By the fall of 2016, it was clear that Methbot – an advanced bot signature that generates phony, nonhuman traffic – had scaled into a sophisticated threat unlike anything the digital media industry had ever seen. It was proliferating by using an army of automated web browsers run from fraudulently acquired IP addresses, also known as spoofed domains, which are designed to look like premium publisher inventory. This allowed the Methbot operation to “watch” as many as 300 million video ads per day on falsified websites and siphon millions in real advertising dollars from the media industry.
Methbot uses everything from mouse movements to social media logins to geolocation data to make its fictitious bot behaviors closely imitate the actions of real users.
Based on the current data available, Methbot is reeling in a staggering $3 to $5 million USD per day in 2017. Its primary target is the more than 6,000 domains that are part of the premium segment so that it can capitalize on premium ad rates, which range from $3 to $37 USD per thousand impressions. Using 570,000 bots, it has exploited 250,267 distinct URLs and consistently succeeded in winning premium ad dollars by outbidding premium players. No wonder Methbot has become a serious drain on publishers, who are losing premium ad revenue and experiencing a worrisome dilution of their brands.
The impact for advertisers: paying handsomely for fake eyeballs
Advertisers are also taking a massive hit, given that up to a quarter of all digital media spend is lost to fraud, according to a recent report. Last year Methbot alone was producing as many as 137 million bogus impressions per day and nearly five billion daily bid requests on myriad platforms. As advertisers become more aware of how much bot-fueled ad traffic they’ve been paying for – the Interactive Advertising Bureau (IAB) estimates it’s costing the US media industry $8.2 billion each year – they’re also looking to address fraud and make certain that their premium ad dollars aren’t wasted.
We recently highlighted Razorfish’s in-depth report on how advertisers can combat ad fraud on CDOMethod. The good news is that Methbot has forced many players in the ad tech industry to take swift action to root out fraudsters. For example, Michael Green, VP of AudienceScience, a leading SaaS-based advertising automation provider, reports that the company is working with multiple ad fraud and viewability vendors to make sure its customers aren’t being scammed. As a result, Greens says AudienceScience has given up only $1.20 for every $10 million of media spend to Methbot.
That’s heartening to hear, but let’s look at the other side of the coin. Can publishers minimize the impact of fraud to the same degree? What are the must-dos for publishers beyond basic steps like checking vendor seals?
Six things publishers can do to prevent ad fraud and ensure a clean domain
With a growing number of advertisers like Proctor & Gamble stating that they will only pay for certified human traffic, the value of a clean site is on the rise. That means it behooves publishers to take comprehensive measures to demonstrate that’s exactly what they have – an authentic digital identity with well-proofed content. In the order of importance according to our experience at Theorem, here are six ways that AdPushup recommends that publishers can guard their brand credibility and secure their sites against Methbot and other fraudsters:
- Embrace third-party traffic assessment tools. Reassure buyers by letting them track performance – including viewability, engagement, and bot detection – with third-party tools accredited by the Media Ratings Council (MRC). Also, bring on reputable fraud prevention vendors like comScore and WhiteOps that are certified by Trustworthy Accountability Group (TAG). And finally, maintain billing transparency by never charging for fraudulent impressions.
- Keep a close watch over sourced traffic. There’s no getting around this fact: traffic from third-party sources is three times more likely to contain bots than unsourced traffic. Eliminating sourced traffic altogether will obviously reduce fraud, but if that’s not possible, it’s imperative that publishers proactively monitor each traffic source and willingly share relevant details with their buyers and exchanges.
- Favor direct selling whenever possible. Compared to programmatic display/video advertising, direct sold inventory has a significantly lower rate of ad fraud. The 2015 Bot Baseline Study by ANA/WhiteOps found that direct video ads, where measurable, were 59 percent less likely to have bots than the study average. Direct display ads were 14 percent less likely to have bots. The most bot-infested of all, according to the study? Programmatic video ads.
- Work to stop ad injections. Increasingly, ads are being inserted into apps or webpages without the publisher’s consent, usually by a client-side browser extension or adware program. The fraudster earns money for the impressions, and the publisher ends up with distorted metrics and a poor user experience. The top safeguards against this form of fraud involve moving the publisher domain to HTTPS and scanning for malware regularly.
- Diligently monitor for content scraping. What’s worse than a fraudster stealing original content and posting it on another site? Having that fraudster make money off the scraped content with ads. Stay vigilant using tools such as Copyscape and Google Alerts, and take action against perpetrators. Options include asking the web host to take down the illegitimate site or filing a Digital Millennium Copyright Act (DMCA) complaint via Google Webmaster Tools.
- Partner with IQG certified networks to promote brand safety. Many marketers don’t want their ads to appear in conjunction with inappropriate content, which is why TAG IQG developed guidelines for brand safety. Selling inventory via IQG certified networks and exchanges – including AppNexus, OpenX, Sovrn, AOL , and Index Exchange – helps to reassure brands that your domains are authentic and brand-safe.
How the digital media industry moves forward in the Methbot era
Given how lucrative it is, digital ad fraud is likely here to stay, and the industry must continue to evolve along with the latest ploys by fraudsters. For publishers, the biggest key is putting a priority on maintaining and direct selling a clean inventory that is verified by proactive monitoring, third-party traffic assessment tools, and ongoing fraud detection efforts. Publishers should also invest in brand safety and the rapid discovery of spoofed domains, ad injections, and scraped content.
Since most advertisers know that publishers have done nothing wrong, it is our opinion there’s no need to panic about rebuilding trust. What the entire industry needs to work together to solve, however, is the lingering problem of losing premium bids to fraudsters like Methbot. This doesn’t just hurt publishers – it erodes the value of the entire digital media supply chain.