BOT ASSAULTS - IQPC Corporate · 2017-05-09 · Hidden to user, ad-clicking and browsing as a...

IDO SAFRUTI CTO & FOUNDER

PERIMETER X

JACK CHIANG MODERATOR

AND THE DRAG ON MARKETING BOT ASSAULTS

JAMIE CLARKE CEO, LIVEOUTTHERE.COM

© 2016 PerimeterX™ - Proprietary and Confidential

WHY SHOULD I CARE ABOUT

$7.2 Billion what Ad fraud will cost marketers by end of 2016 (ANA)

Half of all online ads are never seen by a human being (ComScore)

8% of impressions have the opportunity to be seen by a real person (Tatoris/Media post)

Lead gen programs - affiliate fraud on leads

Programmatic buys

Ad buys / Ad effectiveness

Referral - affiliate attribution fraud on commerce


WHY SHOULD I CARE ABOUT

$4.5 billion US spend on affiliate marketing in 2016

10% annual growth through 2020

4 in 5 advertisers/merchants and publishers/affiliates embrace affiliate marketing


Programmatic buys


Referral - affiliate attribution fraud on commerce

Rakuten / Forrester

Anecdotal evidence: High Marketing program spend ● (e.g. Affiliate program)

Business challenge: Attribution. Why such a big deal?

● Can you trust your data?

Business impact: Forecast marketing impact, ● Actionable revenue data

The Reality of Decision Making

BOTS IMPACT MARKETING


INCOME EXPENSE

Waste of Marketing Spend

Revenue Loss / Depressed Results

Skewed Analytics

10% of a typical company spend on marketing but 20-50% with Internet-centric companies driving growth Fraud skews data to inflate or deflate channel, budget allocated to wrong channels Funded or overfunded channels don’t perform, it affects P&L


MARKETING FRAUD - BOT EVOLUTION

Gen 4 Bots

Gen 3 Bots

Gen 2 Bots

Gen 1 Bots

Primitive clicker bots - hosted bot farms, no true js support

Extension bots - tapping onto user’s activity, and manipulating it

Bot-nets - based on malware infected computers, working regardless

of the user’s activity

Modern clicker bots - hosted bot farms, with simulated browsers


SCENARIOS


Programmatic buys


Referral programs - affiliate attribution fraud on sales


BOT FRAUD

Probably about 50 percent of what you’re spending online is being stolen from you

AD BUYS

PROGRAMMATIC

LEAD GEN

ATTRIBUTION Bob Hoffman / Ad Contrarian


BOT PROBLEM

HEINEKEN - $150 MILLION AD BUDGET

• In 2013 found were getting $2 revenue for $1 digital ad spend vs $6:1 revenue for TV, something was very wrong ….

• Only 20 percent of the campaign’s “ad

impressions” — ads that appear on a computer or smartphone screen—were even seen by actual people.”

http://www.bloomberg.com/features/2015-click-fraud/


CLICK FRAUD

Cloud-based bot network generates false impressions or clicks

Computer with bot-net malware ● Hidden to user, ad-clicking and browsing as a service

Publishing and tracking/counting non-viewable ads ● “Click traps”/hidden ads; 1 px non-viewable delivered ads


BOT FRAUD

10-20% AD display traffic BOTS

50% of publisher traffic BOTS

AD BUYS

PROGRAMMATIC

LEAD GEN

ATTRIBUTION

http://www.adweek.com/socialtimes/ why-programmatic-is-the-future-of-digital-display-advertising-infographic/639184


PROGRAMMATIC

Advertising inventory offered, bid on, and fulfilled in the blink of an eye

• In 2016, programmatic will account for 63% of display ad spending

• By 2020, programmatic could account for

85% of targeted banners and 67% of streaming video ads

http://www.adweek.com/socialtimes/why-programmatic-is-the-future-of-digital-display-advertising-infographic/639184


PROGRAMMATIC ADS

All the direct ad fraud campaigns -- on steroids

More middlemen = easier to hide


PROGRAMMATIC ADS

Evaluate sources of traffic, decide how to pay

Time of day, browser version, Flash version all indicators of bot

In the aggregate, older browsers/Flash, at night, are bots - you can see this in Google Analytics

Specifically can use tools to vet requests and sources

01

02


BOT FRAUD

AD BUYS

PROGRAMMATIC

LEAD GEN

ATTRIBUTION AFFILIATE - LEAD GEN


LEAD GEN FRAUD

… Bots won’t make purchases or fill out

online forms.

