Russian criminals have been making between $3-5m a day by tricking ad exchanges into thinking their fake sites were major websites such as Vogue and ESPN.
According to a report on Forbes, the fraudsters ran a complex technical operation that saw up to 300 million video views being diverted from legitimate publishers.
The claim originates from security firm White Ops, which says the criminals (called Ad Fraud Komanda or AFK13) had created 6,000 domains and 250,267 distinct URLs that looked like legitimate websites. This reportedly tricked the algorithms in the exchanges to thinking their placement was best, over the more trusted websites with the audiences that the ad spend was intended to reach.
It says a bot farm was used to create traffic, with 570,000 bots used on the ads.
According to Forbes, White Ops has called the campaign the Methbot campaign. Those bots specifically tricked the system into thinking people were watching as many as 300 million video ads a day, averaging $13.04 per thousand faked views.
Ben Harknett, VP EMEA of RiskIQ, said: "Methbot is interesting as it demonstrates cybercrime innovation, targeting businesses themselves by posing as active users to dupe advertisers and acquire premium advertising revenue.
"This is the first time we've seen cyber criminals game the system on such a scale, taking millions of dollars a day out of the ad ecosystem. It's also one more example of why organisations need to expand their security programmes to incorporate digital defences that expedite the discovery, monitoring and mitigation of digital threats."
Many exchanges and programmatic businesses are investing in using ad fraud detection technologies but these criminals managed to trick these too, using “hundreds of thousands of IP addresses” that placed the traffic in US homes.