Is Your Company Wasting Marketing Dollars? The 7 Billion Dollar Ad Fraud Problem

Too often, advertisers pay for digital ads that weren’t actually seen by a human. Here is what your small business needs to know before investing in paid digital marketing. 

Digital marketing encompasses the tactics businesses use to raise awareness about their offerings and drive sales online, from social media advertising to search engine marketing to mobile and video ads. While small businesses aren’t spending as much or as often in this realm as their larger counterparts, digital marketing spending has increased across the board. Seventy percent of small to medium-sized businesses said they will increase their digital marketing budgets in 2017, according to research from GetResponse as reported in Entrepreneur.

Digital marketing is so popular because it works. Marketers use cutting-edge technology to target their audiences with increased precision and with increasingly personalized messages. They can monitor their efforts in near real-time and make changes based on data to optimize their results. But it is not just advertisers who are interested in digital marketing. Cyber criminals also recognize an opportunity.

What You Need to Know about Bots

Let’s say you own a local dental practice and decide to invest in digital advertising to connect with residents in your area. At the end of the campaign, you are told your ad was seen 500,000 times, a fraction of which generated clicks. But what if you learned that some of the ads you paid for weren’t seen by real people, and that even some of those clicks were fake?

It is estimated that $7.2 billion ad dollars were wasted globally as a result of fraudulent traffic last year, according to the Association of National Advertisers (ANA), which conducts in-depth studies on ad fraud in partnership with the digital security company WhiteOps. Most ad fraud stems from bots, computer programs that masquerade as real people and can even scroll and click. Bots can be used to spread malware and harvest personal data, and they are disrupting the digital advertising ecosystem.

The tech company Zvelo offers a nice summary of how this works: “Ad fraud happens when a bot attempts to imitate legitimate web traffic (acting like a real person visiting a website) and generate additional (but fraudulent) web page views (and therefore revenue) for the website publisher. The advertisers’ budgets are compromised, as their dollars are being wasted on ads being served to bots rather than humans. This results in the advertisers and the end users paying the price for this fraud, as well as being exposed to the risks associated with malicious and fraudulent bots.”

Most publishers do not knowingly charge their advertisers for fraudulent traffic, but ad fraud can be challenging to police. Just this past December, Russian hackers pulled off what has been dubbed the “biggest ad fraud ever.” They created domains and URLs which appeared to belong to real publishers, including ESPN and Vogue. Then they created a bot farm to generate fake traffic to these pages. Much of digital ad buying is automated. Computer programs determine where to serve ads on behalf of advertisers, based on the advertisers’ target audience. The fraudsters were able to trick these algorithms. Via automated buying, advertisers served their legitimate ads on these nefarious sites to fake visitors—the bots! Digital advertising often uses a pay-per-click pricing model, which means advertisers pay every time a user clicks their ad. Well, these bots did a lot of clicking, so the hackers were getting paid big bucks — $3 million to $5 million a day!

What Small Businesses Can Do to Protect against Ad Fraud

Before you go swearing off digital marketing forever, know that members of the advertising ecosystem have teamed up in the fight against ad fraud. For example, the Trustworthy Accountability Group (TAG) was created by the American Association of Advertising Agencies (4A’s), the Association of National Advertisers (ANA) and the Interactive Advertising Bureau (IAB) to find ways to eliminate fraudulent traffic and combat malware.

For small business marketers, the first step is awareness—you must realize this problem exists. Then you need to find partners you can trust. Reputable companies like Google go to great lengths to protect advertisers. When choosing a digital advertising partner, ask them about the steps they take to identify and prevent ad fraud, as well as about their approach to viewability, which refers to how they determine whether or not an ad was seen and counted as a billable impression. Facebook is another fantastic tool for small business marketing in part because of its easy-to-use, self-serve platform, but also because it is vigilant about sniffing out fraudulent traffic.

If you will be doing extensive advertising, consider investing in a third-party solution that can help track your ads and monitor for ad fraud. White Ops, Integral Ad Science, FraudLogix and Forensiq all offer these types of solutions. Simply visiting their sites will help you learn more about the fight against ad fraud. Additionally, observe your traffic during the length of your campaign, and if something seems suspicious, reach out to your partner. Warning signs include stats that seem too good to be true, i.e., suspiciously high click-thru rates and abnormal patterns, like every impression served to a particular site generating a click.

