How VPN Users and IP Address Hijackers are Messing Up Your Ad Spend
Find out why anonymous IP addresses are hurting advertisers.
Encouraged by affiliate marketers who promote VPNs, consumers are signing up for VPN services like NordVPN. Vinod Kashyap, head of product at Digital Element, sheds light on the dark crevices of IP security and how VPN users and IP address hijackers are preventing you from leveraging your ad spend.
Today’s consumers are well aware of the threats that bad actors pose to their privacy and security as they surf the web. And they’re equally aware of the data advertisers collect on them as they go about their digital lives. Many have learned how to anonymize their online behavior.
But the privacy offered by VPNs is just as much a boon for scammers as it is for private citizens. And in addition to plying their scams on consumers, they also have their eyes on the advertisers’ campaign budget.
Why Anonymous IP Addresses Hurt Advertisers
Some VPNs do more than provide privacy. For instance, some allow the user to “choose” their location in order to trick a website. This is a feature that attracts consumers who want to do things like access streaming content with geographic restrictions.
It’s also a feature that perpetrators of ad fraud use frequently. Fraudsters set up click farms – fake news sites and bots to click on ads. They sell those ad slots to advertisers via the programmatic exchanges, and once placed, the bots go to work, clicking on the ads to drive up the clickthrough rate (CTR) and collect revenue. VPNs allow them to appear in the geographic regions targeted by a campaign.
Bots that impersonate humans are big business, stealing billions of dollars from advertisers. Publishers also suffer because they lose the opportunity to earn that revenue by filling their own ad slots.
One of the ways that click farms succeed is that with the right VPN and/or residential proxy, the bots can appear to be valid users located in whichever geographical region the advertiser has targeted.
See More: How Blockchain Can Help Solve Ad Fraud
VPNs Complicate Things Further
VPN usage has been surging since the pandemic and shows no sign of slowing down anytime soon. Some of those VPNs offer features, such as no logging and anonymous payment, that make it easy for nefarious actors who launch malvertising and malware campaigns to hide in plain sight. These types of fraud aren’t always captured by the standard tactics deployed by Traffic Quality teams. For example, ads that use cloaking (i.e., camouflaging) aren’t detected with pre-bid filtering or put in an inclusion list.
Complicating matters further, Traffic Quality teams often consider traffic that comes from hosting services as invalid traffic (IVT), but users who go online from a corporate campus that has implemented a zero-trust security framework will be labeled invalid.
And in general, residential traffic is considered safe and legitimate. Today we must reexamine that assumption as a new crop of bad actors has learned how to hide behind residential IP addresses and to blend in with legitimate traffic. As a result, seemingly real humans are bots that bilk the advertiser’s budget.
No Silver Bullet, but Context Helps
To stop this kind of fraud, the digital advertising industry deploys numerous tactics, including pre-bid filtering and post-bid analysis to assess the legitimacy of traffic behind, along with publisher inclusion and exclusion lists to ensure ads don’t appear on bogus sites.
These efforts can be quite successful. For instance, the TAG US Benchmark Report shows that campaigns that run through TAG Certified Channels have less than .98% ad fraud. That may not seem like a lot, but when you consider advertisers spent 189.3 billion that year, that’s $1.89 billion lost — a major crime by any definition. But not all traffic goes through TAG channels. In those cases, fraud can account for up to 11% of traffic.
That means the industry needs to bring additional tools to the fight. IP intelligence data has a useful role to play because it can bring valuable context to the traffic within a campaign, enabling Traffic Quality teams to distinguish between legitimate and questionable traffic.
IP Address Context: More than Just an Address
All IP addresses contain a great deal of context, i.e., intelligence data that surrounds the actual address. This data includes:
- Geolocation data (country, city, zip/postal code)
- Proxy data (e.g., masked IP data that fraudsters can use)
- Neighbors/like IP addresses
- Home usage vs. business usage
- Device type or servers
- Activity
- Company name
- VPN provider and type of services
Traffic Quality teams can use this data to help them determine which mobile IP addresses are legitimate and which are associated with known botnet rings. It can also help them identify when mobile IP addresses are remarkably stationary and likely fraudulent (real mobile phone users are on the go, and a device that stays at the same location while clicking ads 24/7 is highly suspicious).
See More: Beating the Fraud Guide: How To Protect Your Ads
VPN Threat Intelligence Solutions
Threat intelligence solutions can help Traffic Quality teams respond to the rise of VPN usage and the threats they pose to the digital advertising ecosystem. Such solutions provide whether it supports fraudster-friend features such as no logging or payment via cryptocurrency, IP addresses related to a provider, traffic type and more.
This insight can help Traffic Quality teams identify proxy data, which may be a masked IP address that fraudsters can use. It can also help them distinguish between risky or more benign VPNs so that they can decide which traffic to accept and which to reject.
Importantly, teams can identify where ads are actually viewed and whether it makes sense for a campaign. And they can see when a bunch of “interesting IPs” are delivering clicks, but they can’t connect them to anything related to the campaigns. In such cases, Traffic Quality teams can raise the suspicious IP addresses to their quality and measurement partners for investigation.
IP intelligence data isn’t a panacea for ad fraud, and no traffic quality team should look at it as such. Its role is in forensics and setting best practices.
What are the challenges you face with VPN security? Share with us on Facebook, Twitter, and LinkedIn.
Image Source: Shutterstock
MORE ON VPN SECURITY
