NEW YORK, Feb. 07, 2019 -- DoubleVerify, the leading independent provider of marketing measurement software and analytics, today announced that it has identified a new bot network that perpetrates fraud by circumventing ads.txt protections.
The botnet that DV uncovered perpetrates a sophisticated, unique type of fraud. The bot first visits a given publisher site and scrapes the site’s content. The bot then creates falsified copies of the scraped pages on its own server, adding new ad slots that did not exist prior. It manipulates the environment to make it appear as though the browser is visiting the original site, when in fact it is viewing falsified content and ads. It then sells the fraudulent ad slots – under falsified URLs – through an authorized reseller listed on the publisher’s ads.txt file. In most instances, the ad slots masquerade as legitimate inventory and seem to originate from a valid site, thereby making the content, ad inventory and reseller arrangement appear legitimate.
Ads.txt, which stands for “Authorized Digital Sellers,” is an IAB-approved protocol that aims to prevent the sale of unauthorized ad inventory. Publishers drop a text file onto their web servers that lists all companies authorized to sell a publisher’s inventory. Similarly, programmatic platforms process this information in order to qualify the validity of the inventory they purchase. The intent of ads.txt is to foster greater transparency and trust in the value chain.
“While ads.txt is a significant step toward resolving unauthorized reselling and associated fraud, it’s not a complete failsafe,” said Roy Rosenfeld, Head of DoubleVerify’s Fraud Lab. “This scheme was specifically designed to take advantage of the industry-wide ads.txt initiative and commit fraud that would not trigger ads.txt violations with programmatic buyers.”
Once DV identified the scheme, the company immediately alerted impacted customers and partners, and implemented mechanisms to detect and protect against this pattern of fraud.