The Department of Homeland Security (DHS) is tasked with safeguarding the nation1—one of their key responsibilities is to fighting human trafficking.

But Adlytics recently discovered that the DHS funded known child-abuse sites through their digital ad spend.

How DHS Ads Landed on a Shady Site in 2023

The federal government allocated the DHS Blue Campaign—the effort to raise awareness for human trafficking—additional money in 2021.

DHS decided that digital ads would be a great way to:

[Develop] effective awareness tools for distribution to Federal and non-Federal officials to identify and prevent instances of human trafficking.

Makes sense—put money into the Google machine for views2.

DHS paid Google’s brand safety service (DV360) for safe ad spots that raise awareness and further their mission.

On September 19, 2023, the DHS “Blue Campaign” advertisement, designed to educate the public about human trafficking, was captured being displayed on an image sharing site.

Adjacent to this message were explicit sexual images (luckily self-uploaded from an adult in this case).

Even worse, this ad appears on a website known for hosting pornographic material linked to child exploitation.

This website is not an obscure platform; it has been identified by the National Center for Missing & Exploited Children (NCMEC) as hosting child sexual abuse material (CSAM), with reports escalating from 2 in 2021 to 20 in 2023

AdTech companies promise that it’s impossible for your ads to appear on CSAM sites.

They know that bad placement can sink a company’s reputation—or at least the campaign.3

Yet, there it was: a DHS campaign, funded by taxpayers, appearing in a context that undermined its mission and reputation.

This is not a theoretical, or isolated concern.

DHS advertisements—as well as those from the Texas State Government, Amazon, Google, etc4—were displayed on sites which have been flagged for serious CSAM violations.

If these major institutions can fail so profoundly, it raises the question:

Could your company be vulnerable to a similar fate?

Is it already?

Ad Verification Shortfalls: Insights from DHS

Although this particular failure is a black eye on the DHS Blue Campaign, it’s not nearly as sensational as some of the politicians have made it out to be.5

The greater concern lies in the abject failure of ad verification systems—tools intended to ensure advertisements appear in appropriate, meaningful, and reputable locations.

Despite impressive-looking reports claiming “99% safety,” this incident (among others) reveals significant shortcomings.

No organization, regardless of its size, industry, or resources, is immune to the deficiencies of current ad verification systems.

In this post, we will explore why ad verification is not delivering on its promises, and outline practical steps you can take to safeguard your marketing campaigns.

Note: Luckily no advanced technical expertise is necessary!

Although AdTech companies will try to bury you in jargon and terminology to make you feel like you could never do this alone—you instincts as a marketer and a willingness to scrutinize the process will be sufficient.

Why Are These Mistakes Happening?

How did such an error occur?

The culprit is programmatic advertising—the process where automated platforms like Google’s DV360 and Amazon’s ad services distribute advertisements to vast audiences.

When you buy spots with these programmatic ad placement tools, its easy to put money into a pot and have the system itself choose the placements.

Most companies do some form of this.

These placement tools prioritize efficiency and reach—which means relying on algorithms to place ads with minimal human oversight.

If you’re not careful, fraudsters will serve your ads on sites entirely Made For Advertisements (MFA)—sites with no real content or traffic that get paid to run as many ads as possible.

Your campaign will pay them to say that they served your ad without any human ever seeing it.

Ad verification was supposed to stop all these issues.

For a primer on digital ad fraud, check out this previous post:

Marketing's $100 Billion Dollar Mistake: Fraud in Digital Channels

Ward Rushton

·

December 6, 2024

Read full story

Ad Verification’s Unfulfilled Promise

Companies selling ad verification services claim that you’ll avoid these MFA sites as well as damaging ad placements (as listed above).

Ad verification is intended to serve as a safeguard, ensuring that you get what you pay for.

With verification, advertisements should appear in environments that align with your brand’s values and objectives.

Why are verification systems falling short?

Vendors such as DoubleVerify and Integral Ad Science offer assurances of “99% safety,” promising protection against fraud and unsuitable placements.

However, the DHS incident demonstrates that these claims can be misleading.

Ad verification systems are currently broken in three main ways.

1. They Lack Transparency

Verification vendors often provide only high-level data, such as the domain without specifying the exact pages where ads appear.

For example, if I were running for office and my team bought adspace on Craigslist.org, that might not be a problem.

But if it were actually on {area}.craigslist.org/missed_connections then that would look bad for my campaign.

I have to know what specific page(s) ads are run on to understand if my budget is spent appropriately.

This domain-only view left DHS unaware of the compromising context for their ads.

2. Old Tech Misses New Ad Fraud Tricks

I’ll give verification companies some credit—this cat and mouse game with fraudsters is tough.

Existing systems rely on methods that struggle to keep pace with the evolving tactics of digital fraud.

Newer bots that disguise themselves with accurate browser details and residential IP addresses are especially hard to detect.

These verification vendors produce reports claiming “99% fraud-free” results, yet they fail to detect advanced threats that he’s observed in testing—according to Dr. Augustine Fou, a noted expert in ad fraud.

