How to Find Fraud Hotspots in Your Advertising Inventory With White Ops

There’s an assumption in the marketing world that ad fraud attacks all campaigns equally, but this isn’t really the case. Instead of skimming a small percentage off the top of all your campaigns, cybercriminals have very specific targets to maximize their payout.

The most susceptible campaigns are those in which demand, or the available budget of the ad campaign, outstrips the available inventory that matches the intended targeting of that campaign, also known as supply.

This can happen during a holiday season or a major sporting event, during the end of a campaign, or with a highly-targeted list. Marketers need to be vigilant against these attacks by monitoring those campaigns with a tool that can highlight any fraud “hotspots” effectively.

Here’s a step-by-step walkthrough of how to find fraud hotspots with White Ops.

How to hunt bots

The best place to begin your fraud investigation is on the FraudSensor Summary dashboard. Since there’s usually a significant amount of data in that view, it’s best to start high and then work your way down. We usually recommend that customers set the timeframe for the last week to get a sense of how gross impressions and fraud have changed each day.

The main thing you’re looking for at this stage is some kind of major anomaly. Most often, these anomalies manifest as sophisticated invalid traffic, or SIVT, spikes on any given day.

Once you find an anomaly like this, adjust the timeframe to correspond to the period of elevated SIVT. Then, scroll down to the Impact Assessment Summary below the dashboard graph. These summary charts show the top ten domains, campaigns, providers, etc. (you can customize by interest) with the highest amount of SIVT.  

We suggest you look at the publisher or domain first. Frequently, you’ll find that certain publishers or domains have high SIVT rates that account for the bulk of fraudulent activity on a given exchange or SSP. Use the filters on Explore tab (it’s one over from the Summary tab)  to find these “hotspots.” Try looking for domains with >10% IVT or a certain number of fraudulent impressions. This can help you drill down into where the fraud is actually taking place.

From there, look at specific campaign summaries from those publishers. Found something interesting? Good — take a look at placements from those campaigns. There you should be able to see which placements had highest SIVT volume, or any trends in types of placements.

For example, during a hotspot analysis, one White Ops customer was able to prove that the majority of the non-human traffic flooding their campaign was coming at the same time that they were running a full homepage takeover on a specific publisher’s website.

This tiered approach will ensure that you are finding the areas of highest fraud and highest economic impact within your campaigns. These types of analyses are a recommended best practice for your team to ensure fraud is always carefully monitored and effectively removed.  

I’ve found fraud, what do I do now?

If fraud is coming through in your programmatic buys, identifying poor-performance domains and blacklisting them on a weekly basis is a method that has proven to be effective.

If fraud is coming through in your direct publisher buys, identifying specific placements and/or domains and notifying the publisher so they can address the issue will usually fix the problem. If the publisher is unable to address the issue, then you may need to reconsider your relationship with them.

What if I don’t see any daily spikes in SIVT?

Some of our customers don’t see daily spikes, but still have levels of SIVT that are consistently higher than they would like. In these situations, instead of focusing your publisher analysis on specific days where fraud spiked, you can run your publisher analysis on the whole time period (i.e. Last 30 Days, Last Quarter) in question. The follow-on logic is the same.

The best times to look for fraud

Though you should be looking for fraud in all your campaigns at all times, there are some periods during the year during which you should be extra vigilant. These times include:

  • During the end of a campaign: As campaigns come to a close, many publishers rely on audience extension tools to satisfy their campaign requirements. Many of these audience extension tools are havens for bot traffic.
  • During holiday seasons: Make sure you compare rates between different time periods, and check for big increases in IVT rates on certain days near the end of the month or around holiday seasons.
  • In extremely targeted campaigns: When advertisers go after a very targeted, high-demand audience, they open themselves up to higher fraud rates. Many cybercriminals cultivate botnets that look like these audiences and then sell them to reputable publishers.

While many people assume that ad fraud is equally spread out across, our research has shown this is far from the case. Systematically identifying and remediating hotspots can be time well spent for savvy marketers.