As a provider of anti-fraud solutions, Protected Media unveiled a fraud operation they have dubbed “The Traffic Alchemist,” with company representatives pointing to fraud artists who have been disguising junk traffic as views on reputable sites – all of which have boasted high Alexa ratings via from Twitter and Google. The catalyst city for the scam was New York and began in April 2016, managing to evade detection because it involved actual users rather than bots, masqueraded traffic and blanketed fraudulent online portals so they’d be off the radar of scientists.
The real barn burner of the whole situation is this: The wool-over-eyes scam burned through some seven million eye-watering dollars per month at its peak – and is still continuing, albeit at a reduced rate.
How Fraud Advertising May Not be that Unusual
According to Asaf Greiner, CEO of Protected Media, this Traffic Alchemist scam, as it came to be known, isn’t unusual – not due to one single technique’s sophistication, but because it combined several methods together in order to keep the ad fraud activity under the radar. Here’s a good analogy of what is being suggested here: Remember the scene in Office Space when Jennifer Aniston’s character inquires of Ron Livingston’s character what he’s trying to do with the pennies “stolen” from the company he works for, and how he likens his plot to taking pennies from the disabled children’s jars in stores? The essence was that “Peter’s” company wouldn’t catch on to the fraud because so little was being taken at a time. This isn’t the exact same thing that was occurring in the Alchemist scam, but the concept is similar – keeping the fraudulent activity off or under the radar.
Greiner also feels that by looking past the technology and revealing the algorithms that manipulate traffic attributes, it is indeed possible to detect similar complex ad schemes that are always in place…but with “slightly different variations.”
Beware of Junk Traffic
Protected Media analyzed the entire situation and came to the conclusion that the fraud began by purchasing junk traffic, usually found on adult/porn or torrent sites, and which is infamous for extended viewing times. From there, expanded/longer sessions were divided into hundreds of short sessions on “legitimate, lucrative” sites operated by the source of the fraud; these sites ended up being shielded to seem reputable as to attract direct traffic, but in actuality were inundated with pop-up ads that couldn’t be viewed. Up to 35 ads were reportedly served per user in the operation and which were refreshed every 15 seconds, ultimately yielding 140 ad impressions per minute. As the phony websites were clustered together into groups of seven to 10, each site cycled traffic through it to keep “realistic measurements” so anti-fraud software wouldn’t be issued a warning. Clever, indeed.
Touching again on what was mentioned earlier, the path to these pop-under sites was cloaked so that the viewers appeared to be arriving “organically” from Google or Twitter and from legit search and social activity as opposed to views on torrent and pornography-oriented sites. The “decontaminated” traffic was shared via Google Analytics and subsequently reported by legitimate third-party platforms, ensuring advertisers were confident the traffic was reputable.
At the conclusion of several weeks, when the activity was deemed no longer “good enough” to keep the sites on target publisher lists, the websites were abandoned for a fresh cluster; thus, the scam relentlessly continued on month after month.
Protected Media’s presence in this investigation was timely and crucial, as the company’s solutions ensure those who are buying and selling digital advertising that mobile and video ads are legitimately grounded, visible and seen by actual people.
