A Comprehensive Ad Fraud Tool Should Be Able to ID, Analyze & Block Bad Ads

The fraudsters aren't dumb. In fact, while it pains us to say it, many of them are downright brilliant. Sure, these criminal masterminds don't get the publicity that others do, but they're every bit as clever and resourceful as the antagonist in a Hollywood blockbuster. For an industry besieged continuously by smart, driven fraudsters, this means the solutions developed to stop their fiendish efforts must be up to the challenge. And that's no easy task.

Artboard 1 copy 2

But thankfully, the fraudsters aren't the only intelligent folks around. Participants in the digital advertising industry already have access to the ad tech tools they need to protect their own interests, while simultaneously galvanizing the entire advertising ecosystem. To that point, we're going to give you a peek behind the Ad Lightning curtain and run-through our unique approach to helping publishers and platforms thwart bad actors and their bad ads. And to make sure our point hits home, we're going to throw in a real-world example that demonstrates the urgent need for practical, real-time ad fraud solutions.

Read Next: Features to Look for in a Complete Ad Quality Solution

Stopping Threats in Real-Time

As we revealed in our 2020 State of Ad Quality Report, the industry sees a glimmer of hope on the malvertising horizon, as demonstrated by the 10% year-over-year drop in survey participants citing redirects as their main concern. At this point, it's not a lack of technology or tools that keep bad ads in an ad ops team’s nightmares. The tools work, even when fraudsters keep changing their strategy.

That's what makes real-time ad quality protection so incredibly important – the bad actors are smart enough to zig when the industry zags. What might have worked well yesterday won't necessarily work today, so an ad blocking solution must be agile and proactive, pivoting wherever and whenever it needs to.

Our Three-Stage Approach

As the following graphic shows, we employ a three-stage approach to our real-time ad blocking, encompassing a variety of techniques that, collectively, create a formidable defense for publishers and platforms.

ADL Screen Grab

1. Threat Identification: Expansive but Granular

Know thy enemy. It's the foundation of any successful defense – or offense, for that matter. That's why we begin our real-time blocking with a thorough identification process, using a variety of inputs culled from different sources:

  • Insights from 50B protected impressions per month
  • Analytics from server side scans
  • Real-time data from live in-browser scans
  • Pattern identification & detection
  • Key third-party integrations

Now we're not saying that a single-point solution can't work well for ad fraud detection, but that's only if the fraudsters uniformly agree to stay in place and never change their tactics. Unfortunately, that's just not going to happen. Ever. Bad ads constantly evolve because the bad actors behind them are always moving on to something different. But that's why a truly effective fraud prevention solution uses multiple inputs – to identify the bad guys wherever they might be lurking within the ecosystem.

Artboard 1 copy 3

Cranking It Up to Eleven: Dynamic Analysis

Another key differentiator, something we mentioned while discussing Features to Look for in a Complete Ad Quality Solution, is dynamic analysis. Rather than relegating itself – and, therefore, publishers and ad networks – to static blacklist analysis that sticks to known signatures, a dynamic threat analysis loads and executes scripts in a protected environment, revealing what happens in real-time. From there, we add new signatures as we identify them, giving publishers fast and accurate protection without intruding on other elements on a page.

2. Threat Analysis: Powered by Machine Learning

Now that we've identified the enemy and have them in our sights, we employ different machine learning techniques to sift through and evaluate the volumes of data points produced throughout the identification stage. Aside from machine learning concepts, this threat analysis stage also includes:

  • Real-time & predictive payload analysis
  • Continuous malware research
  • Validated malicious signatures
  • Domain scoring

Artboard 1 copy 5

Using these tools together, we can attribute bad ads to a signature for tracking and blocking purposes. Throughout the process, we continually vet all signatures to minimize false positives and make certain we properly classify the bad actors.

3. Threat Blocking: Dropping the Hammer on Bad Ads

As meticulous as we are during the threat identification and analysis stages of the strategy, it wouldn't do much good if the result disrupted page performance and third-party reporting. But that's why we're so adamant about our unique combination of blacklist and in-browser scanning blocks – it gives our customers the best of all worlds:

  • Flexible integration & ad replacement options
  • An optimized blacklist that minimizes latency
  • In-browser analysis that doesn't impact delivery or cause discrepancies

The way we see it, it's not as easy or straightforward as simply blocking the malicious code. The different types of bad ads – malware & redirects, IAB non-compliant ads, data leakage – shouldn’t make it to the page in the first place. However, removing one script, albeit a malicious one, doesn't mean that other parts of the creative won't be problematic, like the click-through URL, for instance. A genuinely comprehensive solution doesn't take shortcuts or make assumptions. Instead, it leaves no ad fraud stone unturned. And the best ones do it without affecting viewability or page performance.

Real-Time Ad Blocking in the Wild: The Coronavirus

To demonstrate just how quickly fraudsters can find a weakness and exploit it, we don’t have to look further than the huge chasm in the ecosystem created by the coronavirus pandemic. Advertisers have hit the pause button on campaigns as they reassess what the best course of action is going forward. However, publishers still have overhead to meet in the interim, meaning something must fill the revenue gap and empty ad slots while advertisers weigh their options. And who, exactly, rushed into those voids? You guessed it. Fraudsters.

But it’s not just a matter of filling a lucrative void that has bad actors loving life at the moment. Because of mandatory shelter-at-home orders, internet traffic is up nearly 20% since the beginning of the pandemic, putting it at levels on-par with Super Bowl traffic. However, unlike the Super Bowl, traffic is staying at these elevated levels rather than dropping back down after a football game.

Artboard-1-copy-4 (1)

So what have fraudsters done to parlay these unique circumstances into a digital goldmine? First, there’s been a massive spike in coronavirus-related domain registrations, peaking at over 5,000 new domains a day in late March. Unfortunately for users, these domains are 50% more likely to infect their systems with malware. This data coincides with the massive 113% increase in blocked ads we saw at Ad Lightning starting in late February as compared to the three months leading up to the crisis.

On the phishing front, fraudsters are using creative from the World Health Organization (WHO) to trick users into following a link that leads to a malicious landing page. From there, a popup screen asks users to provide the login information for their personal email addresses, which, as you probably guessed, goes directly to the black hats. And this is just one of several different examples we could cite.

Granted, the COVID-19 crisis has created especially fertile ground for fraudsters. However, these examples aren’t exclusive to a massive triggering event like a global pandemic. The bad guys are always this quick and agile, constantly looking for new places and ways to infiltrate the ecosystem, then attacking them with all their might. What’s especially concerning is the speed they react, where, again using their coronavirus-related maneuvers, it only took them a matter of days to identify weaknesses and exploit them.

Download: The 2020 State of Ad Quality Report

Do we want to sound so cynical about the reality of the digital ad ecosystem? No, of course not. But any publisher or ad exchange that doesn't take proper precautions against advertising fraud exposes all participants to bad ads and their corrosive effects. And that's why Ad Lightning exists – to keep the ecosystem safe, ad impressions robust, and ad revenue flowing. For the online advertising community not to feel like the wild west anymore, it needs to hire the right sheriff.