To date, our “Pharma and Digital Ad Fraud” blog series has focused primarily on how bots operate in the digital advertising space. In this fourth installment, we’ll consider how bots impact pharma brand websites.
We all know the web is overrun with bots that siphon off millions in ad revenue every single day. Most of us are actively looking for better ways to limit the damage, including getting smarter about how we buy digital media.
Yet we tend to overlook the many ways bots undermine brand websites. The truth is bots present significant threats to pharma websites, even though pharma sites don’t sell media or run ads.
Ensuring Website Security
Cybersecurity gets complicated fast, but the Open Web Application Security Project (OWASP) strives to make the key issues accessible to everyone. The non-profit organization’s Automated Threat Handbook names and classifies all known bot threats.
Each is described in everyday language, along with a list of possible symptoms and suggested countermeasures. Three of the more common threats in pharma marketing are web scraping, credential stealing, and skewing.
Pharma brand websites are attractive targets for web scraping, or collecting application content and other data for use elsewhere. As the manufacturer of a drug and the owner of its original content, a pharma company is the best source for reliable information about that drug. Fake websites that post drug interaction or side effect information will always be interested in your content.
Bots present significant threats to pharma brand websites, even though pharma sites don’t run ads.
Cybercriminals can use bots to scrape your content and publish it on numerous sites. This causes your SEO ranking to fall. Before long, when real patients and physicians search for information about your drug, they’ll find the content they need somewhere else first. Traffic to your brand website will decrease, and eventually, your revenues may also be affected.
After acquiring Yahoo last year, Verizon dropped a bombshell: A network attack in 2013 had compromised the accounts of all 3 billion Yahoo users. Names, passwords, and other personal information were stolen. Credential stuffing is the coordinated effort, through mass log-in attempts, to verify the validity of such stolen username/password pairs.
Bots buy the stolen data for pennies on the dark web. Then they start visiting brand websites—like ESPN, Nike.com, and your pharma brand sites—to test each username/password pair. When a combination works, they know they’ve found a real human being. And when that human is a high-value individual like a physician, they can sell his or her confirmed login credentials on the dark web for a much higher price. Ultimately, your website security is compromised and your brand reputation suffers.
OWASP defines skewing as “repeated link clicks, page requests or form submissions intended to alter some metric.” The group estimates that bad bots skewed data on 94 percent of websites in 2016, leading marketers to make many poor investments.
For example, successful retargeting depends on “following” your target audience across the web. If your brand.com cookies end up on a group of bots, rather than on actual physicians, your retargeting campaigns won’t work.
Blacklisting and bot detection offer only partial solutions to the threat of online bots. As we’ll discuss in the coming weeks, using audience identity management technology to verify the identity of website visitors is a more effective approach.