What is Ad Fraud?
Ad fraud is an attempt to defraud or trick digital advertising platforms to obtain financial gain. Criminals often use bots and other software methods to carry on fraud attacks. When scammers use bots to trick advertisers and PPC networks, it is called click fraud.
Types of Ad Fraud
Criminals use different methods, to carry out ad fraud:
- Click hijacking: when an attacker “steals” a link that was directed to one ad and redirects it to a different ad. To achieve this, attackers compromise the user’s computer and the ad publisher’s website. They also can compromise proxy servers.
- Fake apps installation: this method targets in-app advertising. Teams of people in click farms – low-paid workers who click massively on targeted links – install apps thousands of times. The goal is to gain advertising revenue.
- Hidden ads: this method aims to defraud networks that pay by impressions. Scammers hide the ad, showing it on the page in a way the user doesn’t detect it. Thus, the user is “seeing” the ad, and it counts as an impression for payment purposes.
- Botnet fraud: scammers use botnets to generate fake clicks on an ad or direct fake traffic to a website displaying the ads to generate “views”.
- Invalid Ad Traffic (IVT): this umbrella term is traffic that is not coming from real users. It could be coming from bots or other automated systems.
Mobile Ad Fraud
This type of ad fraud is directed to mobile applications. The goal of attackers is to steal money from advertising payments into fake impressions or faked installs.
There are several variations of mobile ad fraud. For instance, a fake publisher may hide adverts in a few pixels or place the ad out of sight so it generates views without the knowledge of the user.
A fraudulent application can generate clicks by running a feature in the background. Other cases involve sending impressions as clicks to make them count as it was converted into an engagement. Other times fraudsters send clicks from fake device IDs to track vendors.
Another common type of mobile app fraud is ‘click injection.’ In this attack, fraudsters publish or gain access to an Android application. Then use it to track installs in other apps and trigger clicks before the install is complete. Then, the scammer gets the credit for the install.
In a more sophisticated version of this exploit, called SDK spoofing, the attacker creates a fake but legitimate-looking install to attract installs and eat through an advertiser’s budget. The problem is that the installs appear legitimate because fraudsters collect real device data.
Ad stacking is a type of mobile ad fraud where the scammer stacks multiple ads one over another with the goal to hide them from view while appearing in records to justify the payment.
Why Does Mobile Ad Fraud Happen?
With everybody glued to their phones nowadays, mobile advertising revenues are soaring. According to Statista, mobile advertising spending reached $189 billion in 2019 and is expected to go over $240 billion by 2022.
Mobile ad fraud gives hackers an opportunity to make money relatively quickly by exploiting two key factors: one, the widespread popularity of mobile apps, and two, the lack of organized industry action to combat fraud.
How Do You Detect Ad Fraud? Step by Step Guide
Detecting ad fraud is easier if you manage your own display advertising campaigns but it can be done by paying attention to some key factors. Here are some red flags that can signal fraud activity:
- The on-site analysis is not good
When you see the same ad performing normally in one channel, showing real behavior (browsing through other pages, normal time on page, etc) and another channel shows high bounce rates and short sessions, it’s time to dig deeper and investigate.
- The campaign shows zero performance
This itself is the most common warning sign of fraud. It is even more obvious if you compare the display ad campaign with social media channels’ ad campaigns. If the landing page and offer are the same and you still see zero conversions from your display campaigns when other channels do produce, it’s a big red flag. It is highly improbable that your visitors would follow through with the desired action in one channel, and zero people will do it in the other.
- Your Click-through-rates are off the charts
On the other hand, if your click-through rates are abnormally high, let’s say more than 1%, it can be that a fraudster is tricking the platform. It is worthwhile to investigate more and check if you see any other of the above-mentioned signs.
- The site lists look fishy
Having long-tail site placements in a campaign report is not alone an indicator of fraud. However, if you see a very large number of long-tail publishers gathered into a tail aggregate, check the list to see if you detect suspicious sites on that list. Scammers generally use obscure sites.
- Visits seem to come from datacenters instead of user IPs
Both scams use data center IPs to conduct their attacks. Therefore, a red flag is when you see a data center IP address. Is a giveaway that the visitor is likely not a real one.
Other flag signs:
- High traffic spikes with low conversion rates
- The clicks or impressions peak at unusual times
- A large number of repeated visits from the same user agent.
4 Tips to Prevent Ad Fraud
- Stay alert for suspicious IPs: If you are not using an anti-fraud protection tool, try to spot suspicious IPs from publishers reporting, and eliminate them as quickly as possible.
- Limit your target audience: Targeting specific audiences can help prevent fraud, by limiting the opportunities for attackers to create fake traffic on your ad.
- If it seems fake, it probably is: If the inventory advertisement seems too good to be true, it probably is. For instance, if a big-name brand ad is selling the product ridiculously low, it is probably a scammer trying to catch unsuspecting users.
- Use only trusted Demand-side platforms (DSP): Media buyers use demand-side platforms to interact with ad exchanges and purchase inventory. Because the transactions are completely automated, they are vulnerable to ad fraud. Working only with a trusted DSP can greatly minimize the possibility of fraud.
How You Can Actively Guard Against Ad Fraud
- Use anti-targeting pre-bid contextual data segments
These segments are available through the demand-side platform. What do they do? They allow you to select segments and filter out specific levels of invalid traffic, or viewability tiers. The downside? You can end with a too-narrow inventory.
