The U.S. Department of Justice has sentenced a Russian man, Aleksandr Zhukov, for operating a large-scale digital advertising fraud scheme called Methbot (‘3ve’) that stole $7 million from American companies. The so-called “King of Fraud” was required to forfeit over $3 million in assets, which is roughly one million less than what he pocketed throughout his time scamming companies, with the rest of the money going to co-conspirators. The scammers ran a massive ad-fraud botnet which consisted of at least 700,000 active infections managed by a thousand data center nodes, and which used 750,000 IP addresses. These bots generated fake traffic to websites and created fake impressions on advertisements, giving the illusion that the ads were being seen by large amounts of people. The scammers sold ad space on a fraudulent website that was spoofed to appear as a legitimate site, making companies believe their ads were being posted and viewed by people on the actual legitimate website. The bots were programmed to behave like human internet users, including clicking around on the screen. None of the ads that companies paid Zhukov to run ever appeared on legitimate websites.
Cyber-criminals will use several ways to trick companies and individuals into believing their services are legitimate. Whenever outsourcing services, it is important for organizations to thoroughly investigate the company they will be doing business with. In any case, even if the company appears to be legitimate, organizations need to look at the security procedures that are followed by a third-party organization to ensure that information shared within a supply chain is being kept secure.