
Uncovering an advertising fraud scheme (NSFW) (2011) - DavidChouinard
http://www.behind-the-enemy-lines.com/2011/03/uncovering-advertising-fraud-scheme.html#
======
Hopka
Although an absolutely great article, this is 2 years old. Previous discussion
here: <https://news.ycombinator.com/item?id=2333824>

~~~
skcin7
Be sure to also read the follow up for the actual solution that Ad-safe
implemented here: [http://www.behind-the-enemy-lines.com/2012/03/50-of-ads-
are-...](http://www.behind-the-enemy-lines.com/2012/03/50-of-ads-are-never-
seen.html)

------
CyrusL
This is a major ongoing topic in the ad world. For those interested in the
topic, here are two more articles from today on publisher fraud:

[http://www.adexchanger.com/online-advertising/to-catch-a-
bot...](http://www.adexchanger.com/online-advertising/to-catch-a-botnet/)
[http://www.adweek.com/news/technology/meet-most-suspect-
publ...](http://www.adweek.com/news/technology/meet-most-suspect-publishers-
web-148032)

~~~
kreilly
Two other articles today named ad networks that are making money on this type
of fraudulent traffic:

[http://paidcontent.org/2013/03/19/massive-bot-network-is-
dra...](http://paidcontent.org/2013/03/19/massive-bot-network-is-
draining-6-million-a-month-from-online-ad-industry-says-report/)

[http://www.adweek.com/news/technology/meet-most-suspect-
publ...](http://www.adweek.com/news/technology/meet-most-suspect-publishers-
web-148032)

------
mrintegrity
So whats the major disincentive to people who read this and immediately think
"Kaching!"? (me)

There must be a down side, apart from the seedy feeling someone might get from
doing this.

~~~
paulmolluzzo
I'm no lawyer, but this look like wire fraud. Plus there's a trend of "he did
it on a computer so burn him at the stake" in federal prosecution lately.

~~~
skcin7
> "he did it on a computer so burn him at the stake"

This is a result of the general public's incredible ignorance when it comes to
how computers work. I hope this trend will fade soon as newer generations that
have been raised on computers become older. I really dislike the whole "he did
it on a computer so burn him at the stake" mentality that government seems to
have today.

~~~
jbooth
I think its more specifically a case of senior legislators and policymakers
hatefearing the internet. They're supposed to be the rulemakers.

------
brc
I tried running some PPC ads once, for a month or so. I spent a lot of cash
and got nowhere. Curiously I showed a healthy conversion rate on some ads,
which encouraged me.

I spent an entire day tracking down a lot of these things. Turned out that in
every single case, there was no sale, and I couldn't believe in a million
years that traffic from these sites were really following my ads.

I stopped spending money with Google. A year later they sent me a voucher and
begged me to try again. So I tweaked some settings, cut the list right down
and spent their $150. Same results.

My overriding impression is that display ads, PPC ads and the like are an
absolute cesspool of fraud and it's a waste of time trying to untangle the
mess.

~~~
paborden
One of the first rules of Adwords is to disable showing ads across the display
network (this is enabled by default). You should only be showing ads on the
search network (and only google.com at that, not the search partners).

Setup correctly, these types of scams aren't much of a problem with Adwords.
FWIW, I've found Adwords to be very very effective, provided you know exactly
what you're doing, and know how to adjust your campaign settings such that
Google doesn't bleed unnecessary money from you.

~~~
brc
Yes, I know that and I had always just used search ads. But I was dominating
the SERPs for the terms I was interested in, so tried the display network as
an experiment as an alternative to see how it would go.

>I've found Adwords to be very very effective, provided you know exactly what
you're doing, and know how to adjust your campaign settings such that Google
doesn't bleed unnecessary money from you.

I agree with you there, but you need to learn the ropes when someone else is
paying the bills for your mistakes. A wrong setting has the ability to eat
your spend very quickly. My point is that the display network is a cesspool of
fraud, and I doubt I would touch it again.

------
MichaelGG
>For the technically curious: reading the address of the top frame is a
challenging problem. For security reasons, browsers do not allow cross-domain
scripting. So, it is not possible to just call the "top" object and read its
properties. We have a proprietary solution for this.

Are they exploiting a security bug?

~~~
jessaustin
I'll speculate they're using the referrer, although I think that only lets you
jump up one level and then you're stuck. The client isn't required to send the
_referer_ header so it may not work at all. Still there are some plausible
situations in which it works.

------
baby
I can recognize a lot of stuff I used to do when I was 16 and owned that kind
of website. A lot of linking to send traffic to other websites who would send
traffic back. A lot of fake traffic through iframes, and often through <img
src="url" width="0" height="0"> because iframes fake traffic would be
protected against. A lot of exchange with that kind of websites.

There was a huge bubble.

Also those websites gives you what you want to see. We all started doing porn,
but the most clever guys understood that you had to post more. Gore, Fights,
Shock...

------
stratagerm
Wow, searching for "buy traffic" or "real human traffic" (sans quotes) is an
eye-opener. They may be real humans and not bots (though I doubt it) but it's
still fraud.

What a cesspool.

------
gcb0
Ironically, this is only possible because advertise resellers created all sort
of markets for scamming the publishers of actually getting paid for the ad
they show (advertises have to pay for 3rd party reporting, brand protection,
etc, etc, etc. all that dillutes the $3~4 cpc the brands pay to the 3c the
publishers receivers in the end)

if it worked like it works in TV or radio, this wouldn't be possible to begin
with. or wouldn't be profitable.

------
fthd
I think I'm missing the connection to the "legitimate" publisher. Is the
publisher paying the scammer for traffic? How are they doing that? unless
they're in on the scam as well.

------
malachismith
Close... but the business model for most of these operations is traffic
generation. Need 1M uniques this month to hit your numbers? No worries!! Enter
your credit card here!

------
signed0
FYI: The NSFW content is a handful of tiny pornographic images.

------
gcb0
one flaw on the estimates: it assume 100% of the uses leave the popunder
running.

anyone have any data on the effectiveness of popunders? this is one area i
never have to deal with (thankfully)

~~~
Zimahl
Effectiveness? Like click-through rate? It's irrelevant in this model, really.

The popunder loads the page that loads all of the other ad-clicking domain
pages, and since it's a popunder it's probably not noticed until the browser
has loaded the entire contents.

It's damn brilliant. Paying $3k for low-end $500k? That's a great ROI.

~~~
gcb0
my point is: how many people even let the popupunder load?

i visit a few forums that have popunders for the first sessio n click. it's
almost a knee jerk reaction to close the window while i wait for the forum
index to load.

He is making the assumption that 100% of the visits translates to a popunder
being able to do it's thing. I just want to know if the real world the number
is 99% or 10%.

------
shurcooL
That was a very insightful read, thanks.

