Following an operation by the FBI, Google, Symantec and bot-detection experts, one of the most sophisticated and widespread digital ad frauds ever has been taken down. Advertisers – both major brand owners and small businesses, were robbed of millions of digital ad money. The fraud was simple but creative. The crooks created thousands of fake websites which then took bids to display ads, via most of the main ad networks. They then used bots to generate fake click-throughs and eyeball, that enabled them to collect revenue from the advertisers for all of the fake traffic to the websites. They made it seem like people were genuinely visiting the websites, and simulated human-like browsing behaviour such as making it look like a mouse was scrolling up and down the page or starting and stopping a video player.
The first scheme, named 3ve, netted over $7 million in advertising revenue in two years. The second scheme infected 1.7 million computers with a Trojan virus. These computers, owned by ordinary unsuspecting people, would then be used to run a hidden browser that loaded the fake websites and generated anywhere between 3 and 12 billion ad bids per day netting the crooks a further $29 million.
Google said that 3ve’s sheer size and complexity posed a “significant risk not just to individual advertisers and publishers, but to the entire advertising ecosystem”. Although this network has been taken down, there are still many more problems with digital advertising – the cost of ad fraud affects everyone, marketers and consumers alike.