Man
Professional
- Messages
- 3,077
- Reaction score
- 614
- Points
- 113
Ad fraud is a profitable business. Until recently, cybersecurity experts compared different types of cybercrime and came to the conclusion that click and other fraudulent forms of interaction with ads turned out to be one of the most profitable and least risky.
The scam generates millions of dollars for cybercriminals every day. Attackers generate income by clicking ads, watching video ads, buying tickets, deception with attributions, etc.
The average cyber fraudster who specializes in this particular form of fraud earns from 5 to 20 million per year. The average hacker group gets "a lot more," says Luke Taylor, COO of TrafficGuard. In other words: they earn more than drug dealers.
In this article, we will tell you how and how much cybercriminals earn from various forms of fraud with digital advertising. Let's take a look at botnets and click farms that bring in millions for cyber crooks, as well as touch on affiliate marketing scams.
Table of Contents
1. Making money on botnets
1.1. Where botnets are used
1.2. How much does a botnet cost?
1.3. Botnet Examples and Earnings Level
2. Making money on click farms
2.1. Where click farms are used
2.2. How much do click farms cost?
2.3. Examples of Making Money on Click Farms
3. Making Money From Affiliate Marketing Scams
3.1. What is it?
3.2. Examples of damage from fraud on affiliate programs
4. How to Protect Ads from Fraud
Botnets waste advertising budgets, distort marketing metrics, and confuse marketers. They are also responsible for carrying out devastating DDoS attacks, the purpose of which is to take the site down and limit organic traffic.
Botnets are scaling, becoming more complex, and acquiring new functionality. In addition to clicking and buying views, cybercriminals use them for unauthorized access to devices, theft of personal data and hijacking accounts, DDoS attacks, etc.
Botnets are very effective at clicking digital advertisements, so they pose a particular threat. Botnet operators carry out full-scale attacks on advertising campaigns that cost advertisers millions of dollars. Advanced botnets are the hardest to detect.
Clicker bots as part of such networks click on everything, primarily ads on monetized sites that belong to scammers. Thus, attackers increase their income through invalid clicks.
Generate views
These bots are created to generate fake ad and video views. These can be CTV devices (TV with Internet access), streaming services, video hosting (YouTube). Bots similarly inflate impressions and ruin advertisers.
Below is a list of the most well-known botnets that have proven to be disastrous for advertisers:
Methbot
Cybersecurity experts from HUMAN (formerly WhiteOps) investigated the work of Methbot in 2016. It is the largest botnet created for ad fraud. At the peak of its development, it helped its owners earn from 3 to 5 million dollars a day.
With the help of the Methbot botnet, the attackers generated from 200 to 400 million invalid ad views from 500 thousand fake IP addresses.
This discovery helped anti-digital fraud specialists understand the structure of fraudulent networks, which further formed the basis for the development of technologies to combat botnets.
DrainerBot
Discovered in early 2019. It was a particularly insidious example of how botnets work. With its help, cyber fraudsters earned more than 40 thousand dollars a day.
More than a million smartphones based on Android OS were infected with it. The malware got to the devices after the user downloaded certain malicious applications belonging to the cybercriminal group.
Users had no idea that their device did not belong only to them, but turned into a "zombie" and performed tasks sent by the botnet operator. The attackers ran video ads in the background. Such actions did not pass without a trace for the user himself, since the malware quickly drained the battery, hence the name DrainerBot.
So far, cybersecurity experts have not found those responsible for this botnet, but since its discovery, the number of infections has decreased.
HyphBot
The Hyphbot botnet was a sophisticated fraud technology that generated more than $200,000 per day for fraudsters. It was discovered by Adform, a company that specializes in digital advertising. Then its specialists noticed that expensive — premium — traffic comes from fake sources that do not match the data specified in the ads.txt file.
As it turned out, an extensive botnet was behind this problem. In the U.S. alone, it had more than 500,000 IP addresses. It was on this scheme that the attackers made money. Many advertisers paid up to $14 per 1000 impressions of fake traffic.
3ve
HUMAN has nicknamed the 3ve botnet (pronounced "Eve") "the mother of all botnets." It was a large-scale and sophisticated botnet that was eventually shut down by intelligence agencies and cybersecurity companies.
The botnet contained 1.7 million IP addresses and compromised more than 700 thousand active computers. Users were unaware that their computers were infected with malware as it was running in the background.
Botnet activity was seen between 2013 and 2018. To infect user devices, cybercriminals used the Boaxxe and Kovter malicious packages.
According to experts, with the help of 3ve, scammers generated fake ad clicks, which cost advertisers $30 million. Fraudsters generated revenue from more than 60,000 fake ad accounts, with more than three billion fake ads launched daily.
