Fraudsters continue to flock to CTV.
Media measurement company DoubleVerify has uncovered what it’s calling the first server-side ad insertion scheme known to hijack real CTV device sessions. At its peak, the scheme, which DoubleVerify has named “SneakyTerra,” spoofed over 2 million devices per day and cost unprotected advertisers more than $5 million per month. Those numbers are based on an average $20 CPM across CTV.
SneakyTerra works by buying a real impression and then inserting impression trackers from multiple ads, obtained through spoofed SSAI calls, into one creative response. When an actual CTV device receives this response, pixels fire for all the impression trackers — meaning although only one ad is seen, impressions for multiple ads are generated.
DV’s Fraud Lab was able to see SneakyTerra’s spoofed SSAI transactions before the fraudsters were able to execute their impression on a real CTV device.
According to DV, the company first identified and began blocking SneakyTerra in July 2020 and December 2020, respectively. The SSAI-powered scheme marks an important evolution in CTV fraud as it’s more sophisticated than other large schemes to date in the CTV environment.
The use of purchased impressions — stuffed with multiple fake ads that will never be seen by a real person — made SneakyTerra more difficult to detect, according to DV. Ad servers and measurement vendors get real data on where the ad served, rather than spoofed SSAI data, because SneakyTerra’s stuffed impressions serve on real devices.
“Fraud follows the money, and the revenue opportunities in CTV are growing rapidly,” said Mark Zagorski, CEO at DoubleVerify, in the company’s SneakyTerra press release. “In 2020 alone, DoubleVerify identified more than 10 SSAI schemes, and we’re seeing fraudsters execute increasingly sophisticated, larger schemes meant to divert more revenue from unprotected advertisers. Trusted, independent measurement is critical in the CTV space to give global brands confidence in their CTV buys.”
As seen with each newly uncovered fraud scheme, the CTV ecosystem can be more susceptible to bad actors than other environments for a few reasons.
For one, it lacks transparency. Advertisers usually don’t know what apps or content they advertise in. Also, releasing fraudulent apps is easy as anyone can create and distribute CTV apps, even in ‘closed’ app stores. Furthermore, key verification standards aren’t available. VPAID, which could offer advanced fraud detection capabilities, isn’t supported by CTV devices. App-ads.txt, which could be used to help verify inventory sources, also has a relatively low adoption in CTV environment
To see DV’s full report on SneakyTerra, visit: https://doubleverify.com/sophisticated-ssai-scheme-hijacks-real-ctv-device-sessions.
