Embedding legit sites within iframes to run an advertising fraud scheme

Clever. If you run ads, and want to click on the ads yourself, to get more money, most of the time the ad companies will detect your ad fraud, and your ad account will be suspended: no money for you. So how could you run an advertising fraud scheme that looked like real users, from all over the world, were clicking the links? Here’s an idea: show legit sites in frames, but every time a user clicks, have a hidden from that submits a click to the ad: the traffic will look real because it is real: real users, real IP addresses, real refers from diverse sites.

Very clever:

You have heard about fraud and online advertising. You may have seen the Wall Street Journal video “Porn Sites Scam Advertisers”, or even read the story at today’s Wall Street Journal about “Off Screen, Porn Sites Trick Advertisers” (Hint: to avoid the WSJ paywall, search the title of the article through Google News and click from there, to read the full article).

Since I am intimately familiar with the story covered by WSJ (i.e., I was part of the team at AdSafe that uncovered it), I thought it would be also good to cover the technical aspects in more detail, uncovering the way in which this advertising fraud scheme operated.

It is long but (I think) interesting. It is a story of a one-man-making-a-million-dollar-per-month fraud scheme. It shows how a moderately sophisticated advertising fraud scheme can generate very significant monetary benefits for the fraudster: Profits of millions of dollars per year.

If you want to skip the technical sleuthing details, you can skip directly to the overall picture and the discussion.

Disclaimer: In the story below, I will only mention by name the sites performing the fraudulent activities. All the brand names that you see are just for illustration purposes. They are not the ones affected by this case of fraud. Also remember that this is a personal blog. The views and opinions that I express here are my own and do not necessarily represent the views of AdSafe or the views of New York University.