Methbot: We’re missing the point. #callthefbi

If you’re in online advertising you have probably read about Methbot. As most of you know, I can’t resist a good fraud story. Since this one is getting headlines in CNN & CNBC I figure it’s a good time to get out from under my rock and comment, bust a few myths and point out the real problem nobody is talking about.

Myth #1: $3–5m/day.

Can journalists please do some real reporting and ask the people who are actually writing checks how much is going in this direction? AdFin magically came up with some #. I’m sure the real # is really big, but I really doubt it’s $3–5M/day. Every article is blinding quoting it without questioning it. What’s the methodology? Where did they get the data from? How are they estimating win-rates? CPMS? How do they know what % is getting caught vs. not caught?

UPDATE: A lot of people emailed me with their thoughts and many shared real #s… anonymously. The “crowdsourced” estimate is between $25-$250k/day. Still a big range if you add it up but 10–100x less than $3–5m/day.

Myth #2: We can’t find these guys.

We can. Well, by “we” I mean it’s possible, and the answer is the government. The FTC successfully tracked and took down a similarly complex global cybercrime network, Innovative Marketing, between 2008–2010. This was an operation run out of Kiev with multiple fraud products, 100s of millions of $s on the line, an incredibly complex network of shell companies and complex international law. They still took ’em down. It’s called subpoenas.

(as a side note, IM were the geniuses behind the insanely clever popup ads that declared “We’ve found porn on your computer, download WinCleaner now for $50 to get rid of it!”)

The real problem? Nobody is reporting a crime.

But wait… all this press .. people ARE reporting a crime. Nope. WhiteOps is reporting a potential crime. To prosecute and investigate a crime someone has to report it. In advertising, when fraud happens everybody wants it to disappear as quickly as possible, and officially declaring is is generally not a great idea if you want something to disappear. Especially if you are public!

The exchange issues some credits, cancels some payments to the bad sellers, adds some new fraud filters and then pretends that fraud has disappeared. Doesn’t call the FBI.

The agency (begrudgingly) accepts his credits, explains them to his customer and promises this will never happen again. Doesn’t call the FBI.

The publisher doesn’t even know he’s getting screwed as nobody discloses anything to him. Doesn’t call the FBI.

Just watch… over the coming days we’ll see statements roll out from everyone to the tunes of — “We have identified the bad actors on our platform and have deactivated them...”, “We have updated our fraud filters to account for this and will issue full credits..”. We will see:

  • No real financial #s published. We will continue to guess.
  • Nobody held accountable. No companies will go bankrupt.

I uncovered (probably the same) ring running on Google Adx over a year ago. Similar #s. What happened? A bit of press, Google issued some credits and then… nothing. I just looked at the quarterly disclosures… no mention of fraud, no mention of write-offs, no mention of investigations..

So did they call the FBI? Did they report that someone stole $100M from them? I doubt it. And thus the crux of the problem.

Private companies can’t track down international bad actors.
The government can.
Nobody is asking the government to do so.

Right now everybody is doing the same thing they’ve always done… wringing their hands and hoping this thing will go away as fast as possible.

What can we do?

The FTC case I mentioned above only happened because Innovative Marketing was defrauding consumers directly, and the FTC’s job is to defend consumers.

The problem in this case is that the FTC can’t help companies, they only help when consumers are defrauded, which isn’t happening here. The agency that needs to help is the FBI.

So… someone has to call the FBI. Who can do that?

The most obvious parties would be Google, Rubicon, AppNexus, Criteo or any exchange/ad-network that has paid out $ to a fraudster. There are two challenges here. First, often the fraudster comes indirectly to the exchange via a third party that is often a legitimate business. The exchanges don’t want to destroy relationship with their partners, so they don’t call.

So who can? This leads me to a whacky idea. In the end, advertising dollars are being stolen from publishers… its’ not direct, but those dollars would have gone to the real Economist, Forbes and New York Times. So… come on folks. Do you work at the Economist? Call the cops. You’re getting f*cked.