Fraud As Old As Time... Digital's The Perfect Crime

If the theme song to Beauty and the Beast immediately came to mind, that was the intended effect -- "a tale as old as time ...." But this time is no time to break out in song. Digital ad fraud's been going on too long. While you've seen some cases of fraud being outed. More advertisers should realize their campaigns should be doubted. Fraud's indeed as old as time. But the last ten years have shown that digital's the perfect crime.

Since everything is just bits and bytes, and results are delivered via spreadsheets and dashboards, it's never been easier to commit the crime and get away with it. There are no guns to load on trucks, no cocaine to transport through tunnels, and no money bags to carry out. Cybercriminals don't even have to make the bots or plant the malware themselves; someone else does that for them and they just need to "rent time" on botnets and pay for what they use, just like cloud computing. They merely have to create the illusion that ads ran or fabricate spreadsheets to say this many ads ran, when no ads were run at all.

Boris, Daniel, Asher, and Matt

You may not remember, but I do... over the years, we've seen fraudsters so famous you'd know them just by their first names, just like celebrities. They boasted of all the traffic they made and the fancy cars, homes, and yachts they bought with the proceeds, with no fear of getting caught. Each of the examples here contain links to the original articles, so you can read all the details of the investigations.

In 2013, Boris from Brooklyn , "freely admits he buys many of the visitors to his websites.?Two fraud-detection firms ... found that 94 percent of the visitors were bots; the other put the bot traffic at 74 percent. Boris didn’t dispute the findings or appear at all concerned. “If I can buy some traffic and it gets accepted, why not?” he says. And if advertisers don’t like it, he adds, “they should go buy somewhere else. They want to pay only a little and get a lot of traffic and results. If they want all human traffic, they should go direct to the publisher and pay more.”?He got away with it.

Daniel created browser extensions that "injected ads and generated massive amounts of invalid traffic, the ad industry’s term for fake or manipulated views, users, or clicks. News articles called out his alleged schemes as early as 2003, and he has been sued for allegedly helping force malicious software onto PCs. But in spite of his reputation within the industry, he’s never been publicly connected to a high-profile takedown related to ad fraud. Yomtobian’s shadow stretches beyond his web extensions operation. Advertise.com has provided traffic to the websites of major publishers, such as Bonnier, which owns Popular Science; Edmunds, an automotive publisher; and Gannett, the owner of USA Today and 260 local newspapers. Yomtobian’s main business is selling web traffic, and it’s made him fabulously rich." He got away with it.

Asher "made money — lots of it — by executing one of the internet’s most persistent, lucrative, and sophisticated scams: the subscription trap. The subscription trap works by tricking people into buying what they think is a single free trial of a celebrity-endorsed product. Although the customers would receive the product — which in most cases was not made by Ads Inc. itself — in reality, the celebrity has nothing to do with the offer. And in purchasing the free trial, the customer unwittingly commits to a pricey monthly subscription designed to be hard to cancel. But the subscription trap was just one part of Ads Inc.’s shady business practices. Burke’s genius was in fusing the scam with a boiler room–style operation that relied on convincing thousands of average people to rent their personal Facebook accounts to the company, which Ads Inc. then used to place ads for its deceptive free trial offers. That strategy enabled his company to run a huge volume of misleading Facebook ads, targeting consumers all around the world in a lucrative and sophisticated enterprise." He got away with it.

Matt provided "special code that triggered an avalanche of fraudulent views of video ads from companies such as P&G, Unilever, Hershey’s, Johnson & Johnson, Ford, and MGM. The CEO of an ad platform and digital marketing agency is an owner of 12 websites that earned revenue from the fraudulent views, and his company provided the ad platform used by sites in the scheme. Another key player is a former employee of a large ad network who runs a group of eight sites that were part of the fraud, and who consults for a company with another eight sites in it. A final site researchers identified in the scheme is owned by the cofounder of one of the 20 largest ad networks in the United States. Matt was an ad industry insider and helped other insiders make money from the scheme." He got away with it.

These were just a few examples of fraud schemes that were written about. It is easy to think that these were the only fraud schemes. If the following detail in the above examples were lost on you, let me remind you that Advertise.com and Ads, Inc. were part of the schemes. They all got away with it and none of them are in jail for fraud. The added complication with digital ad fraud is that even the victims don't want to know. Advertisers want to feel like they were "digitally transformed" because they spent large sums of money on digital ads. The don't want to find out they spent their budgets on fraud. Criminals love the fact that even the victims are helping them get away with it.

Newsweek, Outcome Health, Phunware, Ozy Media

As with the cases above, there's only a handful of examples of companies getting caught. I am pointing these out because every single one of them shows the perpetrator falsifying some digital metric that advertisers relied on to prove (in their mind) that their digital campaigns were working. Again, all the links to the original articles are provided so you can read the gory details.

