Is ad fraud a cybersecurity problem?
2 min read

Is ad fraud a cybersecurity problem?

Is ad fraud a cybersecurity problem?

Deftly sliding from desktop browsers to mobile devices to smart TVs and other Internet of Things devices, ad fraud is a multibillion-dollar business problem that has been running rampant across the Internet for years. Should chief information security officers at companies hit by ad fraud take a stronger role in stopping it?

The range of companies affected by ad fraud is vast and deep, and it affects every business vertical across the globe. Any company that relies on programmatic advertising networks, which automatically buy and sell ads, is at risk, unless the network is a protected advertising ecosystem, Dan Lowden, the chief marketing officer of bot network and ad fraud prevention company White Ops, said in an email.

When it comes to costs, experts debate whether ad fraud costs companies billions of dollars per year, or many tens of billions of dollars per year. In a 2016 analysis, Hewlett Packard Enterprise identified it as the most lucrative form of cybercrime. Research company eMarketer estimated costs between $6.5 billion and $19 billion in 2019, and Juniper Research concluded that it would cost $42 billion by the end of 2019. By 2023, Juniper expects ad fraud to cost more than $100 million per day.


Employer data goes AWOL under Covid-19 lockdowns
Give smart: 4 tips to avoid charity scams
How identity fraudsters operate
Primer: What’s in a ‘crime kit’
Web’s most annoying ads no longer welcome in Chrome

The practice of defrauding advertising networks for financial gain has been around almost as long as online ad networks themselves. It became significantly more widespread when scammers began manipulating networked bots to create fake clicks on sites they own or ads they’ve paid for. It now also encompasses hidden ads, which target ad networks that measure views, not clicks; click hijacking, when a fraudster redirects a click from one ad to another; and fake apps, which look like and are labeled as legitimate apps.

These techniques are often used simultaneously to victimize companies, making the fight against ad fraud even more complex, says Luke Taylor, the chief operating officer of ad tech security company TrafficGuard, which co-authored the report with Juniper.

Taylor believes that at the very least, CISOs should use lessons from the cybersecurity world to encourage their employers to become more engaged with the ad fraud challenge.

Defense Mechanisms
A lot of ad fraud is based on making fake traffic look real. Fraudsters do that by stealing traffic logs to mimic them, and creating authentic-looking but fake traffic. CISOs, Taylor says, should be protecting their logs from cybercriminals the way they protect financial data.

“Simply extracting your server logs can be a good start for ad fraud, because they can be replayed as normal behavior,” he says.

This story was originally commissioned by Dark Reading. Read the full story here.

Enjoying these posts? Subscribe for more