A large Ad Network based in North America serving more than a Billion ad requests per day faced a very unique fraud with the traffic going to their Premium Advertisers.
- The Ad Network noticed a significant drop in their validated traffic from the advertisers even though the publishers sending traffic were considered to be premium.
- There was no significant proof submitted by the advertiser claiming fraud consequently, the publishers also did not agree to the numbers without proof.
- The Ad Network had used two other anti-fraud tools but nothing significant was caught.
- No significant patterns were noticed in the traffic. No other red flags were raised considering the source of traffic.
ClearTrust started looking into it from a different perspective. ClearTrust scanned the traffic continuously for a week to find the different patterns in the traffic.
A unique pattern was found and had these key findings:
- Same UA which means the same device
- Different IP
- Click coming in from that UA every alternate minute
- Every alternate day the UA changes
- Traffic driven is for not more than 1 hour at a time.
On further investigation of the UA, it was found that they all translated to the latest version of the chrome browser being used which has released a week back. One suspicion being that a just-released version of the browser cannot be available on millions of devices with a few days.
In the next level of investigation, it was found that 3 publishers were responsible for this and all the required proof was submitted to the Ad Network to take the required action on the matter.
The fraud levels indicated by the advertisers dropped by 75% and the required fraud filters from ClearTrust are still on with the Ad Network to ensure nothing like this or similar happend again.