In the end, HUMAN, Google, the Department of Homeland Security, and the FBI joined forces to disrupt the activities of this cyber crook group. The scale of the effort to shut down 3ve clearly shows just how serious a problem botnets can become.
In the first case, the owners of the farm create fake sites, monetize them and use the work of clickers to buy traffic and clicks on ads. The more workers they hire, the higher the income. That is why it is beneficial for a click farm to reduce the cost of employees as much as possible.
In the second case, they offer their services to buy indicators and ratings. For example, 1000 clicks or 500 retweets for $10. If you look at the Russian segment of business, then for 1000 cheated likes, operators ask for about 220 rubles.
Below is a screenshot with an example of the earnings of a performer with a book, who generates installs of certain mobile applications and completes tasks.
Fraudulent partners use the following three most popular deception techniques:
Brothers Andrew Chiu and Allen J. Chiu was found guilty in 2012 of fraudulent coupons and cashback worth more than $1.4 million against Nordstrom. According to the FBI, the men acted through FatWallet, a site that compars prices for computer goods and electronics, which promoted various online stores by offering coupons and cashback for purchases. The FatWallet website paid the Chiu brothers cashback for purchases made at various online stores, including Nordstrom.com.
In January 2010, the brothers discovered a vulnerability in Nordstrom's ordering system. They placed orders that were eventually blocked on the company's side. As a result, Nordstrom paid them $1.4 million in rebates and commissions and more than $650,000 in cashback.
eBay and $35 million
Two top marketing partners of the online marketplace eBay were convicted of fraud in 2013. Sean Hogan, CEO of successful marketing company Digital Point Solutions, has been sentenced to five months in federal prison for his role in a $28 million to $35 million commission fraudulent eBay operation.
To deceive the marketplace, he used cookie substitution. To detect fraud, eBay even created an online tracking service called "Tripwire" to track fraudulent traffic. As a result, the second fraudulent partner, Brian Dunning, was also discovered. According to court documents, the company paid a total of $35 million in commissions to Hogan and Dunning over the years.
The king of digital fraud and $7 million
In 2018, US police arrested Russian Alexander Zhukov, who allegedly stole more than $7 million from retailers. Lawyer Arkady Bukh, who was involved in this case, said that a huge flow of traffic was generated with the help of botnets. If earlier everything had to be done manually, now all this is done by bots.
Uber and $70 million
Uber vs. AdTech cases involving more than $70 million in attribution fraud. In 2019, Kevin Frisch, the former head of performance marketing at Uber, decided to reduce the company's mobile app advertising costs by $100 million - from $150 million to $50 million. For example, a monetizable source app with 1,000 monthly active users drove 350,000 installs of an Uber app. Upon further analysis, it turned out that most users clicked on ads, installed the app and opened it — all this happened in a couple of seconds. This is only possible with automated scripts.
Generating installs of advertised apps is a considerable business, bringing fraudsters, by AppsFlyer's standards, $118 billion per year (as of 2022). Some advertisers who are aware of such fraudulent cheats have become less likely to pay just for installs. Instead, they pay for users who have not only installed it, but also actively use it: complete a level in the game, sign up for a paid subscription, or buy goods.
Fraudulent clicks, views, installs occur daily. To prevent or at least reduce them, it is necessary to use special means of protection of advertising campaigns, sites and applications.
Source
The scam generates millions of dollars for cybercriminals every day. Attackers generate income by clicking ads, watching video ads, buying tickets, deception with attributions, etc.
The average cyber fraudster who specializes in this particular form of fraud earns from 5 to 20 million per year. The average hacker group gets "a lot more," says Luke Taylor, COO of TrafficGuard. In other words: they earn more than drug dealers.
In this article, we will tell you how and how much cybercriminals earn from various forms of fraud with digital advertising. Let's take a look at botnets and click farms that bring in millions for cyber crooks, as well as touch on affiliate marketing scams.
Table of Contents
1. Making money on botnets
1.1. Where botnets are used
1.2. How much does a botnet cost?
1.3. Botnet Examples and Earnings Level
2. Making money on click farms
2.1. Where click farms are used
2.2. How much do click farms cost?
2.3. Examples of Making Money on Click Farms
3. Making Money From Affiliate Marketing Scams
3.1. What is it?
3.2. Examples of damage from fraud on affiliate programs
4. How to Protect Ads from Fraud
Making money on botnets
A botnet is a network of infected internet-facing devices controlled by a cybercriminal. They cause serious damage to advertising campaigns and not only them.Botnets waste advertising budgets, distort marketing metrics, and confuse marketers. They are also responsible for carrying out devastating DDoS attacks, the purpose of which is to take the site down and limit organic traffic.
