Jessica Goodfellow
Feb 2, 2021

DoubleVerify uncovers another record-breaking CTV fraud scheme

The operation is the eighth SSAI-based scam that DoubleVerify has identified in just two years, and it was triple the size of the last one.

DoubleVerify uncovers another record-breaking CTV fraud scheme

CTV (connected TV) continues to be a lucrative target for fraudsters. In January, DoubleVerify identified and blocked what it says is the biggest CTV fraud scheme to date—which operated a network of spoofed devices and IPs that was triple the size of the next biggest scheme the company has witnessed.

The operation, which DoubleVerify has called 'ParrotTerra', was facilitated through server-side ad insertion (SSAI) technology, in which ads are "stitched" into a piece of video content.

Fraudsters have found ways to dupe the SSAI server that is responsible for both putting out ad requests to fill the ad breaks and reporting on metrics to the buy-side, by spoofing CTV devices and generating fake traffic. In a typical SSAI fraud scheme, the fraudster spoofs legitimate devices and apps and use the spoofed details to send fraudulent ad requests into the ecosystem.


DoubleVerify identified its first large-scale SSAI ad fraud scheme, dubbed 'Colorius', in 2018. Since then, it said it has uncovered "at least" eight additional SSAI fraud schemes, each larger than the last. CTV is an attractive target for fraudsters due to its high CPMs, typically upwards of US$20, according to Emarketer estimates.

'ParrotTerra', like other SSAI schemes, worked by generating fake CTV inventory across countless apps, IPs and devices. It was spoofing 3.7 million device signatures and 2.7 million IP addresses each day before it was blocked. DoubleVerify said that ParrotTerra could have defrauded advertisers and publishers of "millions of dollars" if left undetected.

This is three times the size of the daily operation of 'LeoTerra', which previously held the title as the biggest CTV fraud scheme DoubleVerify had identified. 'LeoTerra' was first identified by DoubleVerify in July 2020 and later resurged in December 2020, when it was identified by Oracle Moat. Oracle said the scam spoofed more than 28.8 million US household IP addresses, including approximately 3,600 apps and 3,400 unique CTV device models. 'LeoTerra' has morphed multiple times to evade blocking—DoubleVerify identified a total of five variants over the past six months, including two in January.

Where 'LeoTerra' maintained a steady impression volume as it went through its mutations, the newer 'ParrotTerra' exhibited different behaviour. It began by testing its manipulation on a smaller scale before rapidly progressing into high volumes. DoubleVerify said the change in behaviour shows that SSAI fraud schemes are now looking to act quickly to siphon as much ad money as possible before being shut down.

 

Before 'LeoTerra', cybersecurity and ad verification firm White Ops uncovered what they reported at the time was the largest-ever connected-TV fraud operation in April last year. 'Icebucket' counterfeited more than 300 different publishers and spoofed at least 2 million IP addresses from over 30 countries. At its peak, it generated around 1.9 billion ad requests per day.

CTV fraud impressions more than tripled (220% increase) in 2020 versus 2019, according to DoubleVerify's data.

Source:
Campaign Asia

Related Articles

Just Published

5 hours ago

40 Under 40 2024: Fabian Tan, Junk

Tan has transformed JUNK from an editorial desk into a thriving cultural consultancy, all while driving growth and championing inclusivity with lasting impact.

6 hours ago

Is brand sponsorship enough for Asian sports?

As brands embrace grassroots support and local sports initiatives, the VP of Toyota Motor Asia explores how investments beyond ambassadorship are essential.

7 hours ago

The return of Donald Trump: What it means for ...

As Donald Trump secures his second term as US president, marketing leaders across APAC weigh in on the potential impact on regional business, brand spend, and industry growth in a volatile economic landscape.

7 hours ago

South Korea fines Meta $15 million over data breach

Meta faces the multi-million dollar penalty for funnelling sensitive user data to advertisers, as South Korea tightens its privacy laws.