|Bot Fraud on the Rise, Doubling YOY
|People are spending 28% less time online this year than they did in 2022, yet traffic, as many network administrators will tell you, is up. What's going on?
According to HUMAN Security, a company specializing in fraud prevention, bot traffic is rising, more than doubling YOY. As a percentage of overall traffic, bad bots are rising faster than legitimate users.
This is just one of the more worrying findings in HUMAN’s yearly Enterprise Bot Fraud Benchmark Report, which examines over 20 trillion digital interactions each week (or about 33 million per second!). The annual report seeks to provide enterprise security teams with the insights they need to understand what they’re up against and take steps to enhance their organizations’ defenses.
The flourishing bot economy is a formidable enemy for security teams tasked with keeping corporate and customer data safe from hackers. “We see a continued increase in many types of bot attacks, including account takeover, carding, and scraping. As web and mobile applications hold more data and value, cybercriminals use automation to target them at scale,” said Ido Safruti, CTO at HUMAN.
Carding, account takeovers, and web scraping are particularly worrying for security teams, as they say, triple-digit increases.
Carding attacks are up 134% over last year. These are instances when attackers use bots to test stolen credit and debit card data by making small purchases on eCommerce sites. Validated cards are then used to buy gift cards, which are converted into high-value goods and resold online.
Account takeovers are up 108% YoY. These are attacks where fraudsters gain unauthorized access to online accounts via automated logins with stolen credentials. They use these credentials to make purchases with stored payment data, drain account balances, steal gift cards and loyalty points, write fake reviews, submit fake warranty claims, and distribute spam and malware.
And scraping is up 107%. Competitors use the information to gain a competitive advantage. Furthermore, if bad actors repost scraped content, it can damage the original site’s SEO rank.
“Just after the 9th circuit ruled that scraping was not covered under CFAA, HUMAN saw a dramatic increase in scraping attacks across the internet. It was amazing to watch these events unfold in real-time,” Zach Edwards, HUMAN’s Senior Manager of Threat Insights, explained in the report.
Certain industries are targeted more frequently than others. Bad bots accounted for 57% of traffic to online businesses in the media and streaming industry, as fraudsters access and resell content and steal customer data.
The travel and hospitality sector isn’t far behind, with bots accounting for 49% of site traffic. Travel apps are a top target for scraping attacks, as inventory and pricing data, the heart of such companies' business strategies, change frequently.
The other notable industry that is targeted by automated bots is ticketing and entertainment. Bots make up 46% of traffic to these sites (think: the Taylor Swift ticket debacle last year). As tickets go on sale, these sites are flooded with users, making it easy for bots to hide.
One way to identify nefarious bot traffic is to look at the mix of device types that hit a network. The report notes that enterprise attackers prefer to hide behind desktop devices and that just 26% of malicious requests come from mobile devices. But 61% of legitimate users sign on using their mobile devices. This isn’t to say that all desktop traffic should be considered suspect, but an influx in such traffic may be a warning sign.
Fraudsters are also using anonymizing proxy servers to mimic normal human traffic. More than 68% of worldwide malicious came from proxy servers located in the U.S., and 75% of traffic to U.S.-only applications.
|Online scams significantly impact U.S. society, both in terms of the financial losses incurred by victims and the broader social and economic consequences. According to the FBI, Americans lost over $10 billion in online scams in 2022, up $3 billion from 2021. Scammers target older Americans the most frequently, and if left unchecked, these escalating crimes can impoverish the nation's senior citizens.
Such scams are also prompting ad-blocker installations. In 2021, the CIA and NSA told Congress that they use ad blockers to protect their network. And in a pre-holiday public service announcement, the FBI advised consumers to install one to protect themselves against scams. Advertising funds the internet, and if enough people heed these warnings, numerous publishers and brands will be put at risk.
Online scams also erode trust in brands and undermine the consumer's confidence in the digital economy. This lack of trust makes it difficult for legitimate businesses to grow their customer base and can ultimately slow down economic growth and innovation.
|Disney + Pepsi + Kroger = Granular Targeting on CTV
|Disney is staking a claim in the retail media business. The media company launched a beta test with Kroger Precision Marketing and Pepsi, which allows CPG marketers to utilize shopper data to reach audiences across Disney's inventory. Hulu is the first target in the beta test.
Packaged-goods marketers have needed help reaching audiences on linear TV and digital for quite some time. This move sparks a trend as they turn to CTV and retail media to reach their target audience. It also expands Kroger's goal to connect its data with CTV platforms. They already partner with major SSPs and Roku.
"The fact that KPM has this rich data set that we can infuse and integrate into right now with Hulu, where we've started the implementation, really enhances the outcomes we can drive for advertisers," said Danielle Brown, senior VP of data enablement and category strategy for Disney Advertising.
KPM utilizes AI to target household segments for ad targeting and links them to Disney's inventory. They also leverage LiveRamp to evaluate ad exposure concerning the brand's selected KPIs, such as sales or brand lift.
The partnership relies on the data Kroger collects from the over 60 million households that shop with the grocer annually, as well as deeper insights from its loyalty program.
Disney has also alluded to adding more Retail Media partners based on the success of the beta test. KPM was their first choice because of its effectiveness and reputation in advertising.
According to Lisa Valentino, executive VP-client solutions and addressable enablement of Disney Advertising, the test will focus specifically on measurement that moves sales for advertisers directly instead of alternative currencies on CTV.
"While the industry is focused on identifying alternative currencies, Disney is doubling down on driving real-world results for brand clients every day," said Valentino.
|Retail media has gained clout in the ad tech industry over the past few years for its robust selection of first-party data. Specifically, industry experts proposed retail media as one of the many post-cookie solutions for mobile and desktop audience targeting.