This discrepancy suggests that their algorithms may not have been meaningfully updated.

Advertisers, in turn, receive a false sense of security from dashboards that mask critical vulnerabilities.

The limitations of this outdated technology extend beyond fraud detection to broader verification challenges, such as viewability and content suitability.

Fou points out that legacy vendors report inflated viewability rates—often 80-96%—despite measuring only a small fraction of impressions with actual tracking tools like JavaScript tags.

For marketers, this means continued exposure to misplaced ads—like those of DHS—because the systems meant to protect them are rooted in yesterday’s solutions, not today’s threat environment.

3. ‘Safe’ Labels Still Land Ads in Unsafe Places

Third, these systems often fail to evaluate the full context of a site’s content, allowing sites to be misclassified as “safe.”

At the same time, legacy rules put in place mean that you’ll miss opportunities for relevant brand impressions.

For example, half of the Oscars content this year was marked as ‘brand unsafe’ due to overly strict brand requirements6.

Especially in an era of LLMs, you’re able to run your own site analysis based on content.

Or even better, come up with your own whitelist! I promise, spray-and-pray is not an effective strategy.

We’ve found the worst of both worlds: Overly strict where unneeded and libertine where it matters.

For marketers, the implications are concerning.

Unquestioning reliance on verification reports can result in budgets being allocated to inappropriate platforms, potentially damaging your brand’s reputation or yielding no meaningful return.

Moreover, this issue carries ethical and legal weight.

Supporting sites linked to exploitation could (and does) invite scrutiny from regulators or stakeholders.

In this case, “brand safety” mechanisms from vendors such as DoubleVerify approved ibb.co as an acceptable site, failing to detect its inappropriate nature.

The consequence was not only a waste of public funds but also a stark illustration of a broader issue.

This misalignment highlights a flaw in the advertising ecosystem—one that extends beyond government campaigns to commercial brands as well.

So how do we fix it?

How to Avoid Ad Misplacements

You need not possess advanced technical skills to mitigate these risks. With a human eye and a proactive plan, you can take control.

Here’s what to do.

Ask Direct Questions

When engaging with your ad vendor, request specific details: “Can you provide a list of the exact locations7 where my ads appeared last week?”

If they evade or suggest it’s too complicated, press further.

You are entitled to clarity.

You’re not alone either.

Industry leaders are increasingly challenging vague responses from verification providers.

Investigate Independently

Take a hands-on approach by using accessible tools like URLScan.io to review ad placements.

Alternatively, ask your agency to supply this data.

Such efforts can reveal whether your campaigns are reaching questionable destinations.

Select Transparent Partners

Not all ad tech providers are equal.

The Adalytics report found that platforms like Trade Desk avoided serving ads on the problem sites in their report.

Note: Funny enough, The Trade Desk TTD 0.00%↑ was specifically mentioned in the report as an example of a company that didn’t serve ads on these sites.

But the stock has plummeted anyway along with other AdTech companies.

Investment analysts probably opened the report, ctrl-f’d “Trade Desk”, and sold the company stock.

Read more than headlines!!

Opt for vendors willing to share comprehensive insights.

Tell Vendors ‘No’ to Shady Sites

Explicitly instruct your vendors: “My advertisements must not appear on inappropriate sites under any circumstances.”

Formalize this expectation in writing and ensure compliance.

As a marketer, you are the guardian of your brand’s integrity.

These measures are practical and require only diligence and curiosity—qualities agnostic of technical ability.

Note: For most products, there’s a strong Pareto-style distribution for your reach.

A small percent of total sites your audience uses will convert a majority of the total (meaningful) traffic of your campaign.

Consider doing whitelist-only campaigns where you and your team manually choose a selection of sites for your advertisements. You may be surprised at how little the limitation changes the bottom line.

4 Specific Warning Signs Your Ads Might Be Misplaced

• The vendor is reluctant to provide a complete list of sites. Evasiveness suggests potential issues.

• Reported safety metrics appear unusually high. A 99% safety rate is often too ideal to be realistic.

• The site names raise suspicions. Unfamiliar or dubious domains warrant further investigation.

• You get disproportionate clickthrough rates. Interaction rates far from other, well-known locations—especially without true conversion—could be a sign of misplacement.

Conclusion

The DHS advertisement on a site hosting pornographic content is more than an isolated governmental oversight; it serves as a cautionary tale for all marketers.

The promise of “99% safe” placements is frequently an illusion, as shown by this case and echoed in broader industry discourse.

The Department of Justice has reflecting growing unease about verification practices

In our next installment, we will explore a deeper question:

• Why was DHS chasing clicks at all?

• Is performance marketing the appropriate vehicle for public missions?

For now, resist accepting verification data without scrutiny.

• Ask challenging questions.

• Verify independently.

• Hold your partners accountable.

Your brand’s reputation and your marketing budget deserve actual oversight, not an automated system with repeated, overlooked vulnerabilities.

Stay vigilant.

Caveat Emptor