ad-tech firm says it has discovered a large and sophisticated
advertising-fraud operation in which fake websites and infected
computers were used to scam advertisers and publishers out of
upward of hundreds of thousands of dollars a day.
Adform, identifier of the scheme, named it “Hyphbot” and estimates
that it has been going on since at least August.
to Adform, the fraudsters behind the Hyphbot scheme created more
than 34,000 different domain names and more than a million
different URLs, many designed to attempt to fool advertisers
into thinking they were buying ad
inventory from big-name publishers such
as the Economist, the Financial Times, The Wall Street Journal
and CNN. It is a tactic
known in the industry as “domain
perpetrators then generated a wave of nonhuman, or “bot,”
traffic that loaded the fraudulent sites, which made money
mostly through video ads. Video ads are lucrative because they
carry higher rates than other online display ads.
traffic is a serious issue for advertisers because it means they
have wasted money buying ads that were served to computer
programs, rather than real people who might go on to purchase
their products. And real publishers get cheated out of potential
says much of the impact of the scheme could have been thwarted
if publishers and ad-tech companies had implemented and kept
up-to-date with a new industry initiative called Ads.txt, which
is designed to stamp out domain spoofing.
investigation suggested that the people behind Hyphbot used a
network of data centers and unwitting consumers’ computers,
infected by malware, to access more than half a million IP
addresses, mostly from the U.S., to mimic real browsing behavior
on the network of fake sites.
suspicious URLs were presenting themselves in ad auctions via at
least 14 different ad exchanges at a rate of up to 1.5 billion
requests to ad buyers a day.
began informing the majority of ad exchanges affected on Sept.
28, two days after it began its analysis. Since then, it has
seen a reduction in the fraudulent traffic, although Hyphbot is
still believed to be active. Adform also informed the Federal
Bureau of Investigation in the U.S. and Metropolitan Police in
the U.K. Adform’s full findings were independently reviewed by
two industry experts before the publication of the white paper.
Slade, the chief commercial officer of the Financial Times, said
the publisher was “not surprised” to hear of another fraud
scheme based around spoofing. Last month, the
Financial Times ran its own investigation and
found 25 ad exchanges had been offering fraudulent ad space,
purporting to be from FT.com.
are urging all actors in the supply chain to urgently implement
and adopt the Ads.txt standard,” Mr. Slade said. “It’s one of
the best bets for a cleanup that we have.”
Jones, the unit of News Corp that includes The Wall Street
Journal, said it implemented Ads.txt about a month ago and
echoed the FT’s sentiment that solving the larger problem
“requires the participation of all parties involved.”
spokesman for Turner, the Time Warner unit that operates CNN,
said it also implemented Ads.txt earlier this year.
Economist declined to comment.
is difficult to extrapolate exactly how much money the scheme
has made so far. Adform describes Hyphbot as “likely the biggest
bot network” to hit the online ad industry. Jay Stevens,
Adform’s chief revenue officer, gave a “conservative” estimate
that, at its height, the scheme could have been generating at
least $500,000 a day.
December, ad-fraud detection firm White Ops discovered a Russian
ad-fraud operation called Methbot that it said was defrauding
U.S.-based online advertisers of more
than $3 million a day, a figure that some in the
industry say was overstated.
has the potential to be “three to four times” bigger than
Methbot because it spoofed more web domains and used a larger
bot network to generate the fake traffic, according to Adform’s
research findings, outlined in a white paper published Tuesday.
estimated $6.5 billion in ad spending is expected to be wasted
this year due to fraud, according to a report released in May by
White Ops and the Association of National Advertisers. But, that
amount is down 10% from 2016, suggesting some
industry efforts to tackle the problem may
is a mechanism that allows publishers to display to ad buyers
all the legitimate sellers of their ad inventory via a text file
on their websites. Buyers and their ad-tech vendors can crawl
those files —such
as thisone from WSJ.com—and know to only to buy a
particular website’s ads from those listed sellers.
than 36,000 web domains have adopted Ads.txt since it was
introduced five months ago by the Interactive Advertising
Bureau, the U.S. trade body said.
adopting Ads.txt isn’t a full solution. It requires everyone
else in the chain—from ad buyers to demand-side platforms and ad
exchanges—to sign up and ensure the files are updated and
scraped regularly in order for the initiative to work
from Ads.txt, Adform has also listed other suggested remedies in
its Hyphbot white paper, which include encouraging ad-tech
vendors to check their data warehouses for suspicious patterns
of bid requests outlined in its report and shutting off