Advertisers are said to be wasting up to $1.28 million a day on thousands of fake websites

Getty Images

A huge online advertising scam has been exposed that could be costing businesses, primarily in the U.S., almost $1.3 million a day.

Over the past eight weeks, thousands of publishers have been subject to bots creating fake versions of their websites, a technique called "domain spoofing," according to a paper published Wednesday by ad technology company Adform.

Brands inadvertently bought advertising space on these fake sites via ad exchanges, promotions that were seen by computers not humans, meaning that advertisers wasted money and publishers missed out on ad dollars.

Adform suggests that this new bot, dubbed "HyphBot," is three to four times the size of the Methbot scam discovered by White Ops in December 2016. Methbot was said to originate in Russia and used a network of bots to fake views of as many as 300 million video ads per day.

Adform estimates that HyphBot cost businesses between $262,000 and $1.28 million a day, adding that clients using its platform were protected, costing them less than $1,000 a month.

White Ops: Scam from Russia
White Ops: Scam from Russia

The company calls its discovery "one of the largest botnets to ever hit digital advertising," with HyphBot generating fraudulent traffic on more than 34,000 websites, including premium publishers. In September, the Financial Times found that advertising inventory pretending to be from appeared on 10 different advertising exchanges.

"Our analysis suggests that infected devices — a network of bots — accessing the internet from more than half a million IP addresses (mostly from the U.S.) are responsible for this wave of non-human traffic," its report stated.

Online advertising fraud is a widespread problem, estimated to cost companies around the world $16.4 billion this year.

The method is used to trick brands and their agencies into buying advertising space on websites that don't exist, or that the sellers don't have access to. Because of the speed and volume of advertising bought automatically online, it is very difficult to check if an ad ran where a seller — or publisher — said it was supposed to run.

One way in which Adform suggests the industry clamps down on ad fraud is by using ads.txt, a tool created by the Interactive Advertising Bureau to protect buyers and sellers of online advertising.