2015 was the first year when the advertising industry started to widely talk about ad fraud. It is also the first year when the advertising industry started to understand its own involvement in ad fraud, and saw that no longer it would be possible to pretend that itself was not the one who made the most money out of the rampant fraud in its systems. It does not come as a surprise that few are willing to openly discuss what 2016 may bring.

If you have not read the first part of this article, or want to know why you should care about what I have to say, you can read part 1 here:

Ad Fraud Predictions Nobody in Adtech Wants to Make — part 1

Without further ado, let’s go to the remaining 4 points, including the reasoning for why next year this time ad fraud will be much bigger. But first, a quick review of the 8 points below.


1 A credible overall baseline for ad fraud will be established, with accurate local data available for some markets

2 More evidence will emerge about involvement of leading advertising companies in ad fraud and their earnings related to it

3 Those advertising technology companies that are aiming for an IPO will have their SEC filings (related to ad fraud) heavily scrutinized

4The legitimacy of the claims and capabilities of anti ad fraud vendors will be put under thorought investigation

5 Misleading marketing tactics and empty promises of advertising technology companies in regards to ad fraud will be exposed

6 Ad fraud becomes better understood as a major threat to the society and the advertising technology industry is forced to take security seriously

7 Government regulators and law enforcement take more active role in fighting ad fraud, the biggest and fastest growing cybercrime

8 Total ad fraud revenue and damages will continue to grow in substantial measures

Now I will cover the remaining 4 points.



What we have now, is a system where advertising technology companies refer to capabilities provided by 3rd-party vendors as their own ability to promise something to their customers. An example of this is where an advertising exchange refers to Pixalate’s Seller Trust Score in order to gain credibility and trust.

The other example is where an ad network or other advertising technology company gives out a guarantee for fraud free inventory based on a 3rd-party technology such as Integral Ad Sciences.

As a result, we have companies saying “we’re taking care of ad fraud” and providing guarantees to back those claims up, solely based on a solution from a company that may not be fit to provide such a solution in the first place. We know these companies are offering solutions, but we also know that some of the companies are not built for offering such solutions.

There has to be a greater discussion about the relationship of ad fraud and security, and how only genuine security companies are in the position to effectively tackle it. Because very little have been done for the past 20 years in regards to ad fraud, the argument for being a credible vendor can’t be based on delivering some result upon adoption. Ad fraud does not need a new kind of ad company, it needs a new kind of security company. The culture of the company can not come from advertising.

As a point of reference about effectiveness, I can look at anyone’s data, and in about 10 minutes create a blacklist that will remove ~10% of waste. This list can then be applied easily across various already present points in the programmatic transaction chain. That is really the dumbest way to do it, and yet it will yield result every time.



IAB has made many bold comments about ad fraud, ad blocking and now the latest about Malvertising. To use Malvertising as an example, it is very important for the advertising technology companies to understand that malvertising, because of their systems, is currently a major threat to civil society. It is more important for the industry to make comments about how easy it is to get 3rd-party tags on ad calls, and how that is really making Malvertising possible.


I have said this before, and will say it again:

If there is any help we can provide IAB in order to have a better understanding of the various malicious activities in their supply-chain, that is exactly the kind of thing botlab.io is here for.

Ad fraud and malvertising are both security problems, and that is why advertising technology companies have to take security more seriously. IAB should be leading this transformation.

If that is not enough, to adopt a new mindset in regards to security, then it will have to be done for the vast amounts of user data these companies collect and hold. As the below highlight clearly articulates, an advertiser client may be held liable in case of a breach with vendor they are using.



Ad fraud is the single biggest and fastest growing form of cybercrime. It runs on the systems built and controlled by IAB’s members, which are also proven to be the greatest beneficiaries of ad fraud. It has been shown that Google, IAB’s biggest member, has an accounting practice where they know a certain traffic event is bot, but they still invoice their customer for it. Leader of the IAB suggested suing ad blocking companies. So far, IAB has only been able to articulate concerns of revenue and growth. As a result, we have a dialogue about ad fraud that borderlines satirical at best, and at worse works to attract new cybercriminals to ad fraud.

As one example of lack of substance in the vendor-led dialogue, there is almost no discussion about money-flow (i.e. vendors inevitably make most of the money from ad fraud) or the damage ad fraud causes to advertisers and the society. Because the industry is not talking about the right problems, it ends up working on the wrong solutions.

There has been no mention about the urgency ad fraud has to those companies that are involved in low involvement product categories. In such a category half of total sales could be a result of advertising, and in that way ad fraud becomes a much greater threat to the business of that company than for example someone selling insurance. If IAB talks about this, and other important issues in regards to money-flow and damages, then others will do it more too. IAB is a real influence in the market place.

