What is Ad Fraud? Merchants’ Guide To Ad Fraud

Free IP lookup API to uncover fraud, bots, and high risk users.

According to the Association of National Advertisers, digital ad fraud is one of the most costly and pervasive forms of cybercrime, with estimated annual losses over 100 billion dollars. If you advertise online, you’ve likely been impacted by this form of fraud. This guide thoroughly examines the basics of fraud, ad fraud mechanics, detection methods, and prevention strategies.

 

  • Types
  • How to detect
  • How to prevent
  • How it’s done
  • Negative effects

Learn More About Our Products

Types of Ad Fraud

Ad fraud refers to a deliberate attempt to deceive digital advertising systems. The technology infrastructure that connects advertisers with their target audience has several weak points that fraudsters will use to reap financial gain or simply waste ad budgets. Publishers, online platforms, ad exchanges, and users can all be exploited to commit ad fraud.

The two most common forms of ad fraud are click fraud and impression fraud. Lead, sales and install fraud occur but are more prevalent in affiliate fraud schemes because the ill-gotten reward can be greater. The main type of ad fraud to beware of include:

  • Click Fraud: Generating clicks by using a bot or untargeted, fake users
    Impression Fraud: Falsely manipulating the number of impressions for an ad
  • Lead Fraud: Purposely submitting fake or unqualified leads
  • Sales Fraud: Faking sales through stolen credit cards
  • Install Fraud: Taking credit for app installs not earned or earned through dubious methods
Within these fraud types, there’s great variation in the methods used to exploit the complicated digital advertising ecosystem with each element allowing for different kinds of scams.

How To Detect Ad Fraud

With enough data, bots, click-farms and scammers will leave tell-tale signs that they are up to no good. Accordingly, invalid traffic detection is an exercise in gathering data on your users and analyzing it for patterns indicative of fraud. This includes looking at longitudinal data of large groups of users as well as specific user behavior on your network. There are three types of data sets to analyze:

  • Traffic Monitoring: Severe spikes or dips in traffic to your site can happen naturally but unexplained swings in traffic can indicate fraudulent forces at work.
  • Device fingerprinting: Data is collected on each device and these data are analyzed for their likelihood of being used for fraud.
  • User behavior: Analytics such as conversions, bounce rates, engagement rates and time on site can be used to understand the quality of the traffic to your site.

There are several online tools marketers use to protect their campaigns. Regardless of which tool is chosen, implementing fraud detection is an easy process:

  1. Create an implementation and integration plan
  2. Configure your network with detection API
  3. Set up automated reporting or thresholds
  4. Actively monitor results

How To Protect Against Ad Fraud

Businesses can take several proactive steps to prevent wasted budget on ad fraud. These include verifying network traffic, implementing ad fraud detection and verification tools, setting clear campaign objectives, and continuously monitoring campaign performance. These steps combine anti-ad fraud tools with clear company procedures to prevent fraud.

Ad Fraud Tools

Ad fraud tools operate on a technical level requiring businesses to integrate fraud solutions into their existing tech-stack. Most tools use an API to directly interface with a server and provide real-time protection. Once integrated these tools include things like:

  • IP Blocklist: Refuse traffic if it’s coming from a known fraudulent IP address
  • IP Risk Scoring: Assess the risk of an IP accessing the network and reject risky addresses
  • Digital Fingerprinting: Unique identifiers for devices on the network are analyzed for risk
  • Pixel-based Detection Network: Pixels are placed on ads and websites to monitor for malicious users
  • S2S (Server-to-Server) Analysis: Bypassing client-side data that can be manipulated and looking at server data

When selecting a fraud prevention tool it’s important to focus on how robust the solution is. Things like blocklists and risk models are only as good as the data they’re based on, so smaller or boutique offerings may not be as effective.

Company Policies To Combat Fraud

Beyond the technology, there are more “manual” ways to combat fraud by developing strong internal controls that empower your employees to stop fraud before it happens. 

  • Dedicated Fraud Reporting: Create reports and alerts that focus on the fraud-related metrics 
  • Regular Campaign Audits: Review the performance of a completed campaign and look for instances or data indicating fraud
  • Vet Ad Partners: Work with established or well-vetted ad networks and publishers only

How Ad Fraud Is Done

In every corner of the digital ad ecosystem, there’s a fraudster trying to find an exploit. Unfortunately, within each type of ad fraud there are several methods that scammers can use. These methods vary between platform security vulnerabilities, automated programs (bots) and user exploits, but they all hurt advertisers.

Click Fraud

  • Click fraud is one of the most common forms of ad fraud. For those with technical know-how and a lack of morals, they can fake a click in a number of ways:
  • Click farms: People (usually in underdeveloped countries) are paid to click providing no value
  • Traffic bots: Automated programs that click on links as if they were real users
  • Malware botnets: Hacked devices will be unwittingly used to act as a traffic bots for scammers
  • Manual: Individual malicious actors make clicks
  • Cookie stuffing: Adding cookies to a browser to falsely indicate browsing history or track the user
  • Click stuffing: Using one user click to take credit for multiple clicks
  • Clickjacking: Hiding what the user will actually be clicking on underneath another clickable element
  • RTB click fraud: Fraud that exploits RTB ad platforms to drive clicks

Impression Fraud

Getting your messaging in front of your target audience online is easier now more than ever but it can open you up to several forms of impression fraud:

  • Ad stacking: Layering ads on top of one another, invisible to the user, still charging the advertiser
  • Pixel stuffing: An ad the size of a pixel is invisible to the user but counted as an impression
  • Cookie stuffing: Adding cookies to a browser to falsely indicate browsing history or track the user
  • Domain spoofing: When advertisers show ads on unapproved sites
  • Ad injection: Placing ads using a vulnerability on a site without the website’s permission
  • RTB impression fraud: Fraud that exploits RTB ad platforms to drive up the cost of impressions

Lead Fraud

  • Fake Leads: Fake lead information is entered using bots, manually or through click-farm operations
  • Stolen Credentials: Stolen accounts, names, emails and other information of real people is submitted
  • Misleading Leads: Users enter their lead information under a fake pretense from the affiliate.
  • Reselling Leads: Affiliates collect legitimate lead data and improperly submit them to multiple merchants.

Sales Fraud

More common with affiliate fraud but relevant to advertisers, sales fraud is one of the simplest scams because it’s more basic than other ad fraud (lying and stealing).

  • Misleading advertising: Conversions are gained by falsifying information or deceptive design
  • Stolen credit cards: Orders are placed with cc’s known to be stolen to get commission

Install Fraud

Install fraud uses many pre-existing fraud methods (farms, bots, spoofing etc.) and applies them to app or software downloads.

  • Device farms: Like click farms but for installs
  • Emulator farms: Like bot farms, one device emulates the actions of many other devices by emulating them
  • SDK spoofing: The app itself is hacked to report false information/install data
  • Backdoor installs: An unrelated and legitimate seeming app is downloaded and proceeds to download other apps without the user’s knowledge
  • Malicious software: Software previously installed will take credit for other app installs it didn’t earn

Learn More About Our Products

Understanding IP risk scores is just one piece of the fraud prevention puzzle.
Take your security efforts further with Fraudlogix’s suite of solutions: