Everything you need to know about StreamScam: The largest CTV ad fraud operation ever discovered

January 14, 2021 | 3 minute read
Kori Wallace
Content Manager
Text Size 100%:

Last month, news broke of the ad industry’s largest-ever connected television (CTV) ad fraud operation: "StreamScam."

The discovery, made by our team at Moat by Oracle Data Cloud, highlighted the vulnerabilities in the programmatic CTV advertising space and brought forth a great deal of inquiries: How exactly does StreamScam operate, what were the effects of the fraud, how does the industry move forward, and more?

To address the most frequently asked questions and keep this important conversation front and center, we sat down for a Q&A with Sam Mansour, our Principal Product Manager for Moat Analytics, and resident ad-fraud and invalid traffic (IVT) expert.

Want even more details about the StreamScam discovery? Join us for an in-depth webinar on January 21, hear straight from the product experts who discovered the scheme, and learn how you can stay protected.

What is StreamScam?

Sam: StreamScam is the largest-known CTV ad fraud operation ever exposed. The StreamScam operation exploited flaws in CTV ad-serving technology to fool advertisers into paying for ads that were never delivered to human households. The operation spoofed more than 28.8 million US households, including approximately 3,600 apps and 3,400 CTV device models.

How does the StreamScam fraud operate?

Sam: StreamScam perpetrators capitalize on vulnerabilities in the technology used to improve the video viewing experience in CTV. Known as Server-Side Ad Insertion (SSAI), the technology combines content and ads into a single video stream that can play seamlessly with no delays on end-user devices, such as Roku, Apple TV, and Fire TV.

How was StreamScam first discovered?

Sam: Using our Moat technology, we discovered that the StreamScam perpetrators built a network of servers that sent ad-impression events to Moat and advertisers without actually sending ad and video content to users. They forged household IP addresses, app IDs, and device IDs in the measurement events to make it appear that ads had played in those environments when in fact they did not. Our investments in research to improve CTV measurement and detect sophisticated ad fraud in CTV environments enabled it to identify the fake impressions and classify them as invalid.

How are publishers and advertisers impacted by StreamScam?

Sam: By generating fraudulent ad impressions through a fake SSAI server, perpetrators imitated publisher apps and user devices to trick advertisers into thinking that real people were seeing their ads, which compromised campaigns and drained budgets.

What steps have you taken to protect your customers since you discovered StreamScam?

Sam: Following the initial discovery of suspicious SSAI activity, we determined that StreamScam was the source of this activity. Our team updated its IVT identification and screening systems to clearly identify such traffic as fraudulent and block it, when possible.

Are you working with other companies in the digital advertising industry to address StreamScam?

Sam: We believe that information sharing is critical when new types of threats such as this are discovered, so that companies across the industry can work together and protect our customers.

To help educate and inform the broader industry of the StreamScam discovery and discuss mitigation, we held an industry briefing with the Trustworthy Accountability Group (TAG) and their 700+ members on January 12, 2021.

Do you have an estimate for the number of impressions or financial impact on advertisers of StreamScam?

Sam: StreamScam has cost advertisers an estimated $14.5 million and counting. For background, this was calculated using an average CTV cost per mille (CPM) of $20, according to data from eMarketer.

Are we likely to see more SSAI fraud?

Sam: SSAI-based fraud is a complicated challenge, as StreamScam demonstrates, and we believe it will grow quickly until our industry adjusts its defenses to address it. We plan to work closely with our peers across the industry to better understand this threat and the most effective tools to block it.

To learn more about Moat’s history of fraud detection and invalid-traffic monitoring, check out these blog posts:

Kori Wallace

Content Manager

Kori Hill Wallace is a content specialist for Oracle Data Cloud. She loves appetizers, animals, athletics, and alliteration. (She what she did there?) 

Previous Post

Oracle Data Cloud is starting 2021 with positive impact

Oracle Data Cloud | 1 min read

Next Post

The future of identity: A comprehensive glossary of terms

Oracle Advertising | 10 min read