Fraudsters are continuing to follow advertisers into connected TV.
Oracle has uncovered a CTV ad-fraud operation that it says is the largest known to date.
Dubbed “StreamScam,” the operation exploited flaws in CTV ad serving technology to trick advertisers into paying for ads that were never delivered to households, according to Oracle, which says that more than 28.8 million valid U.S. household IP addresses were spoofed, including about 3,600 apps and 3,400 unique CTV device models.
The use of valid household IP addresses “demonstrates the sophistication of StreamScam compared to previous CTV ad fraud operations,” the company observes. “By comparison, the largest prior CTV ad fraud operation had been Icebucket, which involved two million spoofed household IP addresses, 300 app IDs, and 1,000 CTV device IDs,” Oracle reports.
The StreamScam perpetrators capitalized on vulnerabilities in server-side ad insertion (SSAI) technology used to improve the CTV video viewing experience. SSAI combines content and ads into a single video stream that can play seamlessly, with no delays on end-user devices such as Roku, AppleTV and FireTV.
Oracle’s Moat analytics technology tallies the ad impressions inserted into video streams by SSAI servers and the number of ad impressions that actually play on end-user devices. The fraudsters built a network of servers that sent ad impression events to Moat and advertisers without actually sending ad and video content to users, and forged household IP addresses, app IDs, and device IDs in the measurement events to make it appear that ads had played in those environments, explains Oracle.
Mike Zaneis, CEO of the Trustworthy Accountability Group (TAG), said that TAG has expanded its threat-sharing capabilities through the TAG Threat Exchange "to quickly disseminate information about new and emerging threats in areas like CTV ad fraud," and is working with Oracle and other participating companies to "build an impenetrable barrier" against ad fraud. TAG and Oracle plan to hold an industry briefing in January about mitigating this latest fraud threat.