Some of the globe's most recognizable brands -- including Oreo, GlaxoSmithKline, Burger King and Sprint -- were bilked out of millions of dollars by a Florida company that used fake websites to skim from the ad-tech ecosystem.
Then, the scam's operators simply disappeared.
Perpetrators of online ad fraud are usually portrayed as running sophisticated, high-tech operations. But this scam is notable for its simplicity. The fact that some of the biggest names in ad tech were unable to detect it draws the industry's fraud-fighting capabilities into question.
The brands affected bought ads on a network of 300 sites owned by Client Connections Media, which listed the sites' ad inventory in the automated ad-buying marketplace and then flooded those sites with bot traffic.
By the time CCM got caught in March, it was generating at least $1.5 million dollars a month, according to online video security firm Telemetry, which uncovered the scam by noticing that nearly all of CCM's traffic originated from five internet service providers used by businesses, not by consumers. High traffic volume from business ISPs is a strong hint something is amiss. Further digging proved Telemetry's suspicions correct.
"It's rudimentary stuff," said Telemetry CEO Anthony Rushton. If the majority of the ISPs used to browse websites don't cater to consumers, he said, "chances are the traffic is non-human."
Even though it should have been simple to detect, CCM had a good run with its scheme. In one recent instance, it used an in-person meeting to gain access to advertiser demand, when one of the men behind it, Chris Bradley, paid a visit to little-known ad network Barons Media in Burbank, Calif.
For Barons it was a standard meet-and-greet with a publisher looking to have his websites listed with the network.
Mr. Bradley of CCM nailed the meeting, displaying a deep industry knowledge that helped cement a direct relationship between the two entities. "The guy is really smart, comes off very intelligent, very well put together," said Barons Director of Business Development Jason Rubenstein. "He obviously knows what he's doing."
$137.8B U.S. ad spend for top 200 advertisers
In addition to the meeting, CCM's sites passed a series of tests Barons put them through. "We checked with [ad quality product] Adtricity and we checked a bunch of other third parties. But they were able to get past those measures," said Barons VP-Operations Dan Kornblit.
Matt Timothy, president of Adtricity-owner Vindico, said it was "adding anti-bot functionality to the Adtricity platform and we were in beta when that came about." Adtricity now proactively blocks traffic coming from business ISPs in high volume, he said.
CCM's inventory also made its way into the selling channels of a number of well known companies, including Brightroll, Adap.tv and SpotXchange. All three companies confirmed the tainted ads ran through their systems.
Before striking the direct deal, Barons was buying CCM inventory through a third party. "It wasn't much of a sell because our advertisers were already eating up all the traffic," Mr. Kornblit said.
For advertisers, the scam is part of a much larger problem.
"We recognize that online ad fraud is an important industry issue," said Julia Marget, spokeswoman for Mondelez, which owns Oreo. "We're currently working with a number of our partners to understand how this issue impacts our company."
Burger King and Sprint declined to comment. GlaxoSmithKline did not return Ad Age's call by press time.
Without a trace
Six months after meeting Mr. Bradley, Barons received the report from Telemetry, which detailed the suspect traffic from the CCM operation and prominently displayed Mr. Bradley's photo on the third page, along with his alleged business partner Andrew Gibson.
Stunned, Barons tried to reach Mr. Bradley, but could not.
"I was pretty shocked. He was a complete fraud," said Mr. Kornblit. "He took off with quite a bit of our money." He declined to say how much.
In May, an article by the Financial Times detailed how a Mercedes-Benz ad placed through ad-tech company RocketFuel was viewed more often by automated computer programs than by humans. The fraudulent activity was part of the CCM scam, according to Telemetry.
Within days of the Telemetry report being circulated, CCM's sites went dark. Its own website, which boasted of the company's participation in multiple ad industry events, shuttered too. As for Mr. Bradley, his phone line went dead, his email began returning undeliverable replies and his LinkedIn page was deactivated.
Using phone, email and business address information from Barons and others, Ad Age tried to track Messrs. Bradley and Gibson, but could not.
The fraudsters have potentially gotten away with millions and the industry has many others to hunt down.
"There are more to come," said Telemetry's Mr. Rushton.