Fake traffic was sent to pages containing ads for JPMorgan Chase, Visa, Amazon, KFC, and other big brands. "We don’t take this sort of thing lightly,” a JPMorgan spokesperson told BuzzFeed News.

Social Puncher / Via ozy.com

This summer, Ozy.com, a news site that’s raised more than $35 million in funding from high-profile investors, published a group of articles in an ongoing series about how companies and entrepreneurs are trying to be a positive force in their communities. The content was created as part of a partnership with JPMorgan Chase, whose logo appears on each article. The stories appeared to be a big hit: Between May and October, the sponsored content ranked among Ozy’s most-viewed articles, according to traffic data from analytics service SimilarWeb. It’s the kind of success a publisher and brand would celebrate — except that the vast majority of traffic to the articles was in fact fraudulent, according to ad industry standards. Those stories, as well as other Ozy articles that carried ads from Amazon and Visa, received traffic that was purchased and delivered via a system that automatically loads specific webpages and redirects traffic between participating websites to quickly rack up views without any human action. JPMorgan told BuzzFeed News it had no idea its sponsored content was receiving paid traffic from the source in question, and Ozy said it believed the audience was valid when it purchased it. Ozy has since told the bank that the resulting traffic was not counted as part of the campaign. “We’re committed to only working with reputable and brand-safe publishers, and we don’t take this sort of thing lightly,” Erich Timmerman, a JPMorgan spokesperson, told BuzzFeed News. The incident is the latest glimpse at the roots of a crisis of trust in online publishing. Blue-chip advertisers increasingly doubt whether their online ad spending reaches real audiences, and JPMorgan in particular has taken steps to ensure its ads only appear on quality sites. But even quality sites present risks. Working in collaboration with ad-fraud consultancy Social Puncher, BuzzFeed News identified several other reputable publishers who also received the same invalid traffic during a similar timeframe as Ozy. They include Funny or Die, a video comedy site founded by actor Will Ferrell and several Hollywood producers; Community Newspaper Holdings Inc., a publisher of local newspapers in more than 20 states, which receives the traffic as part of a deal with video company Tout; Bustle Digital Group, a fast-growing digital publisher focused on young women; and PCMag, the venerable computing publication. All except CNHI say they have stopped using the traffic in question. The audience delivery system used by these publishers was first detailed in an October BuzzFeed News investigation that revealed how subdomains on Myspace and more than 150 newspaper websites belonging to GateHouse Media generated massive amounts of fraudulent video views and ad impressions. (Both companies blamed partners who operated the offending subdomains and said they did not profit from fraudulent views or ads. They shut down the subdomains.)

How the system generates traffic through redirects between websites. Tap to play or pause GIF Tap to play or pause GIF BuzzFeed News

An estimated $16 billion will be lost to ad fraud this year, and a significant portion of that will go to criminals who use bots and other nefarious means to siphon money out of the digital ad ecosystem. But this example shows how legitimate publishers contribute to fraud when they knowingly or unknowingly use invalid traffic and other illegitimate means to grow their audiences and increase ad revenue. “Illegitimate traffic sourcing occurs when a publisher pays a traffic supplier for a fixed number of visits to their website,” said a recent white paper about ad fraud published by the Alliance for Audited Media, a not-for-profit media auditing organization. “Publishers often buy traffic at the end of the month or quarter to ‘make its numbers.’ Traffic sellers often promise the publisher that the traffic is human and will pass through all ad fraud detection filters.”

Got a tip about ad fraud? You can email tips@buzzfeed.com. To learn how to reach us securely, go to tips.buzzfeed.com.

In the case of Ozy, it subsequently told JPMorgan it used the paid traffic to try to grow an email subscription list, according to a source with knowledge of conversations between the companies. BuzzFeed News provided Ozy with a detailed list of questions, in addition to video evidence showing how JPMorgan articles, as well as other content featuring premium ad units from Amazon and Visa, were receiving fraudulent traffic. The company replied with an emailed statement. “We're always testing new ways to share our quality content with new, premium audiences. Unfortunately, our digital ecosystem harbors audience sources that don't always fit OZY's target, and in some cases, exhibit behavior that is not authentic,” the statement said. “We are constantly monitoring our network for fraudulent activity, and immediately suspend any traffic sources that would devalue OZY and our partnerships.” The statement concluded, “We are proud to consistently overdeliver for our advertising partners across platforms, and it goes without saying that our partners only pay for quality delivery.” As with Myspace, GateHouse, and Ozy, all publishers contacted by BuzzFeed News said they had no idea there were issues with the traffic in question, and that it was deemed safe by different third-party verification companies. Some publishers ceased using the traffic after reading the BuzzFeed News article that revealed its origins, the system generating automated redirects, and the fact that verification company DoubleVerify deemed it fraudulent after a detailed investigation. Prior to that, it appears the publishers did not investigate the origin of the traffic they sourced for their websites. Mike Zaneis leads the Trustworthy Accountability Group, an ad industry initiative to fight fraud. He said a publisher is ultimately responsible for what happens on their site, and they need to engage in proper due diligence and monitoring. “Publishers have a responsibility here to monitor their websites. If you see wild spikes in traffic coming from strange places, or at strange times, you have a responsibility there,” he told BuzzFeed News. Sourcing traffic from ScreenRush

Social Puncher / Via Ozy.com

Ozy displays all the hallmarks of a premium digital publisher. But along with the illegitimate traffic going to JPMorgan’s and other content, data from SimilarWeb shows Ozy recently bought a portion of its audience from low-quality sources, including ad networks that specialize in pop-under browser windows that are opened on users as they visit other websites.