Botnets are scaling, becoming more complex, and acquiring new functionality. In addition to clicking and buying views, cybercriminals use them for unauthorized access to devices, theft of personal data and hijacking accounts, DDoS attacks, etc.
Where are botnets used?
Click bots, clickBotnets are very effective at clicking digital advertisements, so they pose a particular threat. Botnet operators carry out full-scale attacks on advertising campaigns that cost advertisers millions of dollars. Advanced botnets are the hardest to detect.
Clicker bots as part of such networks click on everything, primarily ads on monetized sites that belong to scammers. Thus, attackers increase their income through invalid clicks.
Generate views
These bots are created to generate fake ad and video views. These can be CTV devices (TV with Internet access), streaming services, video hosting (YouTube). Bots similarly inflate impressions and ruin advertisers.
How much does a botnet cost?
The cost of renting or operating a botnet depends on the number of devices in the network, the type of attack, scenario, source, and target. According to Kaspersky Lab experts, a DDoS attack on a site that is not protected by cybersecurity systems can cost no more than $100, while a protected resource can cost more than $400.Botnet Examples and Earnings Rate
Over the years, there have been many hacking groups that have specialized in ad fraud. Their networks expanded and acquired new functionality to maximize their income.Below is a list of the most well-known botnets that have proven to be disastrous for advertisers:
Methbot
Cybersecurity experts from HUMAN (formerly WhiteOps) investigated the work of Methbot in 2016. It is the largest botnet created for ad fraud. At the peak of its development, it helped its owners earn from 3 to 5 million dollars a day.
With the help of the Methbot botnet, the attackers generated from 200 to 400 million invalid ad views from 500 thousand fake IP addresses.
This discovery helped anti-digital fraud specialists understand the structure of fraudulent networks, which further formed the basis for the development of technologies to combat botnets.
DrainerBot
Discovered in early 2019. It was a particularly insidious example of how botnets work. With its help, cyber fraudsters earned more than 40 thousand dollars a day.
More than a million smartphones based on Android OS were infected with it. The malware got to the devices after the user downloaded certain malicious applications belonging to the cybercriminal group.
Users had no idea that their device did not belong only to them, but turned into a "zombie" and performed tasks sent by the botnet operator. The attackers ran video ads in the background. Such actions did not pass without a trace for the user himself, since the malware quickly drained the battery, hence the name DrainerBot.
So far, cybersecurity experts have not found those responsible for this botnet, but since its discovery, the number of infections has decreased.
HyphBot
The Hyphbot botnet was a sophisticated fraud technology that generated more than $200,000 per day for fraudsters. It was discovered by Adform, a company that specializes in digital advertising. Then its specialists noticed that expensive — premium — traffic comes from fake sources that do not match the data specified in the ads.txt file.
As it turned out, an extensive botnet was behind this problem. In the U.S. alone, it had more than 500,000 IP addresses. It was on this scheme that the attackers made money. Many advertisers paid up to $14 per 1000 impressions of fake traffic.
3ve
HUMAN has nicknamed the 3ve botnet (pronounced "Eve") "the mother of all botnets." It was a large-scale and sophisticated botnet that was eventually shut down by intelligence agencies and cybersecurity companies.
The botnet contained 1.7 million IP addresses and compromised more than 700 thousand active computers. Users were unaware that their computers were infected with malware as it was running in the background.
Botnet activity was seen between 2013 and 2018. To infect user devices, cybercriminals used the Boaxxe and Kovter malicious packages.
According to experts, with the help of 3ve, scammers generated fake ad clicks, which cost advertisers $30 million. Fraudsters generated revenue from more than 60,000 fake ad accounts, with more than three billion fake ads launched daily.
In the end, HUMAN, Google, the Department of Homeland Security, and the FBI joined forces to disrupt the activities of this cyber crook group. The scale of the effort to shut down 3ve clearly shows just how serious a problem botnets can become.
Making money on click farms
A click farm is a "botnet on minimal wages", but instead of infected devices distributed around the world, it consists of a dozen smartphones and an operator – a person who manipulates them manually: installs applications on them, clicks on ads, buys likes on social networks, etc. They are most often found in the Philippines and other Asian countries.Where click farms are used
There are many possible use cases for a click farm. Among them:- clicking ads on your own sites;
- clicking on competitors' ads;
- installing applications;
- increasing coverage and buying indicators.
How much do click farms cost?