Digital ad fraud is complicated, but the bottom line is simple. You need to choose your partners wisely and take education into your own hands. Doing so allows you to take advantage of digital marketing’s tremendous potential while mitigating wasted spending.

Cybercrime extends far beyond advertising and can affect every area of your business. Are your employees in the know? Anderson Technologies, a team of cyber security specialists in St. Louis, helps small businesses educate their employees about effective cybersecurity practices. For more information on our cybersecurity training services, email info@andersontech.com or call 314.394.3001 and check out our free eBook, An Employee’s Guide to Preventing Business Cybercrime.

What Your Small Business Custom Software Vendor Isn’t Telling You

It’s time we address the common misconception that using a cloud-based software solution is enough to keep a small business safe from rampant cyber threats.

Custom software is big business. Software vendors develop digital solutions specifically for niche verticals, from dental practices to dog kennels to accounting services. Small businesses use these products to manage their practice; handle scheduling, billing, and communication; support sales and marketing; and store critical data. A growing number of these solutions are cloud-based. There is undeniable data security in the cloud. Since data is stored remotely, not at the business’ physical location, users can rest assured that should something happen to their office or equipment, their data is secure.

However, custom software, cloud-based or otherwise, is not a substitute for network security best practices. Small business cybercrime is on the rise. In fact, almost 50 percent of small businesses have experienced a cyberattack. Companies that must meet HIPAA compliance need to be especially vigilant. Cybercriminals target care services more frequently than any other industry, in part because these organizations have such valuable data to steal—private, personal information.

Small business owners are sometimes lured into a false sense of security by their custom software providers. Although custom software and cloud computing afford a host of benefits on their own they aren’t enough to protect your business from threats. In addition to misconceptions about network security, small business owners are often left wanting more from their software vendors in terms of support. Service varies depending on the provider, but small businesses usually require more personalized attention than a software company can offer. Here’s what your small business custom software vendor isn’t telling you.

  1. Small Business Custom Software Doesn’t Protect You from All Threats

Busy small business owners are relieved to learn that by purchasing quality software, they can check a lot of boxes, including data security in the cloud. They breathe a sigh of relief and believe the solution will address all their network security needs. Unfortunately, that simply isn’t true.

Here’s an example. There is a common form of malware called keylogging in which cybercriminals infect your system with software that tracks your every keystroke. With the aid of technology, they sift through your behavior and sniff out useful data, such as login IDs, passwords, and financial information. Cloud computing doesn’t protect you from these attacks, or the myriad other ways determined hackers can infiltrate your network.

  1. Small Businesses Need to Protect “the Edges”

Companies of all sizes should take measures to protect critical data and thwart, or at least slow down, cybercriminals. This includes installing and regularly updating a firewall, installing and updating anti-virus and anti-malware software on all of your computers, protecting your public and business Wi-Fi networks, creating strong passwords, and educating your employees.

Many small businesses do not realize how rampant security threats are or how to fully protect against them. Government agencies and the military employ a multi-layer, defense-in-depth security strategy plan to preserve their critical data. They understand that determined hackers may find a way in no matter what they do, so they set up as many roadblocks as possible to slow them down and give hackers an opportunity to slip up and make their presence known.

Small businesses can emulate this strategy and devise their own multi-layer approach to network security. Cloud computing can be a vital part of the plan, but it also needs to involve other elements, like a firewall, intrusion protection system, VPNs for secure remote connectivity, and internet content filtering. Custom software providers simply do not provide this protection. It’s not their job to. But it is a small business owner’s job to understand the truth about his or her company’s digital safety.

  1. You Probably Need an Additional Data Backup Service

Your data is your business. Think about all the different components of your operation. Then think about how challenging it would be to recreate that information should something unexpected happen to it. You are storing billing data, payroll and tax records, customer and business credit card information, internal systems, website data such as source code, text and images, as well as social media assets. Is your custom software backing up all of these elements? Probably not!

Businesses need to analyze the data backup services their custom software partner is providing. If it isn’t handling every piece of business-critical data, an additional solution is required. (These tips for choosing a cloud backup provider can get you started.) Test the restore procedures regularly to make sure that if the time comes, they will be able to retrieve their information quickly.

Cloud-based custom software can be a sizeable investment. Certainly, it serves multiple purposes, and software providers are wise to promote those benefits as they sell their products; but they are not a substitute for IT services! Too many small businesses are lulled into a false sense of cyber security by their cloud-based custom software vendor.

