DoubleVerify Discovers What’s Said To Be First Ad Fraud Scheme Targeting Digital Audio.
You may not have heard of BeatSting, but it is going down in the audio history books. BeatSting is the name of what is believed to be the first large-scale ad impression fraud scheme to target digital audio inventory. The scheme was uncovered by the software platform DoubleVerify, whose DV Fraud Lab first identified the ad fraud in 2019. Since then, an estimated $20 million has been siphoned from advertisers. BeatSting alone is responsible for costing unprotected advertisers up to $1 million per month.
Fraud targeting audio picked up precipitously during the second quarter of 2022, when the DV Fraud Lab detected what it says was a “dramatic increase” in fraudulent activity targeting audio channels after initially noticing smaller instances of the BeatSting attack in 2021. The scheme spiked again in January, and again the DV Fraud Lab quickly mitigated the attack. “Fraud always follows the money, and increasingly that money is flowing to digital audio, a rapidly emerging channel where digital advertising standards are still evolving,” DoubleVerify CEO Mark Zagorski said. “CTV continues to experience this phenomenon and, increasingly, audio is quietly becoming a new channel of interest and attack.”
DoubleVerify says the scheme makes it seem like the apps have users and inventory on which advertisers would want to bid when placing audio ads programmatically. Those requests then go out to supply side platforms and programmatic ad exchanges and ad networks. If an advertiser wins a bid on the inventory through any of those platforms, their ad dollars are wasted on a fraudulent opportunity. Publishers are hurt, too, since by creating fraudulent inventory, the fraudsters are siphoning money away from legitimate audio channels.
The fraudsters behind BeatSting typically spoof or falsify obscure mobile apps, such as streaming apps that have minimal downloads. DoubleVerify says several of the apps are associated with three app publishers including Digital Squadra, SNK Digital, and Digigrad. In total, the DV Fraud Lab identified more than 60 apps tied to the scheme associated with three main publishers.
“This is the first time fraudsters have used SSAI tactics to orchestrate large-scale impression fraud by falsifying audio traffic,” DoubleVerify says in a just-released report about the scam.
One reason DoubleVerify says audio is “the next frontier” for ad scams is that fraud always follows the money, especially in emerging channels of digital advertising where standards are still developing and may not always be transparent to advertisers or networks.
“Ad volume and the opportunity for ad fraud in audio have grown in tandem with user adoption,” it says. While digital audio budgets are small compared to display or video, DoubleVerify believes fraudsters will likely increase their activity across the channel as audio traffic continues to grow. “This makes transparency and partnership between verification providers and platforms critical to protect ad dollars,” the report says.
DoubleVerify has made its findings public in part to expose its fraud-fighting capabilities to media companies and advertisers. It says the DV Fraud Lab experts use advanced machine learning and algorithms to quickly identify and flag spoofed traffic generated via rogue SSAI servers. In the case of BeatSting, the DV Fraud Lab observed an abnormally high volume of traffic with anomalous patterns across the spoofed apps. In other cases, apps that had not been updated for a long time and did not have relevant audio content were generating a suspicious volume of audio traffic.
Hunting for the next BeatSting may not be easy, however. DoubleVerify says fraudsters often change their tactics to remain undetected. To complicate matters, some schemes operate under what it calls an “umbrella of a fraud family” with different variations using different tactics in different media.
“BeatSting also originated as a single CTV scheme in 2019. Since this family has not always targeted audio, it is possible the attack will again shift focus away from audio apps and potentially migrate fully back to CTV,” it warns.
To date this year, the DV Fraud Lab detected and stopped an additional seven new variants aimed at falsifying CTV traffic. And it says BeatSting’s family of fraud schemes has shown unusual mutations beyond the move into audio. Another scheme in the BeatSting family, LeoTerra, began attempting to hide its behavior last year by targeting Internet-of-Things (IoT) devices.
“The evolutions identified here show the lengths to which fraudsters will go in adapting their strategies to avoid detection,” the report says.