In 2018, it was reported that Newsweek was using malicious code to alter viewability measurements, to make all their ad inventory appear to be 100% viewable. At the time, media agencies and the ANA told everyone that it was "best practice" to only buy ads that were viewable. On the surface, that made common sense. But what they didn't realize is that fraudsters can easily manipulate and falsify the viewability measurement -- literally as simple as passing a faked variable like "viewable=1" (which continues to this day in header bidding, by the way). Legitimate publishers have fixed page layouts; that means that if a page had 4 ads on it, and 3 were above the fold and 1 below the fold, the sitewide average viewability is 75%. That is not a bad thing; it' the reality of the page layout. Optimizing for 100% viewability had the inadvertent effect of sending more ad budgets to fake sites and away from real publishers; and it created further incentive for fraudsters to falsify metrics. Do you think Newsweek was the only one doing this?

In 2019, Outcome Health agreed to Pay $70 Million to resolve fraud investigation by the U.S. Department of Justice. The Chicago-based startup that raised more than $600 million, for putting “tablet devices and screens in waiting and exam rooms” for displaying information and showing ads. The Justice Department investigated them "to hold [this] healthcare technology company accountable for systematically committing fraudulent business practices for financial gain over many years.” Outcome Health admitted to the fraud and settled with the Department of Justice. “Outcome employees at the time falsified affidavits and proofs of performance to make it appear the company was delivering advertising content to the number of screens in its clients’ contracts. Outcome executives and employees during that time also inflated patient engagement metrics regarding how frequently patients engaged with Outcome’s devices. Furthermore, an executive at the time altered a number of studies presented to clients to make it appear that the campaigns were more effective than they actually were. Outcome further admitted that its under-delivery on advertising campaigns resulted in a material overstatement of its revenue for the years 2015 and 2016. The company’s outside auditor signed off on the 2015 and 2016 revenue numbers because executives and employees at the time fabricated data to conceal the under-deliveries from the auditor." They falsified metrics when raising money and altered the numbers to make campaigns "appear to be more effective than they actually were." Do you think Outcome Health was the only ad tech company doing this?

In 2021, Uber wins multi-million dollar advertising fraud suit against Phunware. “Evidence of widespread and continuing fraud came to light. Uber had grown suspicious of Phunware’s ad activity back in 2016, when an Uber employee raised serious concerns about Phunware’s activities on the ad campaign. Most of the Uber app installations that Phunware claimed to have delivered were generated by a fraudulent process known as “click flooding,” which reports a higher number of clicks than those occurring. Much of the ad traffic Phunware brought for Uber also came through auto-redirects, which automatically took visitors to an app store, whether the user clicked on the ad or not. In fact, two former Phunware employees had conducted an internal investigation discovering that Phunware had falsely billed Uber for ad clicks they did not deliver. But Phunware continued its fraudulent practices. As evidenced in discovery, a widescale culture of fraud continued for many months. For example, in an email sent on Oct. 31, 2016, a Phunware employees wrote: “Guys it’s… time to spin some more BS to Uber to keep the lights on.” When Phunware ran ads, the ads were shown on porn sites; they falsified the "transparency reports" to make the ads appear to have run on mainstream sites. When they didn't even run ads; they fabricated reports to make it appear that they did and billed Uber for "clicks they did not deliver." Despite paying the $17 million settlement, Phunware ($PHUN ) continues to operate as a public company, reporting $10 million annual revenues. Do you think Phunware is the only public ad tech company juicing their numbers?

In 2021, Ozy Media imploded within the span of one week, when it was disclosed they had inflated every number and every metric, essentially tricking all their customers and all their investors. They could explain away every other lie until then, but they couldn't explain away the crime of impersonation as a "mental health crisis." When they were found out, it became clear that everything else before the incident was also fabricated, falsified, or inflated, just like the other cases documented above. And silly TAG still thinks fraud is in the sub-1% range and their self-attested certifications caused that.

P&G, Chase, Uber

Now that you've seen how fraudsters boast about what they did, how much money they made off their scams, and how they got away with it, do you still believe that ad fraud is 1% like the Association of National Advertisers and TAG say it is (for the last 5 years, screen shot of their press release above)? It's easy to see why they think that. They are citing numbers from the widely used fraud detection vendors; the 1% is all they can detect. The other 99% represents what they failed to detect. Regardless of what you believe or what the industry-wide numbers are, here are a few cases where companies discussed outcomes. P&G turned off $200 million of digital spend and so no change in business outcomes. What were they spending their digital ad dollars on? Chase reduced the number of sites showing their ads from 400,000 sites to just 5,000 (a 99% decrease) and saw no change in business outcomes. What kinds of visitors were going to those 395,000 other sites? And Uber turned off $120 million of their $150 million in app-install spend. App installs continued at the same rate. What was the cost-per-install (CPI) bounty paid out for, if the app installs had already happened or would happen anyway (organic installs)?

Again, the above three cases are rare because few advertisers want to admit that the last 10 years of digital transformation was an illusion, an exercise in self-deception, or at the very least "measurement theatre" (lots of metrics, very little reality). But the sooner they realize and admit this (not publicly, just to themselves) the sooner we can move on to real digital transformation, and doing digital marketing correctly. Here's my take: https://www.dhirubhai.net/pulse/advertising-does-create-demand-can-help-you-harvest/

If you're not ready to move on just yet -- from the last decade of large numbers, high clicks, and low prices -- have a look through this spreadsheet -- The History of Digital Ad Fraud -- while humming the theme: "fraud as old as time. " It'll be like a trip down memory lane.

When you're ready to move on, let's talk.