Dive Brief:

• Among fraudulent U.S. ad traffic, 77% is classified as "sophisticated invalid traffic," or SIVT, meaning it uses advanced malicious methods, according to a new study by ad verification company Cheq whose findings were made available in a news release.
• The report examined 4.1 billion ad requests across 1.2 million domains from October 2018 to February 2019 and found 18% were fraudulent. It revealed 570 million instances of SIVT attacks, which combined domain-masking, invalid referrals and viewability fraud. More than 740 million instances of ad requests combined SIVT and the more basic general invalid traffic.
• U.S. desktop-based fraud accounted for 55% of total online fraud and mobile accounted for 46%. Breaking down the mobile ad fraud figures, Android made up 59% and iOS 41%. On desktop, Google Chrome accounted for 45% of ad fraud, while holding 49% of market share among browsers. Safari, with 31% market share, accounted for 18% of ad fraud.

Dive Insight:

The Cheq report suggests that, though there have been successful efforts to combat online ad fraud, such as through industry initiatives like ads.txt and TAG, bad actors' methods are becoming more sophisticated and difficult to detect, meaning marketers must continue to be vigilant.

The global digital ad market is expected to reach $250 billion in 2019. Cheq's finding that nearly 20% of ad requests are fraudulent would mean that the issue could cost advertisers up to $50 billion in lost spending, as noted by Fast Company.

Google has previously estimated that ad fraud caused by spoofed domains on ad exchanges costs publishers $3.5 million daily, or $1.27 billion annually, based on a $5 video ad CPM valuation. A 2017 study by 16 programmatic publishers, including The Washington Post, found that video callouts were overstated by 57 times compared to the actual available inventory, equating to about 700 million counterfeit callouts each day. 

Ads.txt, developed by the IAB Tech Lab, has been viewed as a potential solution to preventing fraud. However, some recent reports suggest that the offering, which has seen steady adoption and a positive response from marketers, is still exploitable. 

Earlier this month, DoubleVerify revealed that bad actors had found ways to work around ads.txt late last year in a scheme that targeted high-profile news and entertainment publishers. The operation could've cost advertisers up to $80 million per year, DoubleVerify estimated. Dennis Buchheim, SVP and GM of the IAB Tech Lab, told Marketing Dive that the scam wasn't the fault of ads.txt itself, but was the result of a lack of due diligence from publishers.

"[T]he issue with this scam wasn't ads.txt — but improper implementation of the spec," Buchheim said in emailed comments at the time. "Publishers need to be cautious about only adding trusted monetization platforms to ads.txt. "