Anura, a company that provides fraud filters, raised some eyebrows last week when it reported that Android apps contained malware, and that it poses a potential $3 billion-a-year threat to advertisers.
To prove the risk, the company installed two apps that are available from the Google PlayStore on a mobile device. Then it monitored activity over 24 hours.
The click logs indicated 3,061 requests for an ad, and the ads were served 169 times. But the phone was in sleep mode. So who requested the ads? A bot, Anura says.
And that’s just the start of the problem. Overall, fraudulent ad traffic will cost $50 billion by 2025, the firm predicts in another study.
The ad industry faces $8.2 billion worth of corruption a year from invalid traffic ($4.6 billion), malvertising $1.1 billion), and infringed content ($2.5 billion). Bad bots alone generate 19% of total worldwide Internet traffic, and problems are also caused by click farms, ad stacking, ad injection and domain spoofing.
This doesn't affect email marketers, right? Wrong. Emailers are also being hit by bots, and they need a system of checks and balances to prevent it, says Rich Kahn, CEO of Anura. For example, there are companies that are paid to produce email volume — that’s how they are paid. And “the shadier places will get traffic from fraudulent players,” Kahn charges.
Then there are cases in which bots simply get into a system and deliver malware. Take an outfit that does lead generation for student debt consolidators.
People land on the form, and eventually someone has to call. But they find out that the person never submitted that form — instead, they’re getting malware. And some firms may be “buying lists with bogus names on them,” Kahn continues.
Is Kahn suggesting that email list vendors are crooked? No. But he says that “even the good guys” — those that offer permission-based lists — can have issues. “No company guarantees that 100% of its lists are clean,” he states.
So how can Anura help? By tagging the bad players in real-time with effective traffic scoring.
“Our code is simple --you drop it onto the web asset or email, and when opened, you can identify it almost instantly and determine if it’s real or fake,” Kahn says.
That’s more tricky than it sounds. For example, a company might see that all the forms are from the same IP address.
So the crooks alter their environments, to make it look like they’re coming from different browsers around the country.
“We can identify and pick up on that,” Kahn says.
So what does he advise? First, test your vendors. Any marketing system can be infiltrated by bots. And commit your firm to a system of checks and balances, as Kahn puts it.
Finally, remember that no matter how safe you think you are, “the guys that are evil are extremely creative in finding ways to defeat the system,” says Kahn, who founded the company with his wife Beth.