“As a result of this elaborate scheme, the defendant falsified billions of ad views and caused businesses to pay more than $7 million for ads that were never actually viewed by real human internet users,” the Department of Justice said. Although The New York Times was named as a “victim” by the Justice Department, the publication declined to clarify whether it paid for fake ad views or whether its website was spoofed by one of Zhukov’s fake sites. Nestlé, the parent company of Purina, did not respond to a request for comment.
Some companies have taken matters into their own hands. In 2017 Uber sued one of its advertising agencies for charging it for ads that were not seen by real people or placed on real websites. The case started when Uber pulled all online advertising and discovered barely any drop in app installs or sales. Why? Some claim online ads target people who already plan on buying that product or service. Others argue that ads often target bots. But it’s hard to get a straight answer. Companies paying for advertising have an incentive to play down the number of bots to conceal how much cash they’re wasting. And cybersecurity companies have an incentive to exaggerate numbers to sell anti-bot products.
The technology to detect and block bots already exists, says Sandy Carielli, a principal analyst specializing in cybersecurity at the consultancy firm Forrester. But companies can be unwilling to investigate traffic that, on-the-surface, makes their website look popular, she says. “Keep in mind if you cut off the bots and it turns out that a large amount of traffic on your site is generated by bots, that’s going to influence your performance numbers.”
Advertising didn’t always used to be like this. Augustine Fou, who has been a digital marketer for 25 years, says that in the past decade there’s been an explosion in fake traffic. Fou believes the industry was corrupted around a decade ago, when a series of opaque middlemen entered the scene. “Prior to that, advertisers would buy ads from publishers like The New York Times,” he says. But now it’s typical for brands to approach a digital ad exchange—which facilitates the buying and selling of advertising from different ad networks—to place their adverts on huge numbers of websites and apps. And it is this part of the system that has become vulnerable to bots, claims Fou.
“The exchanges have deliberately looked the other way when there are fraudulent sites and mobile apps that become part of that exchange,” he claims. Google and Facebook are among the companies that run these exchanges alongside other listed US companies such as Pubmatic and Magnite. “The ad exchanges don’t want to solve fraud because fraud generates so much volume,” Fou claims. “And the exchanges essentially make more money when more volume passes through their platforms.” None of the exchanges responded to requests for comment.
And it’s not just the exchanges seemingly dodging the fraud issue. Advertisers are also reluctant, says Fou. “It’s too embarrassing for them to admit that they purchased fraudulent inventory.” He cites one rare attempt to sue by Uber, after it discovered Austin-based advertising company Phunware was selling fake app installs using bots. “Most of the Uber app installations that Phunware claimed to have delivered were generated by a fraudulent process known as ‘click flooding,’ which reports a higher number of clicks than those occurring,” Uber’s law firm Reed Smith said after winning the fraud suit.
“Many still think ad fraud is a victimless crime,” says Fou. “After all, who cares if big brands waste their money showing ads to bots?” But the industry is letting ad dollars flow into the pockets of cybercriminals, he adds, who can then use it to fund other illicit activities. It’s a major problem, he argues. “One that no one talks about, no one writes about, everyone thinks it’s someone else’s problem.”