DV Uncovers New Bot Methodology for Falsified Websites

DV recently released updates to our IQ Fraud Advanced solution to include protection from Falsified Website bots — a form of fraud that involves a high volume of impressions generated by bots that are often being attributed to legitimate, premium publisher domains.

DV IQ Fraud Advanced services and IQ Pre-Bid solutions currently protect against this form of bot fraud. The following post provides more details about how this type of fraud occurs and the DV protection against it.

How are Falsified Website Bot Fraud impressions manufactured?

The Adweek article describes the impressions as being injected onto the publisher pages, but based on DV analysis this doesn’t accurately reflect how the fraudulent impressions are manufactured. Site falsification is a new tactic of fraudulent bot behavior, where bots mask their true serving domains and manipulate the ad impression to appear that it is served on a premium website. The bot actually serves the page from their own server, falsifying the page to appear as if it originated from the publisher’s web server, even though the bot never visited the publisher’s website. Using a combination of sophisticated machine learning, anti-fraud code and DV-patented iframe-breaking technology, DV is able to distinguish between the legitimate website traffic and the falsified website bot traffic. With this advanced real-time identification DV provides maximum protection and prevents both ads from being served and the side-effect of false attribution of fraud to the publisher that was victimized.

Where are Falsified Website Bot Fraud impressions served?

Through analyzing billions of impressions in both pre-bid and post-bid environments, DV has determined that the bots are generating traffic on a variety of websites including a mix of premium, non-premium and long-tail sites—all in an effort to mimic what would be considered “normal” human browsing patterns. As in the Adweek article we have seen these fraudulent impressions mimicking major sports sites. However, DV has observed these same bots impacting a diverse set of premium and non-premium content sites. For example, while nfl.com was the top site victimized by Falsified Website Bot Fraud last week, the second and third most victimized sites were tutsplus.com and investopedia.com.

How does DV reporting protect Publishers?

In the DV Pinnacle analytics platform, DV ensures that impression is not incorrectly attributed to the victimized website. When our measurement code identifies an impression with this form of fraud we attribute it to falsified-website.com. Doing this provides two key benefits:

• In site-level reporting, this form of bot fraud is aggregated into a separate site entry for ease of analysis and evaluation.
• In site-level reporting, this activity is not attributed to the victimized website and ensuring that publishers are only being evaluated for the traffic that is under their control.

Why are fraudsters committing Falsified Website Bot Fraud?

There are a few reasons why Bots are committing Falsified Website Bot Fraud. First, Bots that visit well-known websites exhibit a more human-like traffic pattern, which makes them more difficult to identify and prevent. Second, selling the impressions as originating from premium websites increases the revenue stolen by fraudsters. Brands are susceptible to paying more for the opportunity to have their ads appear on these types of sites, especially when they can be purchased programmatically at a perceived discount from the publisher-direct price. By mixing premium websites and non-premium websites the fraudsters deliver a traffic pattern that seems normal and generates a much higher yield than simple directing bot traffic to their owned and operated, unbranded properties.

How does DV detect this fraud?

DV Fraud Lab and security experts examine and reverse engineer live malware samples to identify new methods and schemes using advanced obfuscation and masquerading techniques to avoid counter-detection by the bot operators. This invaluable telemetry, combined with our vast pre-bid and post-bid impression-level data collection enables the rapid development of the identification techniques necessary to bring realtime scalable protection from the fraudulent activity of Bots and Malware.

Is viewability measurement affected?

Like other forms of sophisticated bots, the fraud in this scheme often attempts to manipulate different kinds of measurements. The DV Fraud Lab has exclusively identified the techniques used by these bots that attempt to make the ad impressions appear more viewable. The sophisticated bots are altering elements like ad location, tab foreground/background information and browser details in an attempt to maximize viewability and appear more human-like.DV’s measurement code identifies these manipulation attempts in real-time, blocks them, and reports the impressions as SIVT thus preventing the impressions from being considered eligible for viewability.

Will ads.txt help solve this?

Falsified Website Bot Fraud is an insidious form of fraud for advertisers and website publishers alike but it is especially problematic for publishers because they are the victim of this fraud. It siphons ad dollars from brands attempting to buy impressions on their sites and, when reported by other fraud vendors, impugns their reputation by making the fraud appear in reporting as if it originated from their website. DV supports the IAB’s ads.txt initiative and the impact it can have to fight this type of fraud. While still in the early stages of adoption by publishers and enforcement by platforms, it is clear that any website owner that implements ads.txt significantly reduces the risk of having its website falsified by fraudsters. As part of DV’s commitment to transparency and supporting the ads.txt initiative, DV has begun incorporating ads.txt information into our SIVT algorithms and analytics. Although early in the adoption curve, the rapid movement of publishers and platforms towards implementing ads.txt support can speed to prevention of this type of fraud.

How DV protects you

DV is uniquely able to segregate impressions served by these bots from impressions served on the websites they’re attempting to mimic—ensuring that illegitimate impressions faked on legitimate websites do not impact the performance reported by DV on those websites. DV uses sophisticated AI techniques, machine learning, real-time code signatures and DV patented iframe-busting technology to distinguish between the real domain and the false domain. This distinction ensures the publishers whose websites are being falsified by the fraudsters are not wrongly blamed for the bot impressions—this is also unique to DV and emphasizes our commitment to a fair, transparent, marketplace. DV Omni tag detection provides stronger protection across multiple environments and this fraud method, unlike others, is not limited to desktop—it occurs in both desktop and mobile web. Furthermore, DV is actively working with our programmatic partners to ensure any bot observed committing this fraud is updated in the programmatic environment in near real time (~100 times each day) so that buyers can avoid purchasing impressions originating from these bots.