Gergő Varga reckons Verizon, Fedex, and Smirnoff are being robbed half a million dollars a month by advertising scammers.
The risk boffin and founder of advertising security firm outfit Enbrite.ly says the telco, transport and tipple trio which also includes Netflix and KFC are paying for fraudulent ad clicks.
"A relatively simple fraud scheme within the video RTB (real time bidding) ecosystem is costing advertisers such as Verizon, Netflix, Fedex, KFC and Smirnoff among others up to US$500,000 a month," Varga says.
"While they may believe that their ads are reaching premium inventory, in fact they are appearing on file sharing, piracy and pornographic websites through this arbitrage scheme.
"So basically what we have here is a very lucrative form of impression fraud and traffic laundering."
Real time bidding systems flog ads per impression in the milliseconds before web pages load. It is chimes AcuityAds a "revolutionary force" for online ad-men thanks to its "targeting and cost efficiency opportunities".
But unscrupulous fraudsters are plundering these opportunities by serving ads on piracy and porn sites.
Other sites targeted include one that contains naught but childish definitions of animals and has an expectant traffic rate of next-to-nothing.
But the web junk is pulling somewhere between US$100,000 and US$500,000 a month from big campaign advertisers by screwing with referrer traffic pulled in from its own ads placed on torrent sites and cyber lockers.
"It gets away with the charade by using multiple redirects to force the referrer, so the true source of the traffic remains hidden," Varga says.
Advertising scripts on the site ping the RTB networks until an impression wins a bid.
Varga says another site, lavishcar.com, is having similar success and has reported both to the advertising buyers.
He says the fraud could be killed off with proper due diligence procedures by RTB networks or with banner tracking codes (which he says for full disclosure his company sells).
The scam follows close on the heels of a March campaign slinging Flash exploits through RTB networks in a effort to snag ransomware victims.
At the time of writing more than 1700 malicious advertising requests were detected leading to malicious Flash files being downloaded over hundreds of unnamed sites. ®