bot assaults - iqpc corporate · 2017-05-09 · hidden to user, ad-clicking and browsing as a...
TRANSCRIPT
IDO SAFRUTI CTO & FOUNDER
PERIMETER X
JACK CHIANG MODERATOR
AND THE DRAG ON MARKETING BOT ASSAULTS
JAMIE CLARKE CEO, LIVEOUTTHERE.COM
© 2016 PerimeterX™ - Proprietary and Confidential
WHY SHOULD I CARE ABOUT
$7.2 Billion what Ad fraud will cost marketers by end of 2016 (ANA)
Half of all online ads are never seen by a human being (ComScore)
8% of impressions have the opportunity to be seen by a real person (Tatoris/Media post)
Lead gen programs - affiliate fraud on leads
Programmatic buys
Ad buys / Ad effectiveness
Referral - affiliate attribution fraud on commerce
© 2016 PerimeterX™ - Proprietary and Confidential
WHY SHOULD I CARE ABOUT
$4.5 billion US spend on affiliate marketing in 2016
10% annual growth through 2020
4 in 5 advertisers/merchants and publishers/affiliates embrace affiliate marketing
Lead gen programs - affiliate fraud on leads
Programmatic buys
Ad buys / Ad effectiveness
Referral - affiliate attribution fraud on commerce
Rakuten / Forrester
Anecdotal evidence: High Marketing program spend ● (e.g. Affiliate program)
Business challenge: Attribution. Why such a big deal?
● Can you trust your data?
Business impact: Forecast marketing impact, ● Actionable revenue data
The Reality of Decision Making
BOTS IMPACT MARKETING
© 2016 PerimeterX™ - Proprietary and Confidential
INCOME EXPENSE
Waste of Marketing Spend
Revenue Loss / Depressed Results
Skewed Analytics
10% of a typical company spend on marketing but 20-50% with Internet-centric companies driving growth Fraud skews data to inflate or deflate channel, budget allocated to wrong channels Funded or overfunded channels don’t perform, it affects P&L
© 2016 PerimeterX™ - Proprietary and Confidential
MARKETING FRAUD - BOT EVOLUTION
Gen 4 Bots
Gen 3 Bots
Gen 2 Bots
Gen 1 Bots
Primitive clicker bots - hosted bot farms, no true js support
Extension bots - tapping onto user’s activity, and manipulating it
Bot-nets - based on malware infected computers, working regardless
of the user’s activity
Modern clicker bots - hosted bot farms, with simulated browsers
© 2016 PerimeterX™ - Proprietary and Confidential
SCENARIOS
Ad buys / Ad effectiveness
Programmatic buys
Lead gen programs - affiliate fraud on leads
Referral programs - affiliate attribution fraud on sales
© 2016 PerimeterX™ - Proprietary and Confidential
BOT FRAUD
Probably about 50 percent of what you’re spending online is being stolen from you
AD BUYS
PROGRAMMATIC
LEAD GEN
ATTRIBUTION Bob Hoffman / Ad Contrarian
© 2016 PerimeterX™ - Proprietary and Confidential
BOT PROBLEM
HEINEKEN - $150 MILLION AD BUDGET
• In 2013 found were getting $2 revenue for $1 digital ad spend vs $6:1 revenue for TV, something was very wrong ….
• Only 20 percent of the campaign’s “ad
impressions” — ads that appear on a computer or smartphone screen—were even seen by actual people.”
http://www.bloomberg.com/features/2015-click-fraud/
© 2016 PerimeterX™ - Proprietary and Confidential
CLICK FRAUD
Cloud-based bot network generates false impressions or clicks
Computer with bot-net malware ● Hidden to user, ad-clicking and browsing as a service
Publishing and tracking/counting non-viewable ads ● “Click traps”/hidden ads; 1 px non-viewable delivered ads
© 2016 PerimeterX™ - Proprietary and Confidential
BOT FRAUD
10-20% AD display traffic BOTS
50% of publisher traffic BOTS
AD BUYS
PROGRAMMATIC
LEAD GEN
ATTRIBUTION
http://www.adweek.com/socialtimes/ why-programmatic-is-the-future-of-digital-display-advertising-infographic/639184
© 2016 PerimeterX™ - Proprietary and Confidential
PROGRAMMATIC
Advertising inventory offered, bid on, and fulfilled in the blink of an eye
• In 2016, programmatic will account for 63% of display ad spending
• By 2020, programmatic could account for
85% of targeted banners and 67% of streaming video ads
http://www.adweek.com/socialtimes/why-programmatic-is-the-future-of-digital-display-advertising-infographic/639184
© 2016 PerimeterX™ - Proprietary and Confidential
PROGRAMMATIC ADS
All the direct ad fraud campaigns -- on steroids
More middlemen = easier to hide
© 2016 PerimeterX™ - Proprietary and Confidential
PROGRAMMATIC ADS
Evaluate sources of traffic, decide how to pay
Time of day, browser version, Flash version all indicators of bot
In the aggregate, older browsers/Flash, at night, are bots - you can see this in Google Analytics
Specifically can use tools to vet requests and sources
01
02
© 2016 PerimeterX™ - Proprietary and Confidential
BOT FRAUD
AD BUYS
PROGRAMMATIC
LEAD GEN
ATTRIBUTION AFFILIATE - LEAD GEN
© 2016 PerimeterX™ - Proprietary and Confidential
LEAD GEN FRAUD
… Bots won’t make purchases or fill out
online forms.
