Study: 18% of all online ad traffic is fraudulent

Cybersecurity company CHEQ is led by Guy Tytunovich, a former Israeli military intelligence officer.  He says the amount of online advertising fraud is grossly underestimated.  A new study released by his company estimates that 18% of all online ad traffic is a fraudulent.  That cost cost advertisers as much as $50 billion in wasted ad dollars that are being stolen by cyber criminals every year.

U.S. advertisers, he says, are the biggest victims. Tytunovich believes that we’ve been led to believe that ad fraud is low levels when, in fact, it is a sophisticated criminal enterprise.

“While many U.S. advertisers believe that they are being exposed to fairly basic and rudimentary attacks, most of the fraud today is highly sophisticated,” said CHEQ founder and CEO Guy Tytunovich.

Study Results

Some 77% of fraudulent U.S. ad traffic is highly sophisticated according to military-grade ad-verification firm CHEQ. In a study of 4.1 billion ad requests made in the United States across 1.2 million domains between October 2018 and February 2019, 18% of online ad traffic was fraudulent.

Of this fraudulent traffic, 77% was classified as “sophisticated invalid traffic” (SIVT), which utilizes far more advanced malicious methodologies to defraud the advertising ecosystem than the more basic forms of ad fraud or “general invalid traffic” (GIVT). While GIVT can be detected by simplistic methods such as IP and user-agent blacklists, SIVT prevention requires far more sophisticated capabilities such as OS and device fingerprinting, dynamic honeypots (bot traps) and network behavior analysis.

CHEQ---US-Ad-Fraud-Report--Feb-2019

CHEQ found 570 million SIVT attacks, each using a triple-lock of interwoven frauds — combining sophisticated domain-masking, invalid-referrals and viewability fraud — in a coordinated attempt to evade detection.

Other prevalent techniques included domain spoofing, in which scammers create hidden I-frames on web-pages to run ads that consumers never see, and various means used by scammers to manipulate and falsify location data.

 “First-generation ad verification is ineffective in dealing with the growing scale of online ad fraud, including click jacking, domain and device spoofing and zombie networks…we’re uncovering far more sophisticated types of fraud as cyber criminals constantly up their game.”

Other Key Findings

  • U.S. desktop-based fraud makes up 55% of online fraud levels, while mobile-based ad fraud makes up 46% of the total.
  • Android accounts for 59% of mobile ad fraud while IOS accounts for 41%.
  • Chrome (49% market share among all browsers) accounts for 45% of ad-fraud. Safari (31% market share) accounts for 18% of ad-fraud. Firefox (5% market share) accounts for 3% of ad-fraud. Internet Explorer (5% market share) accounts for 3% of ad-fraud.

Read the full study at: http://www.cheq.ai.