20% of ad clicks on average are frauds

Don't pay for clicks generated by bots, competitors
or uninterested clickers

Frauds in OTT and CTV advertisements

TrafficWatchdog team

28.01.2022 r.

frauds, OTT, DoubleVerify, CTV, advertisement, bots, DiCaprio, Pixalate, Monarch

Frauds in OTT and CTV advertisements

source: own elaboration

In the last text, we introduced the topic of streaming video content as well as OTT (On The Top) and CTV (Connected TV) advertisements, which are dynamically gaining in importance as a new way of marketing communication. As the viewership of digital video and streaming content increases, so does advertising expenditure on this channel. According to IAB, in 2020 digital video in the world grew by 20.6% year-on-year, increasing its share in total online advertising revenue by 1.3% to 18.7%. An estimated $ 62 billion was spent on online video advertising in 2021, and investment in CTV and OTT advertising reached $ 17 billion. But as we know, where huge amounts of money are also, unfortunately, fraudsters...

According to martechseries.com, losses caused by ad frauds totaled $ 35 billion in 2020. Figures published in December last year in a Campaign Asia report showed that fraudsters were appropriating 20% of the world’s online advertising spending. As Juniper Research estimates, the industry is losing about $ 51 million a day due to advertising fraud, and the numbers are constantly growing ... by 2023, losses are expected to be up to $ 100 billion a year. When it comes to frauds related to OTT advertising, DoubleVerify claims that the fraud rate ranges from 2% to even 90%, depending on the campaign.

To what types of fraud are OTT and CTV advertisements exposed?

Some scammers simply transfer the skills acquired in other online marketing channels to video streaming, which is why the frauds related to OTT and CTV advertising include both artificial traffic generated by BOTs as well as impersonating premium publishers. In the first of these cases, specially created programs pretend to be devices such as Smart TV and others used in CTV to generate artificial impressions of video advertisements. The advertiser therefore pays for misrepresentations of his advertisements, thinking that they are being shown to people. Spoofing, on the other hand, occurs when scammers looking for high CPM rates falsely claim that their traffic is coming from IP addresses in a given geographic location when in fact it is coming from entirely different places in the world.

For more complex fraudulent traffic scams, the name Sophisticated Invalid Traffic (SIVT for short) is used. The scams referred to as this most often mislead the application by „impersonating” real publishers or falsifying measurement events (the so-called „attribution fraud”), that is, by seemingly playing a video with an advertisement. A popular scam in the case of OTT and CTV campaigns are also OTT/CTV device farms (similar to the methods of click farm operations), which create artificial impressions on a mass scale.

Another technique of fraudulent OTT advertising is called „looping” in which the same device or IP address sends appropriate messages pretending to play many ads in a short time. For example, one person allegedly displays five 30-second spots in 60 seconds. While this is impossible, individual advertisers are unaware of it.

Thus, CTV channel advertising frauds don’t differ in methods from those well known from other online marketing campaigns. For example, in the case of Roku, one of CTV’s largest service providers, third parties can develop and host streaming apps through the Roku ecosystem, much like they develop and host mobile apps on Google Play.

Is it difficult to cheat on OTT and CTV ads?

Unfortunately, ad frauds in the case of the OTT / CTV channel are relatively easy to commit - in most cases it is enough for the scammer to simply declare that his BOTs are some sort of streaming device. This certainly influences the popularity of this type of fraud, as well as high CPM rates in OTT/CTV campaigns (they are often even ten times higher than in the case of other online advertising). So not only is it easy to cheat advertisers in streaming campaigns, it’s also profitable and, to make matters worse, it’s easy to hide. This is because CTV devices often don’t support full versions of web browsers, and about 40% of OTT ads don’t use JavaScript, which makes it impossible to use typical fraud detection and tracking technologies. As White Ops revealed in his latest report, only 1/3 of video ads are „verifiable at the highest level”.

What’s more, in OTT/CTV campaigns, the SSAI (Server-Side Ad Insertion) practice is used, which consists of adding advertisements to streaming videos in data centers on the way to the CTV device in a given household. BOTs used for frauds don’t even have to pretend that they are something else - while in the case of other forms of online marketing, the server as a source of advertising would raise suspicions, in this case it can be fully justified. Scammers can therefore hide in plain sight among other legitimate advertisements.