No longer true … they will
It’s easier to fake a lead than a sale • More susceptible to fraud and vulnerable to frequent
attacks • How do you enforce quality up front, how do you
detect fraud sooner than later
Impact • Referral dollars wasted to fraud • Worthless prospects / leads • Skewed analytics - can you trust your data to know
what to scale?
© 2016 PerimeterX™ - Proprietary and Confidential
AFFILIATE FRAUD - SKEWED ANALYTICS
Used 2013 and 2014 Q4 data to project 2015 Q4
goals
Fraud uncovered, removed the publishers from the
program
Missed their Q4 goals by 33%
01 02 03
© 2016 PerimeterX™ - Proprietary and Confidential
BOT FRAUD
… one of the top five customer acquisition channels is affiliate marketing ...
AD BUYS
PROGRAMMATIC
LEAD GEN
ATTRIBUTION AFFILIATE - REFERRAL PROGRAMS
© 2016 PerimeterX™ - Proprietary and Confidential
AFFILIATE / REFERRAL FRAUD
Man in the browser attack 1 Malware in browser extension 2 Watches sites, gets referral id, associates with user (overwrites other referral if present) 3
© 2016 PerimeterX™ - Proprietary and Confidential
AFFILIATE / REFERRAL FRAUD
One domain list with over 66,000 entries • 105 of top 120 ecommerce
(according to IR500) • >85% of them in Alexa top
1M
© 2016 PerimeterX™ - Proprietary and Confidential
LIFECYCLE OF MALICIOUS EXTENSIONS
Published in browser
store
Get fraud campaign
instructions from C&C
Dormant waiting period
Executes background
click and referral links
Downloaded by real user
Retrieves payload of target websites
Offer completed
Wait for user to access
targeted site Delay user from accessing the page
“Release” user to load site, claiming
attribution
REFERRAL FRAUD - SKEWED ANALYTICS
• Skewed analytics across multiple internet marketing channels • Malware in extension will always win in any last-click attribution model • Lose actual source of traffic (organic, SEO, SEM, Display), resulting in
lower ROAS for these channels • Double-paying across channels a concern • Can affect revenue forecasting and budget allocation across channels
• Skewed analytics within affiliate channel
• Steal attribution from another affiliate • Upset and lose credibility with legitimate affiliates • Zero incrementality since fraudulent affiliate don’t actually run any
campaigns or proactively promote your brand
© 2016 PerimeterX™ - Proprietary and Confidential
DO YOU AGREE? WHEN FRAUD FOUND ...
we think it was an isolated incident, that publisher has
been removed
we’ll take it internally from
here
… or NO response at all
© 2016 PerimeterX™ - Proprietary and Confidential
TAKE ACTION
BOT FRAUD
NEXT STEPS
© 2016 PerimeterX™ - Proprietary and Confidential
NEXT STEPS
Break the model for fraudsters
Don’t buy into futility of
‘arms race’ / mutual escalation of
technologies and capabilities
Measure it / Monitor it Benchmark where you are today • Inbound traffic • Advertising quality
Manage it Clean up traffic to your site, your programs • ROI gains for programs • Enhances your metrics
Implement high value, low relative cost measures • High hassle factor and barrier to fraudsters • High return to effort and investment
© 2016 PerimeterX™ - Proprietary and Confidential
PERIMETERX BOT DEFENDER
• Increasingly more sophisticated attacks to websites • Business & financial impact across the organization • Cloud architecture, distributed website deployments
Today’s environment
• Architecture — any deployment, any scale • Accuracy — behavioral fingerprinting detects
threats invisible to today’s solution • Ease/Speed of Integration — activate monitoring
in minutes, powerful reporting
Solution: PerimeterX Bot Defender
Behavioral Fingerprinting
Automated Detection
5 Minute Integration
Behavioral-based Web Protection
© 2016 PerimeterX™ - Proprietary and Confidential
ARE YOU UNDER ATTACK?
Check your website: https://tools.perimeterx.com
IDO SAFRUTI CTO & FOUNDER
PERIMETER X
JACK CHIANG MODERATOR
JAMIE CLARKE CEO, LIVEOUTTHERE.COM
Q & A