Based on an estimated average cost of $20 to deliver a thousand consumer impressions in connected TV viewing, the swindlers likely stole $14.5 million over the last four months, according to Derek Wise, chief product officer of Oracle Data Cloud. The scam, which was first uncovered by Oracle over the summer before the fraudsters accelerated their operation in September by faking more devices and apps, is still ongoing, the company said.
Ad fraud is more commonly associated with web video and display advertising, but bad actors are following the money as marketers shift money into streaming TV.
Although still only a fraction of the $60-$70 billion spent on traditional TV in the U.S. every year, ad spending on internet-connected TV sets, where most of streaming TV happens, will reach almost $8 billion in the U.S. this year and likely total $15.6 billion in 2023, according to research firm eMarketer.
And the ad technology infrastructure underpinning streaming TV remains nascent compared with online and mobile advertising, giving swindlers an opening, Mr. Wise said. “This is escalating significantly,” he said.
With StreamScam, swindlers used a practice known as “spoofing” to trick advertisers into believing their ads were running on legitimate apps and devices, according to Oracle. They used thousands of servers to impersonate “server-side ad insertion” technology, which are systems that stitch ads directly into programming to prevent issues such as buffering during an ad break. These fake SSAI servers then sent falsified ad requests masquerading as legitimate IP addresses, devices and apps.
Oracle said it uncovered StreamScam after noticing irregularities in the measurement data such as ad requests coming from older Apple TV models running on new iOS software that they couldn’t support. An analysis from Moat, a measurement and verification business within Oracle Data Cloud that says it tracks server-side ad insertion as well as ad impressions that actually play, confirmed the purchased impressions and programming never ran on real devices.
StreamScam involved 28.8 million fabricated household IP addresses, and spoofed about 3,600 apps and 3,400 internet-connected TV device models, according to Oracle.
Spoofing, the most common and troublesome version of fraud in streaming TV, requires the exploitation of not just flaws within the server-side ad technology but also a lack of visibility for advertisers buying inventory on open ad exchanges, said Tal Chalozin, chief technology officer of ad-tech firm Innovid Inc.
“That is the core part of all of this,” he said. “They take advantage of there being no direct connection between the merchant and the buyer by inserting themselves into the middle.”
Some advertisers have sought to do more direct deals with streaming-TV ad sellers, sometimes setting up private, invite-only automated marketplaces, in an effort to evade swindlers and secure more control over where their ads run.
But the industry will need to improve the technology tools, systems and measurement within streaming TV to more effectively combat ad fraud, Mr. Wise said.
Device makers, for example, can do a better job of disclosing what percentage of different models are being used by consumers currently, which would make it easier for measurement firms to detect anomalies, he said.
Some efforts already have been made to combat ad-fraud in streaming TV. Measurement and tech firms such as DoubleVerify Inc. and MadHive Inc. are developing brand-safety and fraud-management tools. Earlier this week, the Interactive Advertising Bureau, an industry trade group, signaled plans to bring a set of standards to streaming TV called “ads.txt,” which enable publishers and distributors to declare who is authorized to sell their inventory.