Largest CTV Ad Fraud Exposed

(Image credit: ThinkStock)

AUSTIN, Texas—The largest-ever connected television (CTV) ad fraud operation has been exposed by Oracle after involving 28.8 million U.S. households, 3,600 apps and 3,400 CTV devices.

Dubbed “StreamScam,” the fraud exploited flaws in CTV ad serving technology to fool advertisers into paying for ads that were never delivered to households. It did so by spoofing more than 28.8 million valid household IP addresses.

The previous largest CTV ad fraud was “ICEBUCKET,” which involved 2 million household IP addresses, 300 app IDs and 1,000 CTV device IDs.

PLUS: OTT, CTV Will Help Fuel TV Advertising in 2021 BIA Projects

Server-Side Ad Insertion technology was the primary way StreamScam perpetrators conducted their fraud, according to Oracle. SSAI combines content and ads into a single video stream that can play with no delays on end-user devices. Oracle found that StreamScam perpetrators built a network of servers that sent ad impression events to Oracle Moat (which tallies ad impressions that are inserted into video streams by SSAI) and advertisers without actually sending ad and video content to users. They forged IP addresses in the measurement events to make it appear the ads had played in those environments even though they did not.

Moat was eventually able to identify the fake impressions and classify them as invalid.

“Where advertising dollars go, criminals will follow, and rapidly-growing channels like CTV are presenting new opportunities for fraud and ad theft,” said Mark Kopera, head of product for Oracle Moat.

As consumers shift from traditional linear broadcast to multidevice and on-demand viewing, advertising spending in CTV is growing. U.S. CTV ad spending is expected to total $8.11 billion in 2020, per eMarketer, and increase to $11.36 billion in 2021.

Oracle plans to hold an industry briefing with Trustworthy Accountability Group (TAG) available to TAG members on StreamScam in January.