A technology company wanted its ads in front of people reading online about data storage. Instead, tens of thousands of dollars worth of ads landed on websites that belonged in the Internet’s trash can.
There was clouddatarecoverywebhost.info, where the firm’s ad appeared on a page that featured a viral YouTube video of a woman whacking an attacker to the ground with a dog. And cloudmortgageloan.com, where it ran next to a plagiarized Pittsburgh Post-Gazette article about health screenings for metal workers. Aside from their URLs, the websites had nothing to do with online storage.
In the tangled ecosystem that is online advertising, such nefarious websites collectively reap billions of dollars annually bilking advertisers. Many large companies wouldn’t want their ads financing distributors of misleading news, deceptive or counterfeit products, pirated movies and TV shows, or extremist groups. But that’s exactly what happens every day.
Media companies and their advertisers are shortchanged $8 billion a year because of scams, or more than the estimated combined revenue of Lionsgate, Paramount Pictures and MGM Studios.
Advertisers think they’re getting the desired views and clicks. But companies taking closer looks are finding unwelcome results. Websites where ads appear are visited by robots — computers hacked to impersonate real browsing behaviors. Others traffic in content people crave but upstanding businesses wouldn’t want to support, such as bootlegged movies or terrorist propaganda.
“A lot of advertisers don’t look that close because there’s so many websites involved,” said Erik Mekkelson, who bought the ads for the tech firm. “There’s hundreds, thousands of websites. And these are sneaking through.”
The set-up is siphoning potential revenue from legitimate media companies to shady ones. And it’s enabling hucksters to profit in fake newswriting and piracy thanks to ad views.
Stopping money from flowing to their operations has become a new priority for advertisers. Their results are difficult to measure, but early signs are encouraging.
The search begins
With government regulators, Hollywood studios and ad buyers growing privy to the scale of online ad fraud, the $200-billion online ad industry has begun taking stock of itself.
Most online ads are purchased through automated software that matches the pricing and distribution preferences of advertisers with the purported audiences of websites and apps. The transactions occur in milliseconds. Advertisers get gigantic computer-generated lists of where their ads ran. Website operators automatically receive a bank account deposit.
GroupM, the New York City media agency that leads the world in ad-buying, started over the last couple of years analyzing the Web pages on which its clients’ ads appeared.
The findings were uncomfortable, said Jonathan Hsia, who until recently was managing partner and head of digital investment at GroupM’s Mindshare North America.
“You’ll find a number don’t pass the smell tests,” he said. “Hundreds of thousands of impressions from a site you’ve never heard of, that’s almost certainly fraud.”
On piracy video services, some ads pitched offerings from NBC, Paramount and Lionsgate — the very companies whose content was being stolen. Hsia and his colleagues also realized that some of the websites spread malicious software that could infect a computer, turning it into one of robots that mimic human Internet users.
That “is something we don’t want to be a party to,” Hsia said.
Mindshare adopted a strict protocol: It refuses to pay for spots not vetted by a staffer or tracking technology.
At the small ad-buying agency Ace Rankings in San Francisco, Mekkelson’s analysis found as much as 90% of the placements for his tech-firm client were on bogus websites. The ads were purchased through Google, which allows almost any website to carry ads.
Mekkelson complained to Google about the placements and received some refunds. He also tried banning some websites from carrying his ads. But as he struck one website, a new one would arise. Soon, his client shifted from such ads toward safer and more expensive bets.
As Hsia found, it wasn’t a hard sell because advertisers had more assurance they were reaching people — not robots.
Google and other technology providers who connect advertisers and websites have vowed to expand their review processes.
For example, Rubicon Project tries to suss out the business model of websites applying to host ads. The Playa Vista company tries to answer basic questions: Who owns the website’s content? Does the website have rights to it? Is this something someone would read? Is there a companion Facebook page that looks active? Are there comments?
Eyeballing a website can ward off piracy and robot fraud.
“A terrible, low-quality site is probably not going to have very many humans visiting,” said Mike Zaneis, who helms Trustworthy Accountability Group, a cross-industry organization promoting online advertising best practices.
Tech companies also examine less visible signs. Piracy websites tend to be located overseas, so a large amount of U.S. visitors to an offshore website would raise concerns. On the Web, information is mainly viewed in the same country where it’s created.
When visitor-tracking firms such as SimilarWeb and Comscore report an audience substantially different from the number of ad views, reason for suspicion increases. The discrepancy suggests the website is using robots to juice readership. Offending websites get added to lists that automatically keep some ads off them.
Ad networks can probe for fake readers by asking them questions, similar to how online forms sometimes require people to solve a math equation before submitting. An unusual response would suggest the visitor is a robot. Ad network OpenX also monitors the speed of behind-the-scenes prompts and commands on the computer. Sloth-like loading could signal robots are sucking resources.
Approved websites are subject to increased follow-up monitoring. It’s meant to thwart bait-and-switch tactics in which disreputable material is swapped in after passing an initial screening.
Banned websites appear to shut down as income disappears. Many that Mekkelson found last year with pilfered or nonsensical content, including cloudmortgageloan.com, no longer exist.
But fraudsters and the same-old content often reappear under new URLs. Ad networks are attempting to be proactive in stamping them out. They recognize a person who visits one piracy website is likely to visit one or two others, and they can analyze the individual’s browsing history to identify previously unknown offenders.
A drop-off appears
A handful of ad networks have subjected themselves to audits in the last year to prove they’re taking steps to deter pirates and fraudsters. Several ad agencies and advertisers such as Arby’s, Kellogg’s and Unilever have committed to avoiding copyright-infringing websites.
“It’s no panacea, but it’s going to put a lot of pressure on criminal networks,” Zaneis said.
His team is working with auditor Ernst & Young, which devised the $8-billion losses estimate in 2015, to quantify outcomes.
Banding together appears to have paid off by one measure, though drawing a direct link isn’t easy. In the summer of 2015, about 30% of the ads on 1,200 big destinations for illegal access to movies and TV shows were from high-spending advertisers. By last fall, the percentage had slipped into the single digits, according to Santa Monica ad tracking firm Pathmatics.
The data suggest that the 500 largest advertisers in any given month, by Pathmatics estimates, have nearly extricated themselves from a cadre of pirates.
But new frontiers, including smartphone apps and video, are sore spots. Pathmatics found that the amount of big-name video advertisers on piracy websites held steady last year.
In recent weeks, Wal-Mart, AT&T and hundreds more advertisers curtailed YouTube spending over concerns of supporting racist and violent videos. Though Wall Street analysts didn’t expect the boycott to result in a long-term financial hit for YouTube, the online video giant introduced several new policies to restrict where ads appear — including new layers of human review and minimum viewership requirements.
The freedoms that make the Internet welcoming to anyone mean it may never be clean enough to satisfy every advertiser. Mekkelson just hopes companies take a strong stand on who gets paid when they put ads online. Industry leaders warn that universal compliance and deterrence is far off.
MGID is among ad networks that maintain support for piracy operations such as Thevideo.me. Ads MGID supplies to the website tend to be the most lucrative type — salacious, irresistible links like “These Hot Russian & Ukrainian Singles Want To Meet Older Men.” MGID, with offices in Santa Monica, didn’t respond to requests to comment over several months.
Even when banned, pirates have no shortage of countermeasures. Some now load pop-ups to generate revenue. The new windows feature a different “safe” website, perhaps about dieting strategies, allowing it to host ads. That’s the scheme by which Amazon.com, BMW and Wynn Las Vegas at least one day supported Couchtuner.me, where people binge on bootleg copies of TV shows such as “The Real Housewives” and “Big Brother.”