CTV Fraudsters Are Using Smart Refrigerators to Falsify CTV Traffic

Getty Images
(Image credit: Getty Images)

NEW YORK—The digital media measurement and analytics company DoubleVerify (DV) has uncovered a new variant of the Connected TV (CTV) advertising fraud scheme, LeoTerra – which it first identified in July 2020. 

The DV Fraud Lab is reporting that the new variant spoofs IoT (Internet of Things) devices, including smart refrigerators and smart watches, in an attempt to hide fraudulent behavior. DV estimates that LeoTerra’s latest variant has cost unprotected advertisers up to $10 million this year alone.

“This latest iteration of LeoTerra shows how fraudsters are always looking for new ways to avoid detection,” said Roy Rosenfeld, head of DV’s Fraud Lab. “It also highlights how easily they spoof millions of devices by simply rotating through device lists that are free and easily accessible online.”

LeoTerra is a server-side ad insertion (SSAI) scheme that is part of an extensive operation of SSAI schemes known as OctoBot. To spoof large numbers of devices, fraudsters often use online device information sources, where they download lists of devices and incorporate the device information inside their falsified ad requests. This makes it appear as if their fraudulent traffic is coming from millions of different devices, the DV Fraud Lab report explained. 

In some cases, online device lists also include unique or invalid device information. The fraudsters behind LeoTerra downloaded an entire list of CTV and mobile devices from one of the popular online device information providers. This list, however, included more than just CTV and mobile devices – it also included IoT devices. Through the unique and invalid devices, DV accurately identified the fraudsters’ source for extracting their spoofed device data, catching the new variant and continuing to block its impact for customers.

“LeoTerra is continuously shifting patterns in its attempts to evade detection,” added Rosenfeld. “In the first half of 2022 alone, DV identified and flagged three new variants of the LeoTerra scheme. These three variants, including the one impersonating IoT devices, have spoofed more than 92 million devices during H1 and up to 3.5 million device signatures each day.”

Connected TV (CTV) advertisers in the US spent $14.44 billion last year on CTV1 and, at its current pace, that number is expected to grow to $27.5 billion by the end of 20252. As revenue opportunities in CTV grow rapidly, so does the opportunity for fraud, DV reported. 

“Unfortunately, CTV inventory is highly susceptible to fraud,” said Mark Zagorski, CEO, DoubleVerify. “Fraud usually follows the money – particularly in environments that lack data transparency, industry standards, and technology solutions to counter it. The CTV ad ecosystem is no exception.”

As the industry has become more aware of CTV fraud’s scale and impact, DV has seen fraudsters evolve to evade detection, with more schemes mutating or changing their initial approach. To date this year, for example, DV’s Fraud Lab has caught and stopped six new SSAI variants aimed at falsifying CTV traffic, the company said. 

DV’s Fraud Lab — powered by a dedicated team of data scientists, mathematicians and analysts — performs ongoing detection and analysis of new types of ad fraud across channels in order to uncover the latest schemes as they occur. 

For the full LeoTerra variant report, click here.

George Winslow

George Winslow is the senior content producer for TV Tech. He has written about the television, media and technology industries for nearly 30 years for such publications as Broadcasting & Cable, Multichannel News and TV Tech. Over the years, he has edited a number of magazines, including Multichannel News International and World Screen, and moderated panels at such major industry events as NAB and MIP TV. He has published two books and dozens of encyclopedia articles on such subjects as the media, New York City history and economics.