Several weeks ago there was a weird issue where webmasters were noticing a greatly increased number of direct traffic referrals with some off similarities, such as older versions of Internet Explorer. As it continued, webmasters began to realize it was a retargeting spammer, and one of the largest retargeting networks, AdRoll, was the most noticeable target, and as such, it became known as a AdRoll Retargeting Bot.
AdRoll wasn’t the only network targeted, they just happened to be the most visible due to their numbers. AdRoll reached out to ask if they could explain in a bit more detail what happened, why it happened, and what AdRoll (and presumably other similar networks) are doing to prevent this kind of occurrence happening again.
Over the past few decades, the half trillion dollar global advertising industry has made a noticeable shift from analog to digital. In a survey by the Winterberry Group and IAB, more than four-fifths of advertisers already use auction-based ad buying tools like RTB, and more than 90% expect to use RTB within the next two years. However, one of the headwinds to this transition is the set of challenges stemming from the existence of invalid traffic, which can exist for a number of reasons, some malicious and some incidental.
Malicious invalid traffic occurs when impressions generated from sites artificially inflate the advertiser cost and publisher revenue, but does not translate into conversions for the advertisers. This type of invalid traffic shows no bias within the industry, leaving all ad exchanges vulnerable to fraudulent traffic. Each ad exchange, network and DSP have different types of checks and automated tools in place to detect and ban offending publishers. Unfortunately, none are absolutely foolproof, yet the industry as a whole strives to stay a step ahead of the fraudsters. On the other hand, there are some sources of invalid traffic that are innocent and benign, sure as measurement bots and legitimate bots that provide analytics.
Two weeks ago, AdRoll was affected by invalid traffic. The most important thing the industry can do when one of these events happens is to diagnose the issue and make improvements. In that spirit, there was a fair amount of confusion over the nature of the issue so we thought it would be helpful to clear up some misconceptions. The bot did not target AdRoll specifically, rather it came from an inventory source. The invalid traffic was most noticeable from AdRoll because of the size of our customer base.
Due to the nature of our business (i.e. retargeting), we generally have a smaller chance of being impacted by invalid traffic issues, but we know it is impossible for any advertising company to have an entirely invalid traffic-free inventory. However, there were some lessons learned on how we can avoid compromised sites and minimize damage in the future.
There is not yet a way to catch or pre-filter for 100% of these types of incidents, but we’ve outlined what we’ve learned from our experience last week and have compiled some recommendations for other networks or DSPs to minimize the effects of invalid traffic. By preparing checks and balances, we can be better equipped as an industry to combat comprised ad inventory.
- Find the root of the issue. At the first sign of an incident, all advertising partners involved including the advertiser should investigate which publishers are causing the invalid traffic. These publishers could be blocked immediately, but this would give the fraudulent publishers a warning and encourage them to find another way. An alternate approach is to let the ads be served on the specific sites, but stop payment to the fraudulent publisher. This way the publisher is not forewarned, but neither does the advertiser get charged.
- Do right by your customers. Advertising companies should plan to repay the advertisers impacted by the issue, no questions asked.
- Prepare for the future. Make sure that you have a Trust and Safety team in place that can jump in immediately in case of an incident and do everything needed to stop it as well as dedicate their time and resources on an ongoing basis for to review inventory quality. You can also work with partners such as The Media Trust to go through advertiser and publisher content for approval.
- Bring security and analytics together. By analyzing patterns of safe traffic vs invalid traffic, multiple methods to detect invalid traffic could surface. Some examples are: advertising companies could check for the timestamp between the impression served and the ad being clicked. Too little or too much time should be a red flag. Also check for the IP address of the ad impression served and the ad click. Bots might end up having different IP addresses. Networks should fine-tune these algorithms often to accommodate for more patterns being detected or if in case the checks are resulting in large number of false positives.
- Work with supply partners to prevent invalid traffic. DSPs/networks and supply partners should work hand in hand to ensure that they are doing their part to pre-filter suspicious publishers.
At AdRoll, we put our customers first and will continue to optimize the checks and balances we have in place to deliver the highest quality ad inventory. Invalid traffic affects the entire advertising industry and while there is no current solution for compromised inventory, we believe driving awareness and transparency is the first step in combating the issue.
Product Marketing Manager at AdRoll
Pangal does raise some interesting questions – do many (or any) of the networks currently work together to combat these types of issues? In a sense, many of them are competitors. However, sharing information to combat spammers is in the best interests of both the companies and their customers – and AdRoll sharing some of their tips for catching invalid clicks is definitely useful for all kinds of networks, and not just those who are dealing with retargeting.
Latest posts by Jennifer Slegg (see all)
- Hackers & Phishers Using Google’s AMP URLs to Disguise Malicious Links - October 25, 2016
- Google’s Manual Actions Not Showing Up In Google Search Console - October 25, 2016
- Using Strikethrough Text on Google AdWords Ads - October 25, 2016
- Google Testing Icons on Mobile Sitelinks - October 24, 2016
- Google Showing Featured Snippets for Site: Searches - October 24, 2016