Digital Advertising Is A $Billion Ripoff

Uploaded on 2019-06-05 in TECHNOLOGY-Key Areas-Social Media, FREE TO VIEW

A new report says Internet advertising revenues in the US totaled $107.5 billion for full-year 2018, the first time that figure has topped $100 billion. The report, commissioned by the Interactive Advertising Bureau (IAB) and conducted by PwC, said revenue in 2018 was 21.8% higher than full-year 2017 revenue of $88.3 billion.

That double-digit growth in Internet advertising comes as TV advertising increased 1.4% and radio grew 1% from 2017 to 2018, according to the report.

Meanwhile, newspaper advertising decreased 6.9% and magazine advertising fell 2.1% in 2018 year over year. But the problem has ramifications for more than just the digital advertising market.

Digital ad revenue provides much of the financial underpinning of e-commerce and online-based businesses. Media agencies suffer when their analytics tools report a substantial amount of web traffic, but the amount of revenue doesn’t support the number of visitors tracked by their systems.

Online ad fraud has become so profitable that malware creators and botnet masters are developing new programs and theft techniques in order to keep making a profit, according to Michael Tiffany, president and co-founder of the bot detection company White Ops.

“To make money, the bad guys make it look like there are more people looking at ads than there really are,” he said. “This is a big deal because other crimes leave evidence. You might have missed a ransomware infection, but someone asks for bitcoin…But ad fraud succeeds by going unnoticed.”

Scams works in myriad of ways, though every method depends on advertising ecosystem’s inherent complexity.

There could be as many as nine different companies involved in the chain of serving one web user with a single ad, and every one of those transactions presents an opportunity for scammers to get involved, said Amy King, vice president of product marketing for Pixalate, an ad technology company.

One technique, called ad spoofing, exploits advertisers’ inability to directly place ads on the websites with audiences they are trying to reach. Advertisers buy ad space in a real-time auction for sites that look like known, trusted media outlets, but in fact are set up by scammers. A site that may look like ESPN or the New York Times, for example, might in fact be a much less reputable page that receives hardly any traffic.

It’s also common for fraudsters to inflate ad numbers via pixel stuffing, when an ad is hidden in a picture. Then there’s ad stacking, which occurs when multiple ads are hidden under a single banner or display.

These are just a sample of the perhaps dozens of techniques scammers have developed over the past decade, and more methods are in the works now.  But ad fraud has become the most profitable form of cybercrime today mostly because of the way scammers leverage botnets.

Technique

One common technique works like this: A web user clicks on a malicious link in a phishing email, unwittingly infecting their computer with malware. The hackers who control that malware use it to call up an invisible web browser on that user’s machine without their knowledge, and visit junk websites or click on advertisements.

That hacked computer is one of perhaps millions of legitimate machines controlled as part of a botnet that scammers use to inflate web traffic and ad impressions, meaning advertisers are paying for access to humans who don’t exist.

Scammers, impersonating legitimate companies, also sell their fake traffic to real publishers trying to attract as many engaged visitors as possible, in order to satisfy advertisers. Meanwhile fraudsters are cashing in from both sides.

Google’s Problem

Unchecked Internet fraud isn’t just a problem for advertisers and publishers, it also represents an “existential” threat to Google, said Per Bjorke, a senior product manager who leads Google’s ad traffic quality team. A large portion of the company’s business relies on advertising revenue and, if clients cease to trust the advertising ecosystem, that spells trouble for Google’s short and long term plans, Bjorke said.

“It’s very simple,” he said. “The future growth of Google and other companies hinges on the fact that online advertising is trusted, and that there will be a return on investment on ad budgets … It’s very important for us because people could stop investing in advertisements.”

The same is true for publishers and the ad industry overall. Some solutions are available, though there’s no single way to stop scammers from skimming off the top.

CyberScoop:      CNBC:        IAB:     Image: Nick Youngson

You Might Also Read:

Social Media & The New Advertising Model (£)

The Big Online Advertising Swindle:

 

 

« A Predictive Tool For Armed Police
Two Years After WannaCry Severe Risks Remain »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Via Resource

Via Resource

Via Resource specialise in Information and Cyber Security recruitment in the UK, Europe and USA.

ADF Solutions

ADF Solutions

ADF Solutions is a leading provider of digital forensic and media storage exploitation tools.

Certes Networks

Certes Networks

Certes Networks offers an encryption management solution that can be seamlessly integrated and is interoperable with any network.

CERT-UA

CERT-UA

CERT-UA is the national Computer Emergency Response Team for Ukraine.

National Cyber and Information Security Agency (NUKIB) - Czech Republic

National Cyber and Information Security Agency (NUKIB) - Czech Republic

NUKIB is the central Czech government body for cyber security, the protection of classified information in the area of information and communication systems and cryptographic protection.

Dell Technologies

Dell Technologies

Dell Technologies Consulting Services enables a highly resilient business amidst the proliferation of cloud-based IT services and constant threats to your most critical information.

Quantea

Quantea

Our multi-patented solutions - QP Series Network Analytics Accelerator appliance and PureInsight Analytics Software Suite allows you to capture, analyze, store, replay, network traffic data.

Startup Wise Guys

Startup Wise Guys

Startup Wise Guys is a mentorship-driven accelerator program for early stage B2B SaaS, Fintech, Cybersecurity & Defense AI startups.

Kinnami Software

Kinnami Software

Kinnami is a data security company that equips organizations with the tools they need to secure and protect highly confidential documents and data.

Spamhaus

Spamhaus

Spamhaus is the world leader in supplying realtime highly accurate threat intelligence to the Internet's major networks.

GateKeeper Enterprise

GateKeeper Enterprise

The GateKeeper Enterprise software is an identity access management solution. Automated proximity-based authentication into computers and websites. Passwordless login and auto-lock PCs.

Data Privacy Office (DPO)

Data Privacy Office (DPO)

Data Privacy Office is a company that specializes in privacy and personal data protection, following the highest standards in its sector.

Quantum Armor

Quantum Armor

Quantum Armor is a next-gen cyber security monitoring platform that allows you to continuously stay aware of your security posture, and proactively spot trends, vulnerabilities and potential attacks.

Trusted Cyber Solutions

Trusted Cyber Solutions

Trusted Cyber Solutions is an independent Cyber Security and Risk Management consultancy.

Jericho Security

Jericho Security

Jericho Security is on a mission to defend the world from the new threats of generative AI cyber attacks.

Theori

Theori

Theori tackles the most difficult cybersecurity challenges from an attacker’s perspective and conquers them as the best strategic security experts.