Ad Fraud

What is Domain Spoofing?

Pinterest LinkedIn Tumblr

Total ad spend on programmatic ads is forecasted to reach $33 billion this year in the US alone according to a report by eMarketer—a number that’s almost doubled in the last two years.

That’s a lot of money being invested in programmatic, consequently, as ad spends have gone up globally, so have instances of ad fraud, and bad players duping advertisers and publishers to line their own pockets, depleting value from the ad tech supply chain in the process.

Ad fraud can manifest in many ways but one of the most commonly seen one is known as domain spoofing, in which a fraudster masquerades as a premium publisher.

How Does Domain Spoofing Work?

Domain spoofing works in two ways.

First, by using malware and ad injections. An unsuspecting user may accidentally hit the wrong download button on a spurious website or download an application infected with the malware, the malware then takes control of the browser and starts running its own malicious code. It starts “injecting” ads into the users’ browser regardless of which website they are on, further, even websites that do not typically run ads can be injected to display them.

The other way domain spoofing works is by modifying ad tags. Ad exchanges give publishers an ad tag that contain a code to identify which domain the user is on. Bad players can gain access, then delete the code and replace it with a static domain identifier, allowing them to impersonate anyone, advertisers may think that they’re buying top-tier inventory, but the ads will actually show up on substandard properties, such as a leaderboard on an obscure forum.

Who is Hurt by Domain Spoofing?

Basically everyone except the party perpetrating the fraud. Practices such as domain spoofing erode trust within the ad tech community.

Advertisers lose their money on fraudulent inventory and don’t get the returns they expected. In addition, their ads may also end up appearing in places (torrents sites, porn sites, etc) where it becomes a brand safety concern for them. Once advertisers realise what’s happening with their advertising dollars, they may choose to stop dealing with the ad exchange involved, even though the latter did not purposely intend to cheat the advertiser.

However, the biggest loser in the entire setup is publishers. In case of ad injections, the publisher inventory is held hostage to fraudulent impressions, as a result when their campaigns fail to perform—advertisers are soon on their neck and in many cases blacklist them. And with domain spoofing involving the modification of ad tags, fraudsters can undercut publishers by pretending selling their inventory at throwaway prices. The money that was rightfully deserved by the publisher is snatched away.

What’s the Solution?

For a long time, domain spoofing related ad fraud may have gone under the radar as a mere annoyance, but when the true scale of the problem was revealed with the methbot operation—where fraudsters were making upwards of $5 million every single day—things have gotten serious.

A whole new class of ad verification ad tech companies have now mushroomed that focus specifically on ensuring that ads appear in the place where they were intended to. These companies work with publishers, advertisers, and exchanges to monitor ad delivery and fill security gaps.

A lot of new companies are also focusing on how blockchain technology can be implemented to keep a transparent peer-review on digital ad transitions and delivery, but the use of blockchain in ad tech is still relatively new and these companies are yet to prove their efficacy.

Ads.txt is the most promising candidate for fixing domain spoofing that is being quickly adopted by both publishers and exchanges, a verification system in which exchanges keep a text file on their server that lists which publishers they are allowed to represent, and more importantly, the publishers keep one listing the exchanges that are authorised to sell inventory on their behalf. If widely adopted, this system based on human verification promises to make many traditional ad fraud techniques untenable.