Like any good media planner, fraudsters are attuned to time of year, seasonality, demographics, ad formats and trends in consumer behavior.
With football season and the MLB playoffs in full swing, they seem to have turned their attention to pro sports sites.
“We see a lot of sophisticated invalid traffic targeting premium sites,” said Amit Joshi, director of product and data science at fraud detection company Forensiq, which recently uncovered a bot that’s targeting sports team websites.
All 32 NFL team domains are affected. The bot appears to hijack a browser and loads ads without the site being aware of it. It’s unclear exactly how Sports Bot, as Forensiq calls it, gets deployed, but it’s likely through malware.
Forensiq was tipped off to Sport Bot’s shenanigans when the company’s machine-learning traffic detection algorithm identified likely fraudulent activity among roughly 75% of pre-bid requests to NFL team sites.
After cross-referencing the NFL data with other sports team websites for the NBA, NHL and MLB, it became clear that team domains were particularly exposed, having yet to implement Ads.txt, the anti-spoofing method introduced by the Interactive Advertising Bureau. The volume of invalid traffic to team sites is higher than to larger websites, like nfl.com or espn.com, both of which have published their Ads.txt files.
Continue reading »