Ads.txt is an Interactive Advertising Bureau protocol to stop ad scams before they start. But enterprising scammers have found a way to use it as a key part of their fake advertising money-making schemes, according to a new report from DoubleVerify.

Here's how it works.

Ads.txt is a small file legitimate publishers place on their websites that indicates which ad networks are authorized to sell them inventory. Programmatic networks, which place ads instantly via automatic bidding processes, also use these files to determine the validity of the inventory they're buying.

Cue the scammers.

According to DoubleVerify, scammers are scaping legitimate sites' content, rebuilding it on a new domain, and selling newly added and fraudulent ad slots through authorized resellers listed in the Ads.txt file. Then, of course, they're automating fake site visits that look like they're visiting the original site to cue ad views and clicks which generate cash. Of course, no real human actually sees an ad.

"In most instances, the ad slots masquerade as legitimate inventory and seem to originate from a valid site, thereby making the content, ad inventory and reseller arrangement appear legitimate," says DoubleVerify.

40 percent of the Alexa top 1,000 sites now use Ads.txt, but ad space resellers who don't have direct business relationships with those publishers have campaigned to ask publishers to add them to the file. Many cash-starved publishers have agreed, and that means that unknown entities are re-selling ads on top websites.

"The bot net operators obtained accounts on some of the lesser-known resellers that had been included on the legitimate site's ads.txt file," says DoubleVerify. "Once accepted, they then sold their fraudulent inventory through these networks. In most cases, the ad slots appeared to originate from a valid site. Because the fraudsters targeted a reseller that was listed on the valid site's ads.txt file, their legitimacy was further reinforced."

It's unclear how much the bad guys made with this still ongoing scam, but global ad fraud has been estimated to cost brands billions of dollars each year.