By Amit Joshi on August 28, 2017
MTS: How do large online shopping events like Cyber Monday play into a cyber fraudster’s plan?
Amit Joshi: Online shopping events such as Cyber Monday are susceptible to large scale Cookie Stuffing attacks – a method by which an affiliate steals credit for an install they had no credit in driving (either organic or belonging to another channel/affiliate). This is accomplished by dropping a cookie on the user’s device without the user’s knowledge when they visit the bad actor’s website. Companies like Amazon are a prime target for Cookie Stuffing as the technique is accomplished through dropping cookies on a user to simulate a click and then hoping that the user converts within the given attribution window. Essentially this is a game of chance, and everybody uses Amazon, so the chances of successfully committing fraud are much higher. For non-affiliate (i.e. display/video buys) the fraudster may be able to more easily monetize botnet traffic as advertisers lower their risk tolerances and start buying more long-tail traffic in favor of reach.
MTS: What does Forensiq look for when determining online ad fraud?
Amit: Cookie Stuffing: Forensiq uses a multi-layered approach analyzing the user’s path from ad impression to conversion, looking at factors like time to conversion, click velocity, and distribution. We are also able to analyze how the landing page is loaded (i.e. forced clicks) by analyzing the page for anomalies, interaction, viewability and other factors.
- Bots: Forensic uses a three pronged approach –
- User level pattern analysis
- Integrations with RTB ad exchanges and platforms where Forensiq is monitors every request and is able to get a full view of the ecosystem. Real-time machine learning algorithms are implemented at the user (device) and app level to build browsing profiles which are separated into human and non-human.
- Velocity patterns to identify irregular activity from users. These patterns are consistent with ads being run in the background or through other automated means.
- JS Tag: Forensiq’s JS tag captures the digital forensics of the user, which are stored on the IP level and aggregated in real-time for each request.
- IP Analysis: Monitor for illegal activity like use of hosting providers/proxies to generate impressions from mobile ad farms and emulated devices.
- User level pattern analysis
MTS: What is Forensiq’s vision of a fraud-free advertising ecosystem?
Amit: A fraud free ecosystem is one in which the ability to commit fraud is minimized so that there is no material impact on advertisers. The reason we say ability to commit fraud, as opposed to fraud itself, is because where there is money bad actors will try and steal it. So, no fraud is unrealistic, but having ways to detect fraud that effectively mitigate the risk would be realistic!
MTS: What are some patterns of fraud that are hard to detect for vendors like you?
Amit: One struggle is integrating in a pre-bid environment where there is not necessarily a browser in which JS can be deployed. In these scenarios, we are reliant on the information being passed in the bid to detect fraud, however, this information may be faked e.g. domain or bundle ID spoofing.
MTS: Tell us a little bit about mobile device hijacking and the precautions a user can take to prevent it?
Amit: Mobile Device Hijacking is an app that serves ads, but may have been modified by the publisher or another incentivized party to serve ads at a much higher rate under certain circumstances, many of which are hidden from the user. Ad fraud characteristics are determined by a pre-set ad fraud refresh rate, in many cases with the app starting to request ads as soon as the device boots.
Precautions users can take:
- Read both app store ratings and reviews before downloading
- Monitor data usage from your apps
Read the permissions you are giving apps! (i.e. don’t allow it to run in the background unless if necessary, limit when the app is able to get location data etc)
MTS: Thanks for chatting with us, Amit.
Stay tuned for more insights on marketing technologies. To participate in our Tech Bytes program, email us at firstname.lastname@example.org