What is Ad Fraud? Merchants’ Guide To Ad Fraud
Free IP lookup API to uncover fraud, bots, and high risk users.
According to the Association of National Advertisers, digital ad fraud is one of the most costly and pervasive forms of cybercrime, with estimated annual losses over 100 billion dollars. If you advertise online, you’ve likely been impacted by this form of fraud. This guide thoroughly examines the basics of fraud, ad fraud mechanics, detection methods, and prevention strategies.
- Types
- How to detect
- How to prevent
- How it’s done
- Negative effects
Types of Ad Fraud
The two most common forms of ad fraud are click fraud and impression fraud. Lead, sales and install fraud occur but are more prevalent in affiliate fraud schemes because the ill-gotten reward can be greater. The main type of ad fraud to beware of include:
- Click Fraud: Generating clicks by using a bot or untargeted, fake users
Impression Fraud: Falsely manipulating the number of impressions for an ad - Lead Fraud: Purposely submitting fake or unqualified leads
- Sales Fraud: Faking sales through stolen credit cards
- Install Fraud: Taking credit for app installs not earned or earned through dubious methods
How To Detect Ad Fraud
With enough data, bots, click-farms and scammers will leave tell-tale signs that they are up to no good. Accordingly, invalid traffic detection is an exercise in gathering data on your users and analyzing it for patterns indicative of fraud. This includes looking at longitudinal data of large groups of users as well as specific user behavior on your network. There are three types of data sets to analyze:
- Traffic Monitoring: Severe spikes or dips in traffic to your site can happen naturally but unexplained swings in traffic can indicate fraudulent forces at work.
- Device fingerprinting: Data is collected on each device and these data are analyzed for their likelihood of being used for fraud.
- User behavior: Analytics such as conversions, bounce rates, engagement rates and time on site can be used to understand the quality of the traffic to your site.
There are several online tools marketers use to protect their campaigns. Regardless of which tool is chosen, implementing fraud detection is an easy process:
- Create an implementation and integration plan
- Configure your network with detection API
- Set up automated reporting or thresholds
- Actively monitor results
How To Protect Against Ad Fraud
Businesses can take several proactive steps to prevent wasted budget on ad fraud. These include verifying network traffic, implementing ad fraud detection and verification tools, setting clear campaign objectives, and continuously monitoring campaign performance. These steps combine anti-ad fraud tools with clear company procedures to prevent fraud.
Ad Fraud Tools
Ad fraud tools operate on a technical level requiring businesses to integrate fraud solutions into their existing tech-stack. Most tools use an API to directly interface with a server and provide real-time protection. Once integrated these tools include things like:
- IP Blocklist: Refuse traffic if it’s coming from a known fraudulent IP address
- IP Risk Scoring: Assess the risk of an IP accessing the network and reject risky addresses
- Digital Fingerprinting: Unique identifiers for devices on the network are analyzed for risk
- Pixel-based Detection Network: Pixels are placed on ads and websites to monitor for malicious users
- S2S (Server-to-Server) Analysis: Bypassing client-side data that can be manipulated and looking at server data
When selecting a fraud prevention tool it’s important to focus on how robust the solution is. Things like blocklists and risk models are only as good as the data they’re based on, so smaller or boutique offerings may not be as effective.
Company Policies To Combat Fraud
Beyond the technology, there are more “manual” ways to combat fraud by developing strong internal controls that empower your employees to stop fraud before it happens.
- Dedicated Fraud Reporting: Create reports and alerts that focus on the fraud-related metrics
- Regular Campaign Audits: Review the performance of a completed campaign and look for instances or data indicating fraud
- Vet Ad Partners: Work with established or well-vetted ad networks and publishers only
How Ad Fraud Is Done
In every corner of the digital ad ecosystem, there’s a fraudster trying to find an exploit. Unfortunately, within each type of ad fraud there are several methods that scammers can use. These methods vary between platform security vulnerabilities, automated programs (bots) and user exploits, but they all hurt advertisers.
Click Fraud
- Click fraud is one of the most common forms of ad fraud. For those with technical know-how and a lack of morals, they can fake a click in a number of ways:
- Click farms: People (usually in underdeveloped countries) are paid to click providing no value
- Traffic bots: Automated programs that click on links as if they were real users
- Malware botnets: Hacked devices will be unwittingly used to act as a traffic bots for scammers
- Manual: Individual malicious actors make clicks
- Cookie stuffing: Adding cookies to a browser to falsely indicate browsing history or track the user
- Click stuffing: Using one user click to take credit for multiple clicks
- Clickjacking: Hiding what the user will actually be clicking on underneath another clickable element
- RTB click fraud: Fraud that exploits RTB ad platforms to drive clicks
Impression Fraud
Getting your messaging in front of your target audience online is easier now more than ever but it can open you up to several forms of impression fraud:
- Ad stacking: Layering ads on top of one another, invisible to the user, still charging the advertiser
- Pixel stuffing: An ad the size of a pixel is invisible to the user but counted as an impression
- Cookie stuffing: Adding cookies to a browser to falsely indicate browsing history or track the user
- Domain spoofing: When advertisers show ads on unapproved sites
- Ad injection: Placing ads using a vulnerability on a site without the website’s permission
- RTB impression fraud: Fraud that exploits RTB ad platforms to drive up the cost of impressions
Lead Fraud
- Fake Leads: Fake lead information is entered using bots, manually or through click-farm operations
- Stolen Credentials: Stolen accounts, names, emails and other information of real people is submitted
- Misleading Leads: Users enter their lead information under a fake pretense from the affiliate.
- Reselling Leads: Affiliates collect legitimate lead data and improperly submit them to multiple merchants.
Sales Fraud
More common with affiliate fraud but relevant to advertisers, sales fraud is one of the simplest scams because it’s more basic than other ad fraud (lying and stealing).
- Misleading advertising: Conversions are gained by falsifying information or deceptive design
- Stolen credit cards: Orders are placed with cc’s known to be stolen to get commission
Install Fraud
Install fraud uses many pre-existing fraud methods (farms, bots, spoofing etc.) and applies them to app or software downloads.
- Device farms: Like click farms but for installs
- Emulator farms: Like bot farms, one device emulates the actions of many other devices by emulating them
- SDK spoofing: The app itself is hacked to report false information/install data
- Backdoor installs: An unrelated and legitimate seeming app is downloaded and proceeds to download other apps without the user’s knowledge
- Malicious software: Software previously installed will take credit for other app installs it didn’t earn