This week in Horror Stories: US recovers $15m from the 3ve ad-fraud operation.
Ben Benoliel Contente|
Cyber Risks & Threats | June 08, 2022
Let’s unveil it:
Cost: around $29 million for ads that were never viewed and infected 17 million computers.
Date: December 2015 through October 2018
Industry affected: various
Threat Type: botnet, known as 3ve (EVE)
What is it?
A bot is a computer script designed to act with agency or simulate human behavior. It can infect computers to carry out attacks using this computer and it can surf the internet and be used for other various reasons, including to commit ad fraud. Botnets are a network of these bots.
Long story short, what happened?
The botnet known as 3ve (pronounced eve) affected more than 17 million computers and stole millions of marketing budgets. The operation, carried out for years, was orchestrated by cybercriminals that used legitimate advertisers so that they would display, without knowing, the ads on websites that were in fact spoofed domains created by the cybercriminals themselves.
With this, the criminals could falsify billions of advertisement views and more than 86,000 domains causing companies to pay around $29 million for ads that were viewed by the bots and never actually by real human internet users.
Why you should care?
This is just another of the many examples of Fake traffic affecting pay-per-click (PPC) advertisements. In this case, it was a criminal activity. Sure you can think, “why would my business be the target of a criminal operation?”
Well, some businesses commit click fraud to drain their competitors’ budgets and outperform them on top keywords. In the same way, some affiliates and partners – measured by the amount of traffic they sent to your site – can artificially inflate their numbers to ramp up payment.
But beyond that, bots, fake users, and other types of fake traffic can affect marketing budgets without necessarily having malicious or criminal intent. As an example, recently, CHEQ discovered that eCommerce sites lose $2.34 billion to invalid ad clicks and the types of Fake Traffic found were numerous, including automation tolls and other not malicious types.