The negative effect ad fraud has on a given company’s business is based on the kind of product it is selling.

An even more important point is how ad fraud effects national economies. The really big threat is with more money moving to digital, where previously secured investments become exposed to ad fraud.

For example in US 2/3 of GDP is consumer spending, and maybe 20% of consumer spending is from advertising.

The industry IAB leads and brings together (adtech vendors), finds itself in a position of great responsibility. As its significance both in internet and as a driver of economies grows, advertising technology industry finds itself increasingly as a guardian of civil society. This point seems hard to argue.

The question is, if IAB and its spin-off TAG are supposed to be the Watchmen of all of this, then who is supposed to watch them?

Who is watching the watchmen?

In 2016, as advertiser trade bodies have already stepped up their wider transparency probes, it will become painfully clear how poorly equipped the vendors are to deal with ad fraud as it is. If not before, at that point we’ll have to come back to the question of oversight.

As EU is increasingly interested in the intersection of privacy and advertising technology, it seems that it’s only a matter of time when ad fraud peaks their interest. That will in turn raise many questions about the way malicious activity and malpractice in the advertising eco-system negatively effect the European society. I think many will be interested in the impact of ad fraud, and effectively countering it, on GDP.

With conversation moving away from vendor interested to investor interested (advertisers and financial market investors) and society interested, it is natural for government regulators and law enforcement agencies to see an increasing role for themselves in dealing with the threat to society ad fraud creates. Not only because of its criminal nature, but because of the corruption it creates in advertising delivery companies.

Before you can slay the many headed monster, you have to know the way it functions.



The first reason why ad fraud will grow, is because more of the non-digital TV money moves to programmatic. Related to this, some of the leaders in the TV space are making comments to the extent that TV buys are somehow saved from ad fraud.

I explain in great detail why that is not true, and why media investors should keep their TV money where it is until there is better understanding of how ad fraud plays out with their investment. You can read it here:


With just few percentile of TV spending moving to programmatic, the potential ad fraud market doubles. Other previously non-digital advertising moves to digital advertising, and further increases the “TV” effect.

The important point for vendors is that nobody in ad fraud research or counter ad fraud ops are equipped to deal with that kind of cybercrime market at this point in time. The important point for advertisers is that TV is working just fine where it is, so there should be no rush to move it to a more exposed environment. Simply put, the more money advertisers move to digital and programmatic, the harder it becomes to solve any part of the ad fraud problem.

Basically bigger the market, the more bad guys will want to be part of it, and more there will be competition among those that are part of it. Which is the second reason why ad fraud is going to grow. As the media sensationalize the topic, ad fraud gets the attention it needs to break out of its internet marketing roots, and reach the attention of business developers of organised crime.

The third reason why ad fraud will keep growing, is the inevitable move of money from non-programmatic (digital) transactions to programmatic transactions. Sometimes non-programmatic transactions have advantages over programmatic transactions in terms of exposure to fraud and the difficulty of dealing with it. In other words, at the moment more programmatic may just mean more fraud. We know there will be more programmatic.

The fourth reason is that with ad fraud, there is an incentive for much bigger botnets, and with IoT and and IPv6, really big botnets are relatively straightforward to build and manage. With motivation and capability meeting in this way, we will see increasingly large ad fraud botnets. This will make botnet traffic more available and more affordable and we will have a real risk of assuming part of it in to an accepted industry baseline. Without realising that the dollar value of that baseline will grow 10x over the next decade with everything else staying the same.

The fifth, and perhaps the most important of the reasons, is that adtech as an industry is alone with the ad fraud problem and is not equipped to deal with it effectively. For example the spam site aspect of ad fraud is not actively researched by anyone outside of the ad industry. Ad fraud is a security problem, and there is almost no security culture or capability or interest within the advertising technology industry. Because it’s advertising, security researchers are reluctant to come to its aide.

In short, even if the industry itself became a whole lot better in understanding and countering ad fraud, ad fraud would still substantially grow. When you run the numbers, I’m assuming there are very few scenarios where this time next year we have a better situation in terms of ad fraud related revenue and damage.

Because ad fraud is a problem for business and society, it should be measured in absolute terms (dollars) as opposed to relative terms (%). As more money moves to digital advertising, the signifance of digital advertising in society becomes greater. If we have 40% on a base of $50 billion, it’s much better than having a 10% on a base of $500 billion. That’s the bigger view advertising technology needs to learn to appreciate.

If you like what you have read, please hit the green Recommend button below so that others may stumble upon this article as well.

More like this on Twitter @mikkokotila

Join botlab.io FREE from the website www.botlab.io




Leave a Reply

Your email address will not be published. Required fields are marked *