Accountability for Fraud…The Wait Is Over


Progress in the fight against advertising fraud is always a welcome sight here at dataxu. In the past week, we have seen several indictments handed down by the US Department of Justice in connection with a couple of wide ranging fraud schemes, and a deep investigation into mobile ad fraud released by Buzzfeed.  As one of the leaders in fighting ad fraud, we commend these efforts and developments in the continuous battle to further clean our ecosystem. Read more below on dataxu’s take of these recent events:

dataxu combats the attacks

The recent indictments handed down by the US Department of Justice call out Methbot for data-center based ad fraud, and 3ve for running a bot-net scheme. Methbot’s activities were first noticed in December 2016, at which point we released our response to our customers. Due to our ongoing monitoring efforts and continued vigilance against such attacks, we ensured prior protection across our platform, as discussed in a previous blog post on combating Methbot. At the time, during the first few weeks of December 2016 we saw less than $700 a day of spend on Methbot IPs, bringing that number down to $0 after the announcement.

3ve was the other culprit mentioned in this indictment and, again, this was not a new attack.  The indictment against 3ve’s bot-net scheme brings additional accountability to those nefarious actors who are plaguing our ecosystem with various forms of fraudulent attacks. Once again, our strict quality standards in combination with our partnership with DoubleVerify (DV) protected all of our clients from any of the 3ve attacks. DV uses real-time protection methods to not only limit the impact of fraudulent impressions coming from infected computers and “ghost-sites” but to eradicate it completely. In addition to the comprehensive DV coverage, our fraud team is constantly scouring domains and IP addresses for unusual behaviors. When we see any suspicious behavior, those sources are blocked from receiving any of our bids.  

Leading the fight against fraud

Buzzfeed also released the findings of their investigation into Cheetah Mobile’s network of apps for mobile ad fraud. These apps were exploiting user permissions by click-flooding or click-injecting, meaning these apps were being rewarded for the last-click of an attribution. This means that these apps were getting attribution for an app-install conversion that they should not have received otherwise. While completing our normal supply checks, we noticed inconsistencies with Cheetah Mobile’s impression volumes and blocked Cheetah Mobile’s entire network of apps from our platform in early 2017. Rather than wait for third-party verification or in-app protection to catch-up, we took action and have long since been protected from these apps. Due to our reputation in ad fraud prevention, we were approached by Buzzfeed prior to the release of this article to provide our point of view and assist in their investigation. Buzzfeed’s efforts to shine a light on this activity is laudable, and will continue to assist as we fight to protect our customers from fraud.

The battle with fraud continues…

Even as Buzzfeed released their findings, we noticed additional activity which raised alarm and shows that we must continue to be vigilant in our efforts. In the past 30 days, we have seen close to 500 million bid requests from the apps named in this report from a single SSP. It is concerning that even though this fraud has been caught, the perpetrators are still able to get into the ecosystem with relative ease. We hope that with all of the effort in the fraud space right now, our partners will continue to make strides at improving their quality of inventory. But until the ecosystem is 100% clean, we will continue to put forth our best efforts at ensuring our clients are protected as best as possible.