Fraudsters have been using the LGBTQ dating app Grindr to perpetrate a cross-device scheme that tricked advertisers into believing they were buying video ads on Roku CTV devices.
The numerous premium publishers spoofed by the scheme have included CBS News, Fox, PBS, USA Today and TMZ, according to ad-fraud detection firm Pixalate, which reports on its research in its blog.
The scheme — dubbed “DiCaprio” by Pixalate, after the name was spotted within the code — spotlights the extent of ad fraud in the CTV arena.
Pixalate’s data indicates that as many as a quarter of the ads placed on CTV are fraudulent. eMarketer projects that CTV advertising will reach $6.94 billion this year, up 38% from 2019.
The fraudsters exploited mobile app advertising security loopholes by using consumers’ devices as proxies, Pixalate found.
When standard banner ads were purchased on Grinder’s Android app, which has more than 10 million users, the fraudsters attached code disguising the ad to look like a Roku video ad slot. The bogus slot was then sold on programmatic exchanges.
“We first saw this is in Q2 2019, and the "DiCaprio" script was active until last week,” a Pixalate spokesperson tells Digital News Daily. While the firm didn’t produce an actual cost estimate for the scheme, it’s clear that the fraudsters had the ability to take a $1 CPM mobile display unit and spoof it as a Roku unit with a CPM of up to $25, he says.
A Grindr spokesperson said that it had been unaware of this scheme until contacted on Monday by BuzzFeed News, but is taking steps to address the problem, and is “working to implement new strategies to protect our users.”
Grindr was recently called out for exposing users’ personal information by the Norwegian Consumer Council, and subsequently suspended from Twitter’s ad network, BuzzFeed noted.
Roku ad industry PR manager Sarah Saul says the company recommends that OTT ad buyers buy directly from Roku or publishers on its platform, and if buying from other sources (open exchanges in particular), use technology to verify the source of ad requests.
"When buying directly from Roku, we can assure buyers that their media plan is brand-safe and 100% viewable," she said in a statement. "We certify streaming channels on our platform. Furthermore, we developed our operating system and own the ad tech stack and the first-party data that ensures that we offer a best-in-class ad experience and meet industry best practices."
In addition to ripping off advertisers, the spoof reportedly drained Grindr users’ data plans and batteries.