“StreamScam” Connected TV Ad Fraud Rattles Advertisers

5 Min Read

Ad fraud has always been a major problem for digital advertising. So the relative lack of Connected TV ad fraud, which operates like a digital channel with a TV commercial ad unit, has been a bit surprising. Unfortunately those days appear to be over.

2020 has been a rough year for ad fraud on CTV. DiCaprio and Monarch, scams which affected apps on Roku devices earlier in 2020, resulted in advertisers and publishers losing millions. ICEBUCKET, uncovered back in April, used bots to impersonate more than 2M people to trick advertisers into paying for ads that were never seen.

All of those pale in comparison to the recently discovered StreamScam—the largest instance of CTV ad fraud to date. By targeting a vulnerability found in the programmatic supply chain, it managed to steal over $14M before being shut down. Needless to say, this is raising some questions around CTV’s security. 

Advertisers are right to ask what’s being done to protect their budgets. Thankfully, those questions have answers—let’s dive into the current state of ad fraud on Connected TV, and what you can do to mitigate your risk. 

Connected TV Ad Fraud Looks to Exploit Vulnerabilities

To combat ad fraud, first you need to understand it. And while no two CTV ad fraud schemes are the same, they do tend to have a few common traits. 

• They exploit weaknesses somewhere along the ad supply chain.
• They rely on “spoofing” to impersonate valid user, app, and device IDs.
• They use bots to generate ad impressions that no one will see.

For examples of this in action, just look to the scams listed above. DiCaprio leveraged security loopholes in the mobile dating app Grindr to submit fraudulent CTV ad requests. Monarch exploited a flaw in Roku’s app categorization to serve ads on passive CTV apps (think screensavers or apps meant to calm pets home alone). 

StreamScam, meanwhile, used a vulnerability found in Server-Side Ad Insertion (SSAI) technology. It spoofed over 28M US household IP addresses—including ~3,600 app IDs and ~3,400 CTV device models—then used SSAI as a means to insert that fraudulent data into programmatic auctions on open exchanges. This allowed it to impersonate both a viewer and an app, create a fake ad impression, and bilk advertisers out of their budgets.

This all may sound like advertisers are at the mercy of bad actors, but that’s not the case. These vulnerabilities can be mitigated with best practices that any CTV advertiser should be following to begin with. 

Direct Deals, Private Marketplaces, and Living Room Quality

In their writeup on ICEBUCKET, researchers from the Satori Threat Intelligence Team offered this advice to advertisers: “Ad fraud can be eliminated quickly through protected channels where there are direct relationships, trust, and full transparency.” 

The threat of CTV ad fraud can be heavily mitigated by working with ad solutions that offer the following: 

• They don’t buy inventory on open exchanges.
• They have direct deals in place with publishers. 
• They purchase inventory through private marketplaces (PMPs). 
• They curate their inventory to eliminate low quality sources.

Case in point, scams like StreamScam sidestep those measures by attacking programmatic open exchanges, which can carry poor inventory and lax security. Scams which exploit device vulnerabilities, like Monarch, use low quality inventory to facilitate and hide their actions.

MNTN has taken steps to protect advertisers from CTV ad fraud. Our Living Room Quality PMP offers top-tier inventory via direct relationships with publishers. Not only does it guarantee MNTN advertisers preferred pricing on top CTV networks and apps, it acts as a private marketplace that shields it from the dangers found on open exchanges:

• Unlike other ad solutions, it does not buy inventory on the open market.
• It uses secure IDs exclusive to the PMP, helping to avoid spoofed app IDs. 
• It offers highly curated inventory to avoid vulnerable, low quality sources.

Advertisers need to be able to trust that their budgets are spent on legitimate inventory, and we’re proud to say we can offer that. The direct publisher relationships available via Living Room Quality safeguard advertisers against exploitable vulnerabilities in the media buying process—protecting their budgets from becoming easy prey for scammers.

Transparent Reporting Gives Peace of Mind

All known CTV ad fraud has occurred at the impression level to take advantage of CPM pricing models—they aren’t faking site visits because there’s no monetary incentive. If you’re able to see the actions viewers take after seeing your ads, like visiting your site, you can have peace of mind knowing that your campaign is actually reaching real people.

That speaks to the importance of transparent reporting. It helps protect against fraud because it allows suspicious activity to be quickly identified; ad solutions that limit access to performance metrics provide the blindspots fraudulent actors need to hide their crimes. 

MNTN offers full transparent reporting via our proprietary attribution technology, Cross-Device Verified Visits. It tracks the entire customer journey, from when a viewer sees your ad, to when they visit your website and convert via any other household device. 

You can track these actions alongside any other vital metric via our reporting suite. It offers insight all the way down to the network level, meaning you can see which CTV networks are showing your ads, along with the performance tied to each one. And to provide even further transparency and accountability, our reporting is fully integrated with Google Analytics. 

This is the level of insight you should be looking for in a CTV ad solution—be sure yours provides it. You’re introducing a vulnerability without it, and as we’ve seen, sometimes that’s all it takes to fall victim to fraud.

Advertise Smart on Connected TV

Ad fraud headlines can be scary, but thankfully if you take the necessary precautions you can mitigate the risk to your campaigns. These scams will always hone in on vulnerabilities, but if you’re following best practices at the media buying and reporting levels, you can rest a little easier knowing you’re doing what needs to be done to combat Connected TV ad fraud.

Sign Up for the Connected TV Report

Subscribe to the report Apple, Amazon, NBC and more use to get their CTV news.