For a while, the digital advertising industry assumed that the rise of retail media networks would take away revenue from publishers. Retailers also distanced themselves from the advertising community because of their reputation with user experiences. Amazon's flourishing ad tech business changed the minds of both sides.
They now understand that retailers and publishers can establish mutually beneficial relationships. Disney seeks similar benefits in their partnership with KPG and Pepsi. While the CTV space already sits in a cookieless environment, with such a fragmented ecosystem, retail media can help bridge the measurement and targeting gap.
"So many brands are in different spaces, whether they're growing share or losing share, have new innovation they're looking to spark or drive net new households into a category," said Cara Pratt, senior VP of Kroger Precision Marketing. "This allows us to bring all these signals in and deliver an audience strategy connected to Disney's content that supports brand objectives."
The beta test with Disney is still new, but KPM's data has proven worthwhile for other CTV platforms, such as Roku.
For example, Neutrogena used Kroger's customer purchase data to engage brand buyers with Roku streaming ads. The campaign helped Neutrogena get an 8% uplift in household penetration and a 5.5% uplift in sales.
"Marrying Roku and Kroger, you are marrying the best of the best. You have wonderful video content with sight, sound, and motion with advanced audiences with closed-loop measurement," said Elizabeth Cotogno, group director of agency partnerships at Kroger Precision Marketing. "We can tell you if a business outcome is impacted due to this partnership. That is super powerful."
|Netflix Launches a PMP in Partnership With Microsoft
|Netflix has wanted to create its own ad tech business for a while. Their partnership with Microsoft's ad platform to create a private marketplace suggests they are making moves to create a tech stack. They might have relied on a partnership to do it, but Greg Peters, Netflix's co-CEO, told investors they have ambitions to innovate in the ad tech space.
Of course, a partnership with a well-established ad business is a clever play for building your own ad tech business. Like in Rome, building a tech stack does not happen in one day. Access to Microsoft's ad business helps Netflix come closer to reaching its goal.
"For now, we're very much in the mode of following a well-trodden path," said Peters.
In addition, Netflix is working hard on creating more ad-supported content. Q1 research shows that 95% of Netflix's content is available through an ad-supported plan. Adding their private marketplace will also help them as more content opens up for advertising alongside their move to leverage DoubleVerify and Integral Ad Science ad verification measurement.
|Much industry gossip about Netflix's ad tier subscription existed long before its implementation last November. And while many critics suspected an ad tier would hurt the company's growth, Netflix's co-CEO predicted it would bring in more subscribers. While things started slowly, by January, about 19% of new subscriptions in the U.S. signed up for their ad tier.
"Like with a price increase," Peters said, "we expect to see an initial cancellation reaction at first, followed by increased membership and revenue as borrowers sign up for their accounts or as subscribers pay to add an extra member to their plans."
When the ad-tier subscription was first released, projections for success were optimistic. This year, analysts predicted Netflix's ad spend wouuld reach $830 million and skyrocket to $1.02 billion by 2024. As for now, Disney's ad business reigns supreme, and its claim to the throne will most likely stay cemented with the addition of Kroger's retail media network.
Netflix has some catching up to do, but they still have a fighting chance. In Q1, Netflix saw a 4% increase in YOY revenue and increased its total paid memberships by 4% to just over 232 million subscribers. Although its subscription rate took a dip, the streaming platform gained 1.5 million subscribers this quarter compared to its 7.5 million last quarter.
As Netflix builds its new tech stack and consumers get used to the ad-tier option, they might see a rise in its ad stock.
House Members and Aides Affected in Data Health Breach The devil works hard, but bad actors work harder to steal your data. This time, their victims were 17 House members and over 500 aides whose data was compromised at D.C.'s health insurance marketplace last month. The stolen data included names, birth dates, and Social Security numbers.
Ad Industry Asks Congress to Lighten Broad Ad Restrictions Privacy for America sent an open letter to the House subcommittee the evening before they conducted a data brokers and online privacy hearing. They urged Congress to avoid "unreasonable barriers to effective and responsible uses of data."
Meta Prepares Another Round of Mass Layoffs The recession holds no bias to industry, company size, or region. Everyone, including Big tech companies, had to cut costs with the market in disarray. Last year, Meta laid off 11,000 employees; this time, rumors suggest up to 4,000 could face the axe.
|Around the Water Cooler
|House Members and Aides Affected in Data Health Breach The devil works hard, but bad actors work harder to steal your data. This time, their victims were 17 House members and over 500 aides whose data was compromised at D.C.'s health insurance marketplace last month. The stolen data included names, birth dates, and Social Security numbers. (Axios)
Ad Industry Asks Congress to Lighten Broad Ad Restrictions Privacy for America sent an open letter to the House subcommittee the evening before they conducted a data brokers and online privacy hearing. They urged Congress to avoid "unreasonable barriers to effective and responsible uses of data." (MediaPost)
Meta Prepares Another Round of Mass Layoffs The recession holds no bias to industry, company size, or region. Everyone, including Big tech companies, had to cut costs with the market in disarray. Last year, Meta laid off 11,000 employees; this time, rumors suggest up to 4,000 could face the axe. (Tech Crunch)
Results of Google's Privacy Sandbox Show Promising Results Google released the results and spending for IBA decreased minimally relative to cookies, as did performance metrics, but ROI (conversions) decreased less than ad spend. The experiment also highlights that AI-powered optimization can positively impact campaign effectiveness. (MobileDevMemo)