No longer true … they will

It’s easier to fake a lead than a sale • More susceptible to fraud and vulnerable to frequent

attacks • How do you enforce quality up front, how do you

detect fraud sooner than later

Impact • Referral dollars wasted to fraud • Worthless prospects / leads • Skewed analytics - can you trust your data to know

what to scale?


AFFILIATE FRAUD - SKEWED ANALYTICS

Used 2013 and 2014 Q4 data to project 2015 Q4

goals

Fraud uncovered, removed the publishers from the

program

Missed their Q4 goals by 33%

01 02 03


BOT FRAUD

… one of the top five customer acquisition channels is affiliate marketing ...

AD BUYS

PROGRAMMATIC

LEAD GEN

ATTRIBUTION AFFILIATE - REFERRAL PROGRAMS


AFFILIATE / REFERRAL FRAUD

Man in the browser attack 1 Malware in browser extension 2 Watches sites, gets referral id, associates with user (overwrites other referral if present) 3


AFFILIATE / REFERRAL FRAUD

One domain list with over 66,000 entries • 105 of top 120 ecommerce

(according to IR500) • >85% of them in Alexa top

1M


LIFECYCLE OF MALICIOUS EXTENSIONS

Published in browser

store

Get fraud campaign

instructions from C&C

Dormant waiting period

Executes background

click and referral links

Downloaded by real user

Retrieves payload of target websites

Offer completed

Wait for user to access

targeted site Delay user from accessing the page

“Release” user to load site, claiming

attribution

REFERRAL FRAUD - SKEWED ANALYTICS

• Skewed analytics across multiple internet marketing channels • Malware in extension will always win in any last-click attribution model • Lose actual source of traffic (organic, SEO, SEM, Display), resulting in

lower ROAS for these channels • Double-paying across channels a concern • Can affect revenue forecasting and budget allocation across channels

• Skewed analytics within affiliate channel

• Steal attribution from another affiliate • Upset and lose credibility with legitimate affiliates • Zero incrementality since fraudulent affiliate don’t actually run any

campaigns or proactively promote your brand


DO YOU AGREE? WHEN FRAUD FOUND ...

we think it was an isolated incident, that publisher has

been removed

we’ll take it internally from

here

… or NO response at all


TAKE ACTION

BOT FRAUD

NEXT STEPS


NEXT STEPS

Break the model for fraudsters

Don’t buy into futility of

‘arms race’ / mutual escalation of

technologies and capabilities

Measure it / Monitor it Benchmark where you are today • Inbound traffic • Advertising quality

Manage it Clean up traffic to your site, your programs • ROI gains for programs • Enhances your metrics

Implement high value, low relative cost measures • High hassle factor and barrier to fraudsters • High return to effort and investment


PERIMETERX BOT DEFENDER

• Increasingly more sophisticated attacks to websites • Business & financial impact across the organization • Cloud architecture, distributed website deployments

Today’s environment

• Architecture — any deployment, any scale • Accuracy — behavioral fingerprinting detects

threats invisible to today’s solution • Ease/Speed of Integration — activate monitoring

in minutes, powerful reporting

Solution: PerimeterX Bot Defender

Behavioral Fingerprinting

Automated Detection

5 Minute Integration

Behavioral-based Web Protection


ARE YOU UNDER ATTACK?

Check your website: https://tools.perimeterx.com

IDO SAFRUTI CTO & FOUNDER

PERIMETER X

JACK CHIANG MODERATOR

JAMIE CLARKE CEO, LIVEOUTTHERE.COM

Q & A

BOT ASSAULTS - IQPC Corporate · 2017-05-09 · Hidden to user, ad-clicking and browsing as a...

Documents

Transcript of BOT ASSAULTS - IQPC Corporate · 2017-05-09 · Hidden to user, ad-clicking and browsing as a...