The two most popular channels for advertisers – connected TV and mobile – are affected, with fraudsters stripping measurement provider tags and redirecting them to avoid detection
DoubleVerify (“DV”), (NYSE: DV), a leading software platform for digital media measurement, data, and analytics, Friday 25th March, announced the discovery of “ViperBot,” a sophisticated advertising fraud scheme that attempts to steal over USD$8m(£6.1m) each month in ad spend across two of the industry’s most in-demand channels: connected television (CTV) and mobile video.
Through ViperBot, fraudsters strip the code that verifies ad impressions and then conceal and redirect this code through real devices to hide the fraudulent activity in an attempt to go undetected. While DV customers are currently protected from the scheme, it continues to spoof more than five million devices and up to 85 million ad requests per day, undercutting ad investments and performance when solutions that can protect against ViperBot are not implemented.
“ViperBot is one of the most sophisticated fraud schemes that DV has ever identified,” said Mark Zagorski, CEO at DoubleVerify. “The dynamic nature of fraud schemes underscores the fact that advertisers need a partner who is laser-focused on protecting their interests – and who operates independent of the media transaction to remain neutral when determining the quality of inventory,” said Mark Zagorski, CEO at DoubleVerify. “Efficient and transparent media buying leads to better outcomes for brands. By uncovering ViperBot, we are able to give brands greater confidence in their digital investment while ensuring campaign performance.”
ViperBot relies on both the well-documented occurrence of verification stripping and a new tactic, discovered by DV, called “verification redirection.” Verification stripping is the removal of verification tags previously set by a measurement provider. As this normally causes measurement discrepancies, fraud schemes that rely on verification stripping can regularly be identified by advanced measurement companies. DV, for example, has protected its clients against verification tag fraud for years.
With ViperBot, fraudsters have taken verification stripping to the next level. Fraudsters are not only removing verification tags from the ad being delivered – but they are also reinserting them inside of cheap ad slots running on real devices in an attempt to prevent detection. This makes it difficult for unsuspecting measurement providers to recognise that any fraudulent activity is taking place. Upon identifying the new tactic, DV immediately blocked the falsified impressions and ad requests. Although ViperBot ultimately affected verification tags from all verification providers, DV quickly detected and mitigated the scheme – ensuring protection for DV customers.
“As fraudsters continue to evolve and aggressively target high-value inventory types, measurement providers need to catch up,” said Jack Smith, chief product officer, DoubleVerify. “We’re seeing this happen in CTV and mobile inventory, where higher CPMs make it a more attractive target, but this new redirection tactic can be applied across many environments.”
DV’s technology is powered by the DV Fraud Lab, a dedicated team of data scientists, mathematicians and analysts from the cyber-fraud prevention community. The Fraud Lab relies on a variety of approaches to detect fraud — from AI and machine learning to manual review.
“The DV Fraud Lab is singularly focused on detecting, neutralising, and mitigating new threats, giving advertisers much-needed campaign protection and performance,” added Zagorski. “This is in service of our overall mission – to build a better advertising ecosystem for everyone.”
DoubleVerify has released a detailed factsheet on the Viperbot fraud scheme, which you can download here