Click farms are inexpensive to use because they exploit cheap labor. For example, for 1000 clicks, a farm operator can earn $10. For an increase in the number of likes on social networks, let's say, by 10 times, sophisticated users can pay $50 per month.Examples of making money on click farms
The profit of click farms is formed mainly due to two sources of income: working for yourself or for the company.In the first case, the owners of the farm create fake sites, monetize them and use the work of clickers to buy traffic and clicks on ads. The more workers they hire, the higher the income. That is why it is beneficial for a click farm to reduce the cost of employees as much as possible.
In the second case, they offer their services to buy indicators and ratings. For example, 1000 clicks or 500 retweets for $10. If you look at the Russian segment of business, then for 1000 cheated likes, operators ask for about 220 rubles.
Making Money From Affiliate Marketing Scams
Fraud is faced not only by advertisers, but also by specialists who are engaged in affiliate marketing. According to fraud detection experts, about 9% of all attribution cases for ads on desktop, mobile devices, and apps are fraudulent. Attackers replace cookies, steal clicks, falsify installations, create fake duplicates of popular sites, etc.Below is a screenshot with an example of the earnings of a performer with a book, who generates installs of certain mobile applications and completes tasks.
What is this
Affiliate fraud is any fraudulent activity carried out for the purpose of illegally obtaining commissions. Unscrupulous partners try to attract as many referrals and targeted actions as possible by falsifying them or stealing someone else's attributions.Fraudulent partners use the following three most popular deception techniques:
- Cookie spoofing. With the help of cookie stuffing, affiliates generate fake clicks and visits to the site/app in order to increase commission payments.
- Fake leads. Attackers generate fake leads using bots and performers from exchanges to fill out application forms on websites and apps. In this case, they can use stolen personal data of third-party users, fake data, synthetic digital identities.
- Chargeback fraud. Cybercriminals use bots to make fictitious purchases, receive a commission for this, and then imitate a chargeback request.
Examples of damage from fraud on affiliate programs
Nordstrom and $1.4 millionBrothers Andrew Chiu and Allen J. Chiu was found guilty in 2012 of fraudulent coupons and cashback worth more than $1.4 million against Nordstrom. According to the FBI, the men acted through FatWallet, a site that compars prices for computer goods and electronics, which promoted various online stores by offering coupons and cashback for purchases. The FatWallet website paid the Chiu brothers cashback for purchases made at various online stores, including Nordstrom.com.
In January 2010, the brothers discovered a vulnerability in Nordstrom's ordering system. They placed orders that were eventually blocked on the company's side. As a result, Nordstrom paid them $1.4 million in rebates and commissions and more than $650,000 in cashback.
eBay and $35 million
Two top marketing partners of the online marketplace eBay were convicted of fraud in 2013. Sean Hogan, CEO of successful marketing company Digital Point Solutions, has been sentenced to five months in federal prison for his role in a $28 million to $35 million commission fraudulent eBay operation.
To deceive the marketplace, he used cookie substitution. To detect fraud, eBay even created an online tracking service called "Tripwire" to track fraudulent traffic. As a result, the second fraudulent partner, Brian Dunning, was also discovered. According to court documents, the company paid a total of $35 million in commissions to Hogan and Dunning over the years.
The king of digital fraud and $7 million
In 2018, US police arrested Russian Alexander Zhukov, who allegedly stole more than $7 million from retailers. Lawyer Arkady Bukh, who was involved in this case, said that a huge flow of traffic was generated with the help of botnets. If earlier everything had to be done manually, now all this is done by bots.
Uber and $70 million
Uber vs. AdTech cases involving more than $70 million in attribution fraud. In 2019, Kevin Frisch, the former head of performance marketing at Uber, decided to reduce the company's mobile app advertising costs by $100 million - from $150 million to $50 million. For example, a monetizable source app with 1,000 monthly active users drove 350,000 installs of an Uber app. Upon further analysis, it turned out that most users clicked on ads, installed the app and opened it — all this happened in a couple of seconds. This is only possible with automated scripts.
Generating installs of advertised apps is a considerable business, bringing fraudsters, by AppsFlyer's standards, $118 billion per year (as of 2022). Some advertisers who are aware of such fraudulent cheats have become less likely to pay just for installs. Instead, they pay for users who have not only installed it, but also actively use it: complete a level in the game, sign up for a paid subscription, or buy goods.
How to protect your ads from fraud
Unfortunately, the vast majority of ad fraud cases go unnoticed. And if advertisers do find them, they rarely end in costly lawsuits.Fraudulent clicks, views, installs occur daily. To prevent or at least reduce them, it is necessary to use special means of protection of advertising campaigns, sites and applications.
Source