- Leverage an ad verification tool
These tools give advertisers campaign metrics and detect automated bot traffic, preventing fraud. The catch is that to work with ad verification tools as a media buyer, you need to have your own ad server to include the tool’s tracking code in your ad tags.
- Don’t stop analyzing your campaign data
Constant monitoring is critical to detect signs of fraud in your campaign. If you use an ad verification tool you can already have the metrics on invalid traffic levels.
Is Ad Fraud Illegal?
Despite the huge losses it causes, most countries don’t have specific laws against ad fraud. Many times this type of criminal activity falls under the category of cybercrime. While the European Union has strict anti-fraud laws as a whole, individual union members’ law is not that specific.
Scammers take advantage of these legal voids to conduct their activities and get away with them. Nevertheless, there have been some cases of ad fraud lawsuits.
Can you succeed at suing for ad fraud? The results are really unpredictable. Mostly because it is really difficult to prove who did the ad fraud.
Why Is Ad Fraud a Huge Problem for Advertising?
These days, ad fraud represents one in three dollars digital advertisers spend. Since it directly affects advertising budgets, ad fraud can undermine the best marketing efforts.
Ad fraud makes marketers make mistakes when measuring the performance of a campaign since it tampers with the real traffic and clicks results. For marketers, this can be a nightmare.
Why is it so difficult for advertisers to fight ad fraud?
First, ad fraud can go a lot of time undetected, so marketers are launching and measuring campaigns without knowing those are affected by ad fraud. This means any results and metrics are not accurate. For instance, in the common ad fraud case where an ad gets a lot of impressions but very few conversions, most marketers will assume the message is not getting through. The reality is that the ad clicks are being stolen by an ad fraudster.
Second, although some marketers are more vigilant of the signs of ad fraud, they are swept by what seems like good metrics and don’t want to see that it may be a product of fraud.
Latest Ad Fraud Trends
As companies protect against ad fraud attempts, scammers also improve their tactics. Here are ad fraud trends we may expect to see in 2020.
- Attack on the entire marketing funnel: anti-fraud experts expect fraudsters to combine their mechanisms in order to create collaborative attacks that manipulate the whole marketing funnel.
- More evasiveness and new exploits: attackers will get better at covering their tracks. Fraudsters may try to do reverse engineering of anti-fraud tools to try to be undetected as much as possible.
- Mobile ad fraud will be more complex: attackers will get better at providing a complete set of metrics to trick advertising systems. This may include providing seemingly legitimate (impressions, clicks, purchases, etc).
- More attacks on shopping applications: because e-commerce applications tend to use the CPA pricing model which is easier to hack.
The Biggest Ad Fraud in History
Dubbed the “Biggest Ad Fraud Ever” by Forbes, the attack called the Methbot campaign, enabled a group of Russian criminals to make between $3 to $5 million a day by faking clicks on video ads.
The group Ad Fraud Komanda acted carefully and efficiently. Using fake domain registrations they tricked programmatic advertising algorithms into buying their space over big-name brands. Next, the criminal group sent fake traffic from more than 570,000 bots to those ads.
Since the bots appeared to “watch” the almost 300,000 million video ads a day, the platform paid the criminals according to the pay-per-click system. With an average PPC rate of $13 per thousand views, the hackers were able to reap substantial gains.
The bots were intelligently programmed to mimic the reactions of real users, with fake mouse movements and social media login information. Criminals took pains to make the bots appear as close to real users as possible, even stealing hundreds of thousands of addresses and associating them with U.S internet providers so the system would think they belong to American addresses.
Key Ad Fraud Statistics
How Much Is Fraud Costing Advertisers?
- Digital ad fraud losses will grow exponentially by 2022
According to Statista, global costs will grow from $19 billion in 2019 to $44 billion in 2022.
- In 2017, close to 40 % of ad impressions from programmatic advertising were fraudulent (Statista)
- Ad fraud steals 20% of the global online ad spending (Campaign Asia)
- In the US alone the costs of digital ad fraud will reach $15.09 billion by 2021. (Statista)
Which Regions Are Worst Hit by Ad Fraud?
How Does Ad Fraud Harm Publishers?
Ad fraud tactics not only affect marketers but can break havoc in a publisher’s business. Here’s how different ad fraud techniques affect publishers:
- Domain spoofing: the fraudster takes place when a scammer impersonates a legitimate domain to present low-quality inventory as high quality. The buyer then purchases low-quality impressions at a higher cost. These attacks damage the reputation of publishers.
- Ad injection: this method involves fraudsters placing fraudulent ads on a publisher’s website without their knowledge. The injected ads look exactly like legitimate ads but they send the revenue to the fraudster.
- Ad placement fraud: this involves manipulating a publisher’s inventory to generate revenue, they can be hidden or stacked.
How Does Using a Monetization Platform Help Protects from Ad Fraud
Attackers prey on the lack of relations between the parties in programmatic advertising. Using a reliable partner, a monetization platform, can ensure publishers get high visibility over their site metrics and performance, which minimizes the risk for ad fraud. CodeFuel leverages trusted ad networks to provide reliable contextual ads.
Learn more about how CodeFuel, by using trusted partners gives you clear-cut monetization.