How would your business withstand a cyberattack? Do you know where you stand with your cloud software security? Anderson Technologies, a St. Louis IT consulting company, can evaluate your cybersecurity and help you form a plan for preserving your data. To learn more, call 314.394.3001 or email info@andersontech.com today.

8 Steps to Safe(r) Online Shopping

Sure, e-commerce sites are convenient, but more and more frequently they are teeming with cyber threats that could compromise your financial information, identity, or even your business. Here’s what you can do to protect yourself.

Online sales in the U.S. are projected to reach $523 billion by 2020, according to a report by Forrester Research. In fact, many Americans are buying more online than in-store, and retailers aren’t the only ones taking notice. Criminals see the e-commerce boom as an opportunity for payment fraud, identity theft, and other cybercrimes.

Of every $100 spent online, $4.79 is at risk of a fraud attack, according to The Global Fraud Index, a PYMNTS and Forter collaboration. It’s important to remember cybercriminals don’t just acquire data by targeting you personally. They hack businesses in hopes of infiltrating their databases to steal customer information. If you’ve created an account with a website that is compromised, your information is at risk, even if you haven’t shopped there in months!

Most retailers take precautions to provide their customers with safer online shopping experiences, but the onus is also on the individual. These tips will help you identify secure e-commerce sites, protect your personal information, and at least mitigate the damage should you fall victim to a cyber criminal’s attack.

  1. Only Shop at Sites with “HTTPS” URLs at Checkout

HTTPS stands for Hypertext Transfer Protocol Secure and indicates that the business has an SSL (Secure Sockets Layer) certificate. This certificate requires the vendor go through a validation process. Once installed SSL and TLS (Transport Layer Security) are used to secure sensitive online transactions—such as credit card purchases, financial data transfers, account logins, and other browsing activities requiring a heightened level of security. The data you share with a site’s web servers is encrypted in transit, and thus much harder for hackers to exploit.

  1. Assess the Site’s Legitimacy

Before sharing any personal information, research the site’s return policy, social media presence, and online reviews. Check that it has a Privacy Policy, Terms of Use, and detailed contact information. If anything seems suspicious, leave the site immediately.

  1. Create a Separate Email for Online Shopping

Do not provide e-commerce sites with your personal or business email address. Instead, create an account you use solely for online shopping. You can set up your accounts so all emails forward into a single inbox, but limit how often you hand out your primary email addresses.

  1. Create Unique Logins and Passwords for Every Vendor

Password management is an important component of safer online shopping yet it is often overlooked. Should a cybercriminal gain access to one of your accounts, you want the damage to end there. Do not use the same login and password for everything. Create complicated passwords that cannot be easily guessed. Password management applications, such as LastPass, are invaluable tools to help automate this.

  1. Use a Dedicated Credit Card for Online Shopping

Most credit card companies offer some fraud guarantees and will work with you if your information is stolen. Additionally, consider using PayPal, which goes to great lengths to keep its customers secure.

  1. Do Not Save Your Payment Information

Sure, you’ll add a few seconds to future checkouts, but it is worth it? Should a criminal infiltrate an e-commerce platform at least you won’t be giving them your credit card number on a silver platter. Also, refrain from saving passwords on your browser and clear your history routinely.

  1. Delete Accounts You No Longer Use

Remember, even if you haven’t visited the e-retailer in months, your information could still be obtained by a criminal who hacks the site. By removing accounts from sites you no longer frequent, you’ll help keep your personal information safe.

  1. Be Wary of Promotional Emails

Cybercriminals use email as a means of spreading malware and launching spear phishing scams. If you receive an email from a retailer that looks too good to be true, visit the site directly to confirm the information is valid. Always verify the email address of the sender. If everything seems above-board, hover over the link before clicking it, which will allow you to review the URL. Be sure to do so carefully, as crooks often use domain names that look similar to reputable sites.

E-commerce is a part of life, but we can’t take our cybersecurity for granted. No business owner wants to encourage personal purchases on the job, but it is worth sharing best practices for safer online shopping to help keep your employees, and your business, secure.

Anderson Technologies is a St. Louis IT consulting company that helps small businesses educate their employees about effective cybersecurity practices. For more information on our cybersecurity training services, email info@andersontech.com or call 314.394.3001 and check out our free eBook, An Employee’s Guide to Preventing Business Cybercrime.