CTV Fraud: Racing the Bad Guys


Just a couple years ago, it was rare for someone to own a Connected TV (CTV). But today, it has become the norm as more streaming services and devices have popped up. As CTV adoption rises, CTV advertising grows. According to eMarketer, $2 billion was spent on CTV advertising in 2019. The popularity of the cord-cutters movement led advertisers to adjust their priorities. CTV allows for new and creative ways to advertise to targeted pools of consumers. This market has grown so quickly that security teams are working at breakneck speed just to keep up.

There’s a lot of money here - and as we’ve seen in the past, where there’s money, there are bots. We recently released our white paper, CTV Device Impersonation: The Race Between Fraudsters and Defenders, to educate the industry on what the most common ad fraud threat looks like in the CTV advertising ecosystem.

This white paper focuses on the tactic of device impersonation, also known as device spoofing. This is a key way fraudsters make their money: by pretending to be a CTV device, sending out an ad request, but never actually showing the ad to anyone. CTV is a target for fraudsters since CPMs are high, the landscape is fragmented, there’s no standard protocol yet, and SSAI adds a layer of obfuscation to detection. Using data centers, hijacked residential devices, and emulators, cybercriminals can scale their efforts to steal even more money from advertisers.

A defense is possible. White Ops currently observes more than 200 billion CTV-based bid opportunities per month. In the last 6 months, we have seen our CTV footprint double. We went from 80 - 100 billion bids observed to 150 - 200 billion. Having this data allows our technology to learn and adapt from what we find. Our in-house intelligence teams and security researchers are always on the lookout for botnets and their operators to ensure clients are not losing to ad fraud in all its forms.

To that end, the white paper also includes a look at device impersonation in the wild, courtesy of our security researchers. We uncover a typical attack, examine how we were able to spot it, and what organizations can do to prevent being victimized by similar approaches.

Check out the CTV Device Impersonation: The Race Between Fraudsters and Defenders white paper to see what our teams have uncovered and our recommendations for fighting against CTV-based fraud.