Bot fraud to cost $7.2 billion
Advertisers to lose $7.2bn globally in 2016 as a result of bot fraud Reuters

Advertisers across the globe are expected to lose as much as $7.2bn (£5bn) in 2016 due to online ad fraud. This marks a 15% increase over 2015 when the global loss due to bots was estimated to be approximately $6.3bn.

The study conducted by the Association of National Advertisers (ANA) along with White Ops, collected data from about 10 billion online advertisers over 61 days starting from 1 August to 30 September 2015. It suggests that digital ad fraud levels mostly remained unchanged when compared to a similar study done a year ago.

Increase in bot fraud

In 2015, the advertisers had a bot percentage rate of 3% to 37% when compared to 2% to 22% a year ago, but the baseline is that bot fraud rates remained unchanged. Sourcing traffic results in generating greater fraud ads.

According to Bob Liodice, president and chief executive officer of ANA, "The level of criminal, non-human traffic literally robbing marketers' brand-building investments is a travesty. The staggering financial losses and the lack of real, tangible progress at mitigating fraud highlights the importance of the industry's Trustworthy Accountability Group in fighting this war. It also underscores the need for the entire marketing ecosystem to manage their media investments with far greater discipline and control against a backdrop of increasingly sophisticated fraudsters."

Bots basically exploit users' cookies to make them appear as humans in general detection and prevention systems. Media with higher CPMs (cost per thousand impressions) are more vulnerable to bots as they provide a stronger economic reason for botnet operators. Display media with CPMs over $10 had 39% bots, whereas video media with CPMs over $15 had 173% bots, suggests the study.

Bot operators' revenue

Bot operators generate significant revenue from ad fraud. The most expensive bots trick the detection systems of advertisers and suppliers through infected PCs and malware. The simpler bots, on the other hand, use basic malware to gain profits from the advertiser.

The study reveals that in 2015, programmatic video advertising attracted more bots than other types of advertising. The advertisers who bought programmatic video were affected with 73% bots. The direct display media, in contrast, was less vulnerable to bots.

Complex bots are capable of mimicking human behaviour, while basic bots can easily be identified by machine learning and statistical detection methods. Bot operators use various techniques to disguise their bots as humans.

"In addition to mimicking patterns such as time-based human behavior, the vast majority of the bots came from home networks, often using the existing browser cookies to appropriate real identities and appear as members of certain desirable demographics," reads the report.

Advertisers have observed that household computers account for a majority of the bots. About two-third of the complex bot traffic were from residential internet addresses. The second most popular source for the bots was internet addresses belonging to companies that host web services and other systems.

Malware targeting advertising

According to Dan Kaminsky, co-founder and chief scientist at White Ops, fraud operators can get remote access to a user's computer through several ways such as drive-by downloads (exploiting a vulnerability), bloatware, black-box libraries embedded into the legitimate apps or even installing wrappers that access remote-controlled service along with the functionality the user desires.

Fraud ads appear almost like the legitimate ones and bot operators are the ones who benefit the most from them. "For the bot operator, however, the scheme is quite profitable. Many do not even operate their own infrastructure. So this sort of fraud has a surprising number of "legitimate" participants. We've found companies where not everyone at the company knew they were fraudulent operations," said Kaminsky.