DoubleVerify Fraud Lab Identifies Botnet Scheme Targeting Ads.txt

Fraudsters Manipulated Ads.Txt Files on Hundreds of Sites to Sell Fake Inventory

DoubleVerify the leading independent provider of marketing measurement software and analytics, announced that it has identified a new bot network that perpetrates fraud by circumventing ads.txt protections.

The botnet that DV uncovered perpetrates a sophisticated, unique type of fraud. The bot first visits a given publisher site and scrapes the site’s content. The bot then creates falsified copies of the scraped pages on its own server, adding new ad slots that did not exist prior. It manipulates the environment to make it appear as though the browser is visiting the original site, when in fact it is viewing falsified content and ads. It then sells the fraudulent ad slots – under falsified URLs – through an authorized reseller listed on the publisher’s ads.txt file. In most instances, the ad slots masquerade as legitimate inventory and seem to originate from a valid site, thereby making the content, ad inventory and reseller arrangement appear legitimate.

Also Read: Akeneo Unveils AI-Powered Product Data Intelligence to Enhance Its Product Experience Management Suite

Ads.txt, which stands for “Authorized Digital Sellers,” is an IAB-approved protocol that aims to prevent the sale of unauthorized ad inventory. Publishers drop a text file onto their web servers that lists all companies authorized to sell a publisher’s inventory. Similarly, programmatic platforms process this information in order to qualify the validity of the inventory they purchase. The intent of ads.txt is to foster greater transparency and trust in the value chain.

Also Read: Key Martech Leaders Join ActiveCampaign to Bring their Experience at Scale as the Company Reaches More Than 60,000 Businesses Around the Globe

“While ads.txt is a significant step toward resolving unauthorized reselling and associated fraud, it’s not a complete failsafe,” said Roy Rosenfeld, Head of DoubleVerify’s Fraud Lab. “This scheme was specifically designed to take advantage of the industry-wide ads.txt initiative and commit fraud that would not trigger ads.txt violations with programmatic buyers.”

Once DV identified the scheme, the company immediately alerted impacted customers and partners, and implemented mechanisms to detect and protect against this pattern of fraud.

Recommended Read: MoZeus Announces Multi-Year Data Capture Partnership with Hyundai Motor America and INNOCEAN Worldwide Americas