Digital Advertising Is A $Billion Ripoff

A new report says Internet advertising revenues in the US totaled $107.5 billion for full-year 2018, the first time that figure has topped $100 billion. The report, commissioned by the Interactive Advertising Bureau (IAB) and conducted by PwC, said revenue in 2018 was 21.8% higher than full-year 2017 revenue of $88.3 billion.

That double-digit growth in Internet advertising comes as TV advertising increased 1.4% and radio grew 1% from 2017 to 2018, according to the report.

Meanwhile, newspaper advertising decreased 6.9% and magazine advertising fell 2.1% in 2018 year over year. But the problem has ramifications for more than just the digital advertising market.

Digital ad revenue provides much of the financial underpinning of e-commerce and online-based businesses. Media agencies suffer when their analytics tools report a substantial amount of web traffic, but the amount of revenue doesn’t support the number of visitors tracked by their systems.

Online ad fraud has become so profitable that malware creators and botnet masters are developing new programs and theft techniques in order to keep making a profit, according to Michael Tiffany, president and co-founder of the bot detection company White Ops.

“To make money, the bad guys make it look like there are more people looking at ads than there really are,” he said. “This is a big deal because other crimes leave evidence. You might have missed a ransomware infection, but someone asks for bitcoin…But ad fraud succeeds by going unnoticed.”

Scams works in myriad of ways, though every method depends on advertising ecosystem’s inherent complexity.

There could be as many as nine different companies involved in the chain of serving one web user with a single ad, and every one of those transactions presents an opportunity for scammers to get involved, said Amy King, vice president of product marketing for Pixalate, an ad technology company.

One technique, called ad spoofing, exploits advertisers’ inability to directly place ads on the websites with audiences they are trying to reach. Advertisers buy ad space in a real-time auction for sites that look like known, trusted media outlets, but in fact are set up by scammers. A site that may look like ESPN or the New York Times, for example, might in fact be a much less reputable page that receives hardly any traffic.

It’s also common for fraudsters to inflate ad numbers via pixel stuffing, when an ad is hidden in a picture. Then there’s ad stacking, which occurs when multiple ads are hidden under a single banner or display.

These are just a sample of the perhaps dozens of techniques scammers have developed over the past decade, and more methods are in the works now.  But ad fraud has become the most profitable form of cybercrime today mostly because of the way scammers leverage botnets.

Technique

One common technique works like this: A web user clicks on a malicious link in a phishing email, unwittingly infecting their computer with malware. The hackers who control that malware use it to call up an invisible web browser on that user’s machine without their knowledge, and visit junk websites or click on advertisements.

That hacked computer is one of perhaps millions of legitimate machines controlled as part of a botnet that scammers use to inflate web traffic and ad impressions, meaning advertisers are paying for access to humans who don’t exist.

Scammers, impersonating legitimate companies, also sell their fake traffic to real publishers trying to attract as many engaged visitors as possible, in order to satisfy advertisers. Meanwhile fraudsters are cashing in from both sides.

Google’s Problem

Unchecked Internet fraud isn’t just a problem for advertisers and publishers, it also represents an “existential” threat to Google, said Per Bjorke, a senior product manager who leads Google’s ad traffic quality team. A large portion of the company’s business relies on advertising revenue and, if clients cease to trust the advertising ecosystem, that spells trouble for Google’s short and long term plans, Bjorke said.

“It’s very simple,” he said. “The future growth of Google and other companies hinges on the fact that online advertising is trusted, and that there will be a return on investment on ad budgets … It’s very important for us because people could stop investing in advertisements.”

The same is true for publishers and the ad industry overall. Some solutions are available, though there’s no single way to stop scammers from skimming off the top.

CyberScoop:      CNBC:        IAB:     Image: Nick Youngson

You Might Also Read:

Social Media & The New Advertising Model (£)

The Big Online Advertising Swindle:

 

 

« A Predictive Tool For Armed Police
Two Years After WannaCry Severe Risks Remain »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

BMC Software

BMC Software

BMC provide solutions for IT service management, Cloud management, IT workload automation, IT operations, and mainframe system management.

Law Enforcement Cyber Center (LECC)

Law Enforcement Cyber Center (LECC)

LECC is designed to assist police, digital forensic investigators, detectives, and prosecutors who are investigating and preventing crimes that involve technology.

Certes Networks

Certes Networks

Certes Networks offers an encryption management solution that can be seamlessly integrated and is interoperable with any network.

FIDO Alliance

FIDO Alliance

FIDO Alliance is a non-profit organization formed to address the lack of interoperability among strong authentication devices.

AMETIC

AMETIC

AMETIC, is the Association of Electronics, Information and Communications Technologies, Telecommunications and Digital Content Companies in Spain.

Introspective Networks

Introspective Networks

Introspective Networks (IN) is a Cybersecurity company focusing on securing data in the network and automating knowledge work to decrease vulnerability points to critical infrastructure.

Data443 Risk Mitigation

Data443 Risk Mitigation

Data443 Risk Mitigation provides next-generation cybersecurity products and services in the area of data security and compliance.

TypingDNA

TypingDNA

TypingDNA uses AI to recognise people by the way they type on desktop keyboards and mobile devices.

SWAT Systems

SWAT Systems

SWAT Systems is an IT support and cyber security managed service provider.

Deepwatch

Deepwatch

deepwatch’s cloud SecOps platform and relentless customer focus are redefining the managed security services industry.

PurpleSynapz

PurpleSynapz

PurpleSynapz provides hyper-realistic Cyber Security Training with a modern curriculum and Cyber Range.

Madrona Venture Group

Madrona Venture Group

Madrona Venture Group invests in seed and early-stage technology companies in areas including cybersecurity.

AdaCore

AdaCore

AdaCore is focused on helping developers build safe, secure and reliable software.

Mitnick Security

Mitnick Security

Mitnick Security is a leading global provider of information security consulting and training services.

Lupovis

Lupovis

Lupovis is an AI-based deception solution that deploys active decoys turning your network from a flock of sheep to a pack of wolves where the hunter becomes the hunted.

KTrust

KTrust

KTrust provides Continuous Threat Exposure Management for Kubernetes environments.