It’s fair to say that most of the marketing predictions for 2020 were somewhat scuppered by the Covid-19 pandemic. In fact, the International Monetary Fund (IMF) puts the global economic impact of the Coronavirus at $28 trillion. The have been of course, travel, tourism and hospitality. Oil and gas also saw a huge hit to income, as did auto parts as well as casinos and gambling. industries hardest hit But it hasn’t been bad news across the board. Industries that have boomed during Covid-19 include couriers and logistics services, home education and training, on-demand video streaming and communications. Digital services have had a good year, with stars such as TikTok, Zoom, Google Meet, HouseParty and Slack all making record profits. Put simply, if your sector was providing digital services for working from home, communications or online entertainment, you’ve probably had a good 2020. However, the dark side to this is that we’ve also seen a huge rise in the rates of digital crime in 2020. With more of us depending on efficient digital services to run our lives and our businesses, a fertile ground for enterprising fraudsters has continued to surge. Click fraud and ad fraud in 2020 2020 has seen a bumper year for click fraud and ad fraud. In fact, during the peak lockdown in March and April 2020, the rate of click fraud activity jumped 21% compared to normal according to . data from ClickCease This has been reflected in the increased reports of ad fraud and click fraud threats being identified. Many of these are thought to have been running for a while, but have seen their activity surge during the lockdown and pandemic. Active click fraud botnets that we’ve seen in 2020 include: 404Bot Hydra SourMint Tekya Many of these have been app based malware, often hidden in SDKs and side loaded into apps. However many are also data centre infections, with bots doing their dirty work from inside servers, allowing them to easily conceal their location and mask their behaviour. 2020 has also seen the resurgence of 404 Bot, an ad fraud botnet that takes advantage of flaws in the ads.txt scheme. By using a similar technique to the infamous botnets, 3ve and HyphBot, which also spoofed sites from ads.txt lists, 404 Bot is thought to have made at least 1.5 billion ad impressions since it’s discovery in 2018. Website spoofing is still one of the main ways for these fraud campaigns to monetize their efforts. And, despite the widespread adoption of ads.txt which was created to reduce incidences of website spoofing, we’re still seeing high volumes of fake views and impressions of video and banner ads. During 2020, 404 Bot has been joined by a growing roll call of malware based bots, resulting in a jump in the volume of click fraud this year. Fraudulent attribution Another worrying development is the use of publisher side ad deception. This was highlighted by that Breitbart has been working with other publishers to fraudulently list ads on it’s platform. This then gives those less than salubrious websites a way to keep themselves funded, and means some brands might find their message displayed on hate speech sites or similar. Zach Edward’s revelation Misuse of ads.txt is also responsible for low quality publisher inventory hosting display and video ads. These low quality publishers are also more likely to artificially inflate their traffic using automated or bulk bought channels. Interestingly, IAB, who created ads.txt and who manage it, maintain that this shouldn’t be possible in theory. They also hold the position that files are more often responsible for this fraud leak. poorly managed ads.txt But ad fraud expert Dr Augustine Fou maintains that, in fact, to find more ingenious ways to make money. ads.txt has helped fraudsters Again data from ClickCease suggests consistent fraudulent traffic throughout the year, with the trend definitely on the up. And another event that highlighted the perils of click fraud and ad fraud was the continued by Californian businessman Gurminder Singh. Singh alleges that Google knowling oversold the effectiveness of their fraud defenses and that fraudulent traffic on Google’s Ad platforms are rife with bots. The case continues… lawsuit against Google Where is click fraud heading in 2021? Short answer, upwards. As evidenced by the move to app based malware, the technology continues to evolve. For savvy developers, it’s an easy target and an effective way to make money. And despite several court cases against app developers and numerous exposés of SDK based malware, the figures point to a consistent trend in fraud growth during 2021, barring some major intervention from Google and co. To be clear, just because app based malware is hosted on an app, doesn’t mean it only affects ads in apps. These clever bits of code are part of elaborate schemes that can operate as part of a botnet to click on external websites, or carry out intensive click spam and click injection attacks on app installs and mobile websites. It’s not just apps and malware though. Rival business click fraud continues to be a problem, with competitors realising that they can click the competition off the SERPs. The legality of this has only recently become clear, with the act of vindictive clicking on ads now illegal, at least in the USA. And it is mostly Stateside where we have seen most prosecutions for click fraud and ad fraud. Although companies like Cheq and ClickCease obviously have products to sell, it seems that they do have plenty of testimonials to . back up their claims Putting up defences With all this fraudulent clicking, it might seem to the average marketer that programmatic advertising isn’t worth the hassle. Well, the problem is, it is still a hugely effective way of managing your marketing even if you are accounting for around 15-20% fraud on your ads. And although Google and co do offer some protection, it remains open to debate whether their efforts are effective or not. The truth is that currently the only way to really block fraudulent clicks is by using one of the many click fraud prevention packages on the market. As well as this, advertisers should always check ads.txt lists on websites they want to publish on and keep a close eye on their analytics dashboard to monitor suspicious activity.

Discovery

Google

Slack

Target

Ask me about your content strategy

Read My Stories

Too Long; Didn't Read

Questions about cloud security? Get answers here.

Marketing in 2021: COVID, Click Fraud, and What To Do About It

Too Long; Didn't Read

Companies Mentioned

Oliver Lynch

About Author

TOPICS

THIS ARTICLE WAS FEATURED IN...

Marketing in 2021: COVID, Click Fraud, and What To Do About It

Too Long; Didn't Read

Companies Mentioned

Oliver Lynch

About Author

TOPICS

THIS ARTICLE WAS FEATURED IN...

RELATED STORIES