Ozy employs journalists to create content and says on its website that it reaches an aggregate of 40 million people a month through various channels. Data from Quantcast, a service Ozy uses to measure its traffic, says its website reaches 2.5 million people per month. Ozy also works with partners to syndicate its content and produces a TV show for PBS, among other non-web-based efforts. The PBS show is hosted by Ozy cofounder Carlos Watson, a former CNN commentator and MSNBC host who had a previous career as an entrepreneur. Ozy’s investors include Silicon Valley luminaries Laurene Powell Jobs, Ron Conway, and David Drummond, a senior vice president of Alphabet, Google’s parent company. Ozy also received a $20 million investment from German media conglomerate Axel Springer in 2014. Earlier this year it raised an additional $10 million from GSV Capital Corp. A few months after closing its latest financing, Ozy.com started receiving a significant increase in desktop visitors. Between June and October, roughly 2 million visits came from domains connected to a company called ScreenRush, according to SimilarWeb. This traffic was sent to specific articles on Ozy, many of which were part of the JPMorgan-sponsored content campaign. Other articles receiving visits via ScreenRush displayed special video ad units from Amazon and Visa, according to video compiled by ad-fraud consultancy Social Puncher. (BuzzFeed News contacted Visa and Amazon for comment but did not receive a reply.) Using SimilarWeb, BuzzFeed News examined the most-popular content on Ozy between June and October and found that 8 of the 10 most-popular article pages received the vast majority of their visits using URLs that attributed the traffic to ScreenRush. For example (emphasis added): http://www.ozy.com/immodest-proposal/-is-this-holiday-better-for-the-planet-than-earth-day/76915?utm_medium=cpc& utm_source=SR

http://www.ozy.com/acumen/what-does-it-take-for-a-large-corporation-to-go-green/80281?utm_medium=cpc& utm_source=SR

http://www.ozy.com/acumen/would-you-swim-with-a-crocodile/64792?utm_medium=cpc&utm_source=SR This was also the case for an article on Ozy written by the head of property management for JPMorgan Chase Global Real Estate. These ScreenRush URLs accounted for nearly all traffic to the JPMorgan-sponsored content.

Vlad Shevtsov, director of investigations for Social Puncher, said his team documented behavior on Ozy that saw ScreenRush load and remain on a page for 90 seconds before the system automatically redirected to the next domain in the scheme. "This is not sophisticated artificial traffic, just a dumb programming script," he said in an email. "The first question about these visits should be, How is it even possible that visitors went to other ScreenRush client sites if Ozy's pages have no links to any of these other sites?"

As detailed in the previous BuzzFeed investigation, the traffic ScreenRush sent to publishers largely originated from a group of more than 20 websites that purport to be online arcades. These sites all use the same design template and had their domains registered around the same time. The arcade sites also have nearly identical traffic patterns, as they are redirecting the same audience among them before passing it along to domains owned by ScreenRush — which, in turn, sends the traffic to publisher clients. (This method of redirecting traffic through domains to obscure its origins was detailed in a more recent BuzzFeed News story.)

Separate investigations by DoubleVerify and Social Puncher both determined the traffic coming from ScreenRush meets industry definitions for invalid, fraudulent traffic. They documented automated redirects being triggered by ScreenRush’s code without any human action on the page, as well as the presence of multiple video players running simultaneously. “You’ve got websites that are getting some sort of inbound traffic and then this begins a cycle of autoplaying videos with ad pages refreshing and sometimes redirecting to other pages,” Roy Rosenfeld, DoubleVerify’s vice president of product management, previously told BuzzFeed News.