DiCaprio, Monarch, Icebucket - the biggest known CTV / OTT frauds

Although both the advertisements and the OTT and CTV technology itself are relatively fresh, it has already been possible to detect several ad frauds carried out on a massive scale. The first such case was revealed by Pixalate (a platform to protect against marketing fraud) in January 2020 and concerned a scandal called DiCaprio.

The scammers used the Grindr dating app, which is popular among the LGBTQ community, owned by the Chinese gaming company Kunlun Tech. Real devices belonging to app users were used as proxies to carry out frauds - advertisers were convinced that they were buying views of their video ads on connected Roku TVs, when in reality these were just spoofed ad requests taking place in the background of the Grindr app. The „DiCaprio script” - an advanced algorithm apparently designed to spoof Roku traffic was responsible for everything.

Two months later, in March 2020, Pixalate revealed another huge ad fraud. A marketing scam that used passive Roku apps that provide features such as displaying videos for pets or resemble advanced screensavers, was named Monarch from Monarch Ads, a subsidiary of Barons Media, the ad inventory monetization platform used by all apps identified in this scam. Although the ad requests were showing the correct name of the given app, the response was already showing a different one with the destination being „Aragon Creek”. According to Pixalate, it is possible that the OTT/CTV device farms were behind Monarch.

Losses have reached millions of dollars, victims of fraud include luxury brands such as Lexus, Jaguar, GEICO, Chipotle and Uber, and even politicians using the CTV channel during elections to the Senate.

We didn’t wait long for the next marketing scandal - already in April 2020, during the „Icebucket” attack, fraudsters stole millions of dollars allocated for CTV advertising. The scammers impersonated more than 2 million people from over 30 countries, ultimately tricking over 300 different advertisers. A fraud in which BOTs pretended to be people watching OTT and CTV commercials were discovered by researchers at White Ops, and at its peak (January 2020), it was responsible for 28 percent of all CTV traffic that was monitored by researchers (or about 1.9 billion ad requests daily). To date, ICEBUCKET is the largest SSAI spoofing case discovered - scammers used approximately 1,700 IP addresses for fake SSAI servers located in 9 countries and over 300 different legitimate application IDs from various publishers.

More frauds during the holiday season

DoubleVerify (a digital media data measurement and analysis platform) has seen a significant increase in fraudulent traffic on online video channels and CTV since mid-October 2021. In their opinion, 6.6% of all „video” ads and as much as 18% of OTT/CTV ads are scams or sophisticated invalid traffic (SIVT) from infected devices, but also frauds based on BOTs and ad injection.

(...) while fraud normally peaks in Q4, we have found that the volumes this year are already higher compared with Q4 of 2020. And we’re only getting closer to December” said Mark Zagórski, DV CEO (short for DoubleVerify).

A particularly large increase in advertising fraud in video and online streaming can be observed during the holiday season - more spending on OTT and CTV campaigns encourages fraudsters to take action. As proof, DV gives the fact that CelloTerra - a form of fraud discovered by them in March 2020, based on the fact that fraudsters use mobile applications to display ads in the background and falsify CTV traffic, tripled the number of CTV counterfeit devices and fraudulent views in IV quarter of 2021. This is also evidenced by the much greater activity of scammers using the LeoTerra scheme, identified by DV in July 2020. This is a group of SSAI (Server-Side Ad Insertion) based frauds in which scammers set up fake SSAI servers and then produce CTV inventory in an unlimited number of applications, IP addresses and devices. With the start of the 2021 holiday season, LeoTerra activities have increased to 20.5 million unique digital TV devices per day. This is over 20 times more than at the end of the fourth quarter of 2020.

Contact us

in order to present me a product offer and for marketing purposes. Spark DigitUP Sp. z o.o. as the Administrator, observing the provisions on the protection of personal data, has informed me of my right to access, delete, forget and transfer informations, as well as rectify, supplement and limit the processing of my data in the manner arising from [Privacy Policy].

within the meaning of art. 10 paragraph 2 of the Act of July 18, 2002 on the provision of electronic services (Journal of Laws No. 144, item 1204) to the provided e-mail address and telephone number. Spark DigitUP Sp. z o.o. as the Administrator, observing the provisions on the protection of personal data, has informed me of my right to access, delete, forget and transfer informations, as well as rectify, supplement and limit the processing of my data in the manner arising from [Privacy Policy].

in relation to the phone number and email address I have provided for direct marketing purposes by Spark DigitUP Sp. z o.o., owner of the TrafficWatchdog.pl