Study: Pro sports sites hit by ad fraud from massive 'Sports Bot' operation

Dive Brief:

New fraud detection algorithms from the company Forensiq recently flagged down up to 75% of pre-bid requests for ad placements on NFL team domains for suspicious activity. These findings led to a broader investigation that uncovered a highly-sophisticated and extensive "Sports Bot" operation, according to Forensiq news released today and made available in advance to Marketing Dive.
In its analysis, Forensiq looked at more than 9.7 billion pre-bid requests that it estimates translated to costing anywhere from $200-250 million on sports and sports media websites covering the NFL, NBA, NHL and MLB. The firm worked with digital media intelligence company AD/FIN to study the full effects of the bot, which leveraged tactics that fraudulently loaded ads onto targeted professional sports sites without the site owners' consent.
This methodology allowed the bot to monetize premium inventory without using more conventional approaches like domain spoofing or masking. The origin of Sports Bot is unknown. Forensiq said it might stem from malware downloaded onto computers without the users' knowledge. This software can both hijack browser activity and manipulate browser content, the release said, providing a cloak to siphon off money from advertisers.

Dive Insight:

Sports media content from leagues like the NFL has long been a cherished target for TV advertisers, so it's no surprise that fraudsters have taken a keen eye to it online, where ad dollars are easier to steal and are now more abundant. What might be surprising, based on Forensiq's analysis, is how bad actors in the digital space can so effectively game the system and divert significant revenue their way without the knowledge of industry players.

"Forensiq's findings are both fascinating and scary. While progress is being made against fraud, it's findings like these that tell us we need to double down on our efforts," Andrew Altersohn, CEO of AD/FIN, said in a statement. "It's unfortunately too common for advertisers to pay for unwanted or worthless ads, and at the same time top-shelf publishers take a hit on reputation and revenue."

Marketers, publishers and ad tech providers are still grappling with how to best tackle fraudulent tactics like domain spoofing. The Financial Times earlier this year found that at least six major ad tech providers — Verizon's Oath, AppNexus, PubMatic, Teads, SpotX and Comcast's FreeWheel — were still being tricked by domain spoofing, where fraudulent ad space was presented and bought as premium Financial Times inventory. Forensiq's study suggests Sports Bot used newer methodologies that are potentially more complex and convincingly human than domain spoofing or masking, reinforcing that the road ahead is long for marketers in picking up on and addressing these problems before they have a tangible impact on their business.

Around one-fifth, or $16 billion, of digital ad spending is forecast to be lost to ad fraud this year, according to estimates from the online verification company Adloox. The scale and sophistication of a scheme like Sports Bot, while alarming, is no longer unique. Earlier this week, BuzzFeed News published a report detailing how an extensive network of fraudulent "zombie sites" scammed over 100 big-name brands including P&G, Unilever and Johnson & Johnson for potentially millions of dollars. Those sites were supported by ad platforms owned by legitimate ad industry players in the U.S., though those same companies denied knowledge of the issue.