain spoofing activities — the fake URLs are not easily detectable to the human eye. The bot is focused on targeting large and, more importantly, out-of-date Ads.txt files. The implementation of Ads.txt by publishers thus far has shown a dramatic decline in bad actors being able to abuse the ecosystem, but fraudsters are constantly evolving, and are now able to capitalize on unaudited Ads.txt files.

Thanks to our Threat Lab’s diligence, we were able to identify the sophisticated 404bot, and ensure that our clients, and the industry as a whole, are protected from the effects. It is crucial to continuously audit and update Ads.txt files to mitigate the 404bot threat.

If you have questions as to whether your campaigns were affected, please reach out to your IAS representative. Read more about the 404bot.

The post Have you seen this bot? appeared first on Integral Ad Science.