DoubleVerify this week announced that it has identified a new bot network that perpetrates fraud by circumventing ads.txt protections. Ads were running through ads.txt resellers.
How does the new bot network work?
The bot first visits a publisher site and scrapes the site’s content. The bot then creates falsified copies of the scraped pages on its own server, adding new ad slots that did not exist prior.
DoubleVerify says it manipulates the environment to make it appear as though the browser is visiting the original site, when in fact it is viewing falsified content and ads. It then sells the fraudulent ad slots – under falsified URLs – through an authorized reseller listed on the publisher’s ads.txt file.
In most instances, the ad slots masquerade as legitimate inventory and seem to originate from a valid site, thereby making the content, ad inventory and reseller arrangement appear legitimate.
“While ads.txt is a significant step toward resolving unauthorized reselling and associated fraud, it’s not a complete failsafe,” said Roy Rosenfeld, Head of DoubleVerify’s Fraud Lab. “This scheme was specifically designed to take advantage of the industry-wide ads.txt initiative and commit fraud that would not trigger ads.txt violations with programmatic buyers.”
Doubleverify said it has alerted impacted customers and partners, and implemented mechanisms to detect and protect against this pattern of fraud.