The connected TV industry is trying to shut down what is being characterized as one of the biggest examples of ad fraud in the space; a scheme that led to $14.5 million in misspent advertising.

On Thursday, Moat, a part of Oracle Data Cloud, outlined the connected TV fraud named StreamScam. Bad actors apparently generated fake video ad impressions, ones that were never served and never seen, which siphoned ad money that would otherwise go to legitimate video apps. It’s the type of investigation that companies like Moat conduct to test the powers of their own fraud detection services and promote their services to the market.

“This is, we believe, the largest operation we’ve found, but we think also the largest CTV operation reported to date,” says Mark Kopera, head of product at Oracle Moat. “It’s impacted, they generated traffic that was spoofed, based on 28.8 million U.S. households, spoofing 3,600 apps, and impersonating 3,400 different device types.”

Here is what happened: The fraudsters took advantage of a technology that is typically beneficial to the CTV space, called server-side ad insertion. This type of ad tech smoothly injects commercials into apps, the kinds that are viewed on Roku, Fire TV, Apple TV and other smart TV devices. With StreamScam, the perpetrators set up a “network of servers that impersonated server-side ad insertion.” They created spoofs that made automated ad buying systems think they were transacting on real video ad inventory, with spoofs of internet addresses, household data, devices and apps. A buyer would think they were receiving commercial space in a popular media app, but they weren’t. “In the end, there was no streaming content and the ads were served to no one,” Kopera says.

Kopera did not reveal what advertisers may have been compromised or which media properties were the ones being spoofed.

Companies like Moat Oracle are able to analyze traffic patterns in the CTV ad auctions to uncover when a server like this one projects suspicious behavior. Now, they say they are trying to share the findings with the rest of the industry to be on the lookout for StreamScam.

Some CTV ad experts say the threat is minimal for many advertisers and media companies, because this type of scheme mostly targets the darker corners of the ad market. In many case, advertisers are buying commercial space directly from the publishers or trusted partners, and can avoid the type of programmatic advertising tactics that are most susceptible to this type of fraud, says Tal Chalozin, chief technology officer at Innovid, a connected TV advertising and analytics platform.

“Server-side ad insertion is the main source of ‘fake’ CTV impressions,” Chalozin says. “That's a mechanism that allowed all of it to happen, however it only works when you are not buying inventory directly from the sellers.”

With all internet advertising systems, though, there is always some threat of running into fraudulent traffic and scheming. Buyers searching for less-expensive ad placements can get careless and publishers can outsource some of their ad demand to third parties to meet campaign goals for the advertisers.

The CTV space has been taking steps in recent years, as the industry matures, to create a more programmatic means of delivering ads, using the same automation that evolved within internet advertising and mobile apps. CTV companies have adopted some of the same tools in the digital video ad market that apply to traditional display ads. They are working with the same industry players, too, like the Trustworthy Accountability Group and the Interactive Advertising Bureau to set standards in CTV.

This week, the IAB Tech Lab launched a new initiative to address anti-fraud and transparency measures in CTV. The industry expects CTV ad spending to rise from $8.1 billion in 2020 to $11.4 billion in 2021 in the U.S., according to eMarketer.

The space is only growing with new entrants into ad-supported video on demand. Discovery just launched its new over-the-top TV app, and apps like HBO Max and NBC’s Peacock are opening more ad inventory to the market.

“Sophisticated invalid traffic (SIVT) detection technology has been critical for us in the fight against ad fraud,” said Jim Keller, EVP digital sales and advanced advertising at Discovery, in the announcement of the StreamScam detection from Oracle Moat.