[This article was originally published in Ad Age on February 24, 2017]
In late December, the digital security firm White Ops released a bombshell report outlining a sophisticated video ad fraud scheme that it estimated was siphoning $3 million to $5 million from marketers each day. Inspired by the word “meth” in the fraudsters’ code, White Ops called the scam “Methbot.”
The complexity and apparent scope, eclipsing prior big frauds that were believed to run under $1 million a day, helped fuel an unprecedented amount of media coverage in outlets including CNN, The New York Times and CBS (not to mention Ad Age). It also fanned pre-existing fears about the digital ad business, the sort reflected by Procter & Gamble Chief Brand Officer Marc Pritchard last month when he told the Interactive Advertising Bureau that “the days of giving digital a pass are over.”
But Methbot’s financial impact may have been grossly exaggerated.
“It was not millions of dollars a day,” said Mike Zaneis, president and CEO of the digital ad industry’s Trustworthy Accountability Group. “Not a chance.”
Google, which works with nearly every publisher and advertiser on the planet, said it saw negligible impact from Methbot. “This was kind of just another threat, so it wasn’t something you were necessarily surprised by,” said Andres Ferrate, chief advocate of ad traffic quality at the company. “In terms of the impact, it was so small that it raised some eyebrows internally after we went through our standard operating procedure,” he added.
Google’s “standard operating procedure” on the subject is significantly more comprehensive than other ad-fraud fighters’. The tech titan employs hundreds of engineers, scientist and experts to gather and analyze data on online ad traffic, searching for everything down to accidental human clicks to ensure advertisers aren’t charged.
White Ops dubbed Methbot the largest ad fraud attack in ad history, describing Russian hackers ginning up fake traffic on “bot farms” using servers in the Netherland and U.S. Methbot duped marketers into thinking they were buying video ads on a website like The New York Times, for example, when their ads were really being served to a spoofed version of the Times site being “visited” by automatons designed to mimic real consumers.
Real publishers lost the chance to sell their human audiences to advertisers, and marketers paid money to place ads that nobody watched.
The problem with the initial numbers is that hundreds of millions of fake impressions per day, as White Ops said Methbot was generating, does not translate into hundreds of millions of ads served.
White Ops turned to data intelligence company AD/FIN to determine the prices for the video ads mentioned in its report. White Ops then took that data and verified it with various demand-side platforms, where buyers go for ads from multiple exchanges.
Several people with direct knowledge of that process said the price range that White Ops arrived at was correct: about $13 per thousand impressions, an industry metric known as the CPM.
But Mr. Zaneis believes that only 10% of the fraudulent impressions generated by Methbot were actually served with ads, a conclusion he said he based on conversations he’s had with members of the Trustworthy Accountability Group and data he’s seen from them.
That would put the financial impact from the Methbot scheme closer to $260,000 to $520,000 per day.
Michael Greene, VP of product strategy at the programmatic media buying platform AudienceScience, told Ad Age that its company saw hundreds of millions of impressions each day from Methbot. But like many platforms, AudienceScience works with multiple ad fraud and viewability vendors to make sure its customers aren’t being scammed. It only gave $1.20 for every $10 million of media spend to Methbot, he said.
White Ops co-founder and CEO Michael Tiffany told Ad Age it arrived at its millions-of-dollars-per-day figure based on an algorithm involving how many impressions Methbot created, the average video CPM for the sites Methbot spoofed, and its estimate of how many fraudulent impressions were actually served ads.
Mr. Tiffany of White Ops said his company’s figures are accurate. Methbot was run out of data centers that ramped up significantly, he said, to capture more fraudulent ad dollars from marketers. Such an increase in traffic, Mr. Tiffany says, would have been costly for fraudsters, “So why would they do that?”
“We can rule out the fill rate being a fraction of the page views because that’s just irrational,” Mr. Tiffany said. “The burden isn’t on me to come up with some reason why. The burden of proof would be on someone else to come up with a cogent reason as to why Methbot would grow to be vastly larger than its fill rate.”
Methbot has been a double-edged sword for White Ops. The company’s report exposing the scam won it praise and business, but other players in ad tech criticized its conclusions.
Since the report’s release, many ad tech leaders have both quietly and publicly questioned the accuracy of White Ops’ report. In a January post titled, “Methbot? More like ‘Mehbot,'” Jason Shaw, director of data science at ad fraud outfit Integral Ad Science, questioned if White Ops’ report had been embellished for the sake of sensationalism.
“What’s more interesting, and consistent with many other platforms’ findings (see here, here and here), is that traffic coming from these [Methbot] IPs was very low in volume — less than .03% of the billions of impressions we see a day,” Mr. Shaw wrote. “I’m intrigued by all the excitement surrounding Methbot — when something old becomes new. And something small becomes big.”
Although the actual White Ops report described the $3 million-to-$5 million daily impact as an “estimate,” its website is not so cautious.
“Controlled by a single group based in Russia and operating out of data centers in the US and Netherlands, this ‘bot farm’ generates $3 to $5 million in fraudulent revenue per day by targeting the premium video advertising ecosystem,” the site says flatly. “We continue to detect and block fraudulent activity generated by Methbot on behalf of all of our customers.”
White Ops, a member of the Trustworthy Accountability Group, is also working with law enforcement to help track down the criminals behind Methbot.