Interviews, insight & analysis on digital media & marketing

Emulating Tom and Jerry: Staying one step ahead of cybercriminals

By Yuriy Yashunin, CPO and co-founder at Scalarr

Across the world, cybercriminals are a slippery bunch – often two steps ahead of the companies they’re trying to defraud and making money off the back of our misfortunes. And when it comes to ad fraud, they’re no different, instead targeting marketers. Last year, research suggested that at least £23 million of that UK ad spend was potentially intercepted by fraudsters, showing this emerging criminal market. 

That’s why companies – especially advertising and marketing firms – must stay one step ahead of these fraudsters, whose techniques are becoming more sophisticated by the day, in order to protect themselves. In the world of advertising fraud, the tactics used are becoming harder to find, trace and tackle – so businesses combatting them need to develop too, just like a Tom and Jerry game. Running rules-based methods in a 2D or 3D format is no longer good enough. Instead, technologies such as machine learning and deep learning need to be deployed to spot the spoofers. 

The varieties of ad fraud

A huge factor in companies needing to stay ahead of fraudsters is the continuous growth and development of new ad fraud methods. To give an overview of the most common methods we see, these include:

  • Hidden ads: When an ad is shown in such a way that the user can’t see it. This type of fraud targets ad networks that pay based on impressions, not click
  • Click hijacking: This is when an attacker redirects a click on one ad to be a click for a different ad, effectively stealing the click 
  • Fake app installation: Ads are often shown within applications, especially mobile apps. For this fraud method, teams of people (often in bot farms) install apps thousands of times and interact with them on a large scale
  • Botnet ad fraud: Scammers can use botnets to generate thousands of fake clicks on an ad, or fake visits to a website displaying the ads

Tactics fraudsters employ

Fraudsters’ techniques are evolving by the day, and marketers as well as app developers need increasingly more sophisticated approaches to combat them. To make digital campaigns successful, marketers need to ensure their ad spend is being used to reach real people – and to do so effectively, you need anti-fraud software. 

To carry out illegal activity across the web, all a fraudster needs is a sound technical understanding, access to the internet, and devices to get online. Within the realm of criminal activity, ad fraud has incredibly high pay-out potential at a low risk to the fraudster, as it is difficult to penalise by law. Increased privacy, such as Google’s FLoC and Apple’s upcoming iOS 14.5 update are making it easier for fraudsters to fly under the radar, meaning the risk to reward ration is skewed in favour of the cybercriminals. 

The process of delivering a fraudulent impression involves multiple parties at different stages — starting from a publisher, then a network or exchange, then a traffic broker and/or malware distributor. The process is so interconnected that it is nearly impossible to determine who is at fault. But it is incredibly powerful; according to research, in 2019 alone, marketers were expected to lose up to $16.1 billion, and this number increased dramatically during 2020.

Changing tack with technology

Fear not, it’s not all doom and gloom. Whilst ad fraud is a prevalent issue, there are solutions that exist to help combat the problem. A prime example is rules-based solutions. These employ techniques that identify when key characteristics and events exceed or fall below specific parameters, and often use 2D or 3D tactics, such as analysing clicks per minute. However, the issue with this is that these solutions only perform well when they know everything that plays a role in a specific type of fraud. Without having the full picture, it leads to a high percentage of false positives and negatives, rendering it an untrustworthy method. 

Additionally, rules-based solutions are very easy to reverse-engineer by fraudsters given the fact that all rules are exhaustively predefined and they do not self-learn, making it extremely difficult to find new or smart fraud types. With fraud evolving every day and cybercriminals constantly seeking new ways to exploit ads, this means that solutions that are solely rules-based simply cannot keep up.

The reality is that nowadays, fraud has become much more complex and sophisticated making it virtually impossible for traditional, rules-based solutions to meet the expectations and the level of protection that marketers require to fully safeguard their ad revenues.

Utilising machine learning

This is where employing more advanced technologies comes into play. One of the best approaches to catch cybercriminals is to use artificial intelligence and machine learning. As explained, rules-based methods are let down by their lack of data input – however, with machine learning the algorithms are constantly learning and processing vast amounts of data. Inherently, utilising this technology provides a consistent, reliable, scalable, and automated setting where machine learning algorithms thrive as they process every piece of data fed into the engine.

This means that hidden fraud patterns can be recognised and associations can be made based on data from post-install activity. Millions of data points can be processed simultaneously, and what’s more, it self-trains leading to a dramatic increase in accuracy in fraud detection. The unsupervised machine learning engine can work with unstructured data that does not need to be labelled and automatically discover and learn patterns from a massive amount of data by specifically looking for abnormalities and their underlying connections.

The ability to detect all types of fraud coupled with a high level of accuracy means that utilising solutions with machine learning is a favoured approach in the fight against ad fraud. Doing so ensures advertisers and marketers alike protect their clients’ budgets against the ever-evolving threat landscape.