Social Puncher

Instead of using video players to generate ad impressions, ScreenRush traffic was directed to Ozy pages that were part of specific campaigns. A spokesperson for DoubleVerify told BuzzFeed News it identified invalid traffic and ad impressions on a portion of Ozy’s users during the period the site received ScreenRush traffic. Daniel Aharonoff, the general manager of ScreenRush, disputed the conclusions of DoubleVerify and Social Puncher, and the reporting of BuzzFeed News. He said the traffic coming through his system passes the filters of multiple verifications companies and is therefore human and valid. “In all cases, the traffic is pre-screened by the ad-verification service chosen by the advertiser, and must be approved as valid in order to be delivered, so neither I nor any of the clients had any reason to believe the traffic wasn’t valid, at least until your article came out saying that DV had a different opinion on certain supply partners,” he said in an email. He said the redirects documented by DoubleVerify and Social Puncher (as shown in the above video) are in fact the result of a real-time bidding process that determines which site the traffic goes to next, and that the content is shown to engaged, human users. "We have a range of methods that assure us that supply is coming from 'real humans' and that the content discovery experience is in full 'viewability,'" he said. "Inherently this means if a 'user' wants to opt out they can 'simply' close the browser window that is present." Aharonoff offered a lengthy email response and his explanation of the activity shown in the Social Puncher video. It can be read in full here. He also said BuzzFeed News and DoubleVerify are unfairly targeting his company. “You are managing more than anything to scare partners with this singular view by DV which is hardly the industry standard,” Aharonoff said. He added that DoubleVerify is “clearly striving for relevance in a market dominated by their core competitors such as Moat & IAS among several others including various new entrants in the market.” Moat did not reply to questions from BuzzFeed News about ScreenRush traffic, but did note that a website connected to Aharonoff’s company incorrectly claims it is a Moat customer. IAS also said its logo was improperly listed on that site. It also said it flagged several domains used by ScreenRush to refer traffic to clients for “high brand risk.” Ozy stopped working directly with ScreenRush at the end of October. The next month, the site experienced a significant drop in desktop referral traffic, according to SimilarWeb. With ScreenRush gone, Ozy’s November traffic sources included ad networks that specialize in selling traffic generated via pop-under windows, according to SimilarWeb. These windows open behind the main browsing window as a user accesses the desired content. Publishers pay to have their content loaded in this pop-under window in the hope that the user will eventually see it. A recent BuzzFeed News story detailed how this form of low-quality traffic is often “laundered” through other domains before ending up on mainstream sites. Ozy did not respond to a question about the use of pop-unders to generate traffic. It also didn't comment on the fact that until November it was also buying audience via go.bistroapi.com, a traffic source that Social Puncher investigated and found to be selling fake traffic to a variety of publishers. Funny or Die and other sites got traffic, too

Social Puncher / Via funnyordie.com

At the same time ScreenRush traffic was flowing to Ozy, it was also being directed to pages on funnyordie.com that featured branded content for clients such as KFC and Showtime. Between July and October, SimilarWeb shows funnyordie.com received close to 900,000 desktop visits via ScreenRush. The comedy site was also a longtime purchaser of traffic from go.bistroapi.com, the highly suspect source that was also used by Ozy. Forensiq, an ad-fraud detection firm, told BuzzFeed News it detected high levels of nonhuman traffic on funnyordie.com over the summer. In response to questions about its use of ScreenRush and go.bistroapi.com, Funny or Die’s head of public relations, Carolyn Prousky, sent an email statement. “Once we found out there were discrepancies between our verification source and another report we discontinued the service as a precaution, though it was still passing other 3rd party verification sources as valid,” she said. Prousky did not respond to a follow-up question about the use of ScreenRush traffic on branded campaign pages. Romper.com, which is owned by Bustle Digital Media, also cited “discrepancies” as a reason for halting a test of ScreenRush traffic. A company spokesperson said ScreenRush traffic wasn't registering properly in some of the site’s analytics systems, so they stopped using the traffic. Before Romper discontinued ScreenRush at the end of September, it was responsible for more than 90% of the site’s desktop referral traffic during the test, according to SimilarWeb. One publisher that continues to receive ScreenRush traffic is CNHI, which owns more than 100 small newspapers in the US. It partnered with Tout to provide video on its sites, and Tout sources some traffic from ScreenRush for those videos. Trinh Bui, Tout’s vice president of client services, told BuzzFeed News that ScreenRush traffic continues to pass third-party traffic filters. He said Tout turned off one traffic source in the wake of the BuzzFeed News story about Myspace and GateHouse after it tested high for invalid traffic. As for the presence of automated redirects and multiple video players on the page, Bui said, “We expect the user to have a choice to watch videos or exit the video experience when they wish. When issues are flagged by partners or users, we immediately investigate the issues and work to resolve them as quickly as possible.” CNHI did not respond to a request for comment. A final prominent publisher that briefly used ScreenRush is pcmag.com. In the course of its initial reporting on ScreenRush, BuzzFeed News provided a list of ScreenRush domains to Augustine Fou, an independent ad-fraud researcher, so he could make an assessment of the system on his own. (He agreed with the conclusions of DoubleVerify and Social Puncher that the ScreenRush system generated fraudulent views and impressions.) After clicking on an unrelated ad on a site in the ScrenRush scheme, Fou soon found his browser being redirected to an article page on pcmag.com. That page began loading and reloading what Fou called “a really malicious stack of redirects.” He documented the behavior in a video he uploaded to YouTube.

BuzzFeed News shared the video with PCMag at the time. “We're taking this very seriously and have paused the ScreenRush test, as we conduct a deeper investigation,” a PCMag spokesperson wrote in a statement provided to BuzzFeed News. “PCMag has only recently and very sparingly been testing content recommendation services, which represent less than 1% of our traffic.” When informed of PCMag’s statement and the activity that led to it, Aharonoff was nonplussed. “It's unfortunate that [they] took that position,” he said in an email. “They onboarded, asked for KPIs we specifically delivered on which is the [time on site] you precisely saw. They are correct in that their buy was very insignificant, enough for you to buy my lunch at a not so fancy kosher restaurant.”