Understanding Ad Fraud

Ad fraud is when cybercriminals deploy bots to exploit advertising platforms and advertisers. Because bots are capable of defrauding real people, publishers, and most devices—from desktop and mobile to other emerging ecosystems, such as Connected TV (CTV)—this type of fake activity can be both extremely difficult to detect and frustratingly pervasive.

In a recent study, Juniper Research found that 22% of all ad traffic is fraudulent, collectively costing companies $84 billion over the course of a year. Thus, monitoring and disrupting ad fraud has become a major priority for many marketers, helping them ensure that their ad spend is going toward real customers and defending themselves against security threats, brand erosion, and much more.

Ad fraud comes in many different forms and levels of sophistication.

For instance, botnets, which are networks of compromised computers or devices, can be programmed to generate fake clicks or impressions on ads, making it appear as though real users are interacting with them. And then there’s click farms, or groups of individuals and automated systems hired to repeatedly click on ads, artificially inflating engagement statistics.

These fraudulent activities deceive advertisers into paying for non-genuine traffic, leading to wasted ad spend and skewed data.

From domain spoofing and click fraud to more sophisticated methods like pixel stuffing and geo-masking, today’s fraudsters employ a wide range of strategies to deceive advertisers and distort performance data. Understanding the different types of ad fraud is crucial for advertisers who want to protect their investments and ensure they’re reaching real, engaged users.

Some common tactics to be aware of include:

• Domain spoofing: Disguises low-quality or fake websites as reputable ones to sell ad space at higher rates, tricking advertisers into paying for ads on fraudulent domains.
• Impression fraud: Automated bots generate false ad impressions, making it appear as though the ad was viewed by real users, leading to wasted advertising spend.
• Click fraud: Fraudsters or bots click on ads repeatedly with no intention of purchasing the advertised products, inflating click-through rates.
• Fake app installations: Uses automated tools or click farms to artificially inflate the number of app installs, misleading advertisers about the effectiveness of their campaigns.
• Cookie stuffing: Places multiple cookies on a user’s device without their knowledge, claiming credit for conversions that they didn’t influence.
• Ad injection: Malicious software or browser extensions inject unauthorized ads into websites or apps, bypassing the original ad networks and diverting revenue to fraudsters.
• Hidden ads: Hides ads on a webpage (e.g., behind an image or in the background), preventing users from interacting with them, but still registering impressions and clicks.
• Pixel stuffing: Advertisers place an ad in a single pixel (or very small size) on a page, making it invisible to users but still counting as an impression.
• Click spamming: Leverages bots or automated tools to generate large numbers of clicks on ads within a short time, boosting engagement without any real consumer interest.
• Invalid traffic: Traffic generated by bots or non-human sources that doesn’t lead to any meaningful interactions, such as purchases or sign-ups.
• Geo-masking: Disguises the true geographic location of a user to make it appear as though they’re from a desirable location, leading advertisers to pay higher rates for irrelevant traffic.
• Click hijacking: Manipulates clicks or interactions with one ad to redirect them to a completely different ad or website, siphoning off potential revenue.
• Ad cloaking: Presents different content to advertisers and users, often showing ads that are misleading to the user while presenting a legitimate ad to the advertiser.

As technology evolves, cybercriminals do, too, and emerging formats such as CTV have become recent targets. Sophisticated bots are impersonating CTV devices, soliciting advertisers, and then selling these expensive impressions. Cybercriminals often attack these CTV ecosystems through SSAI spoofing—where ads are delivered, by way of proxy servers, in tandem with the video content so that the viewing experiences appear seamless.

Mobile ad fraud is on the rise as well, with a growing problem called app spoofing: the creation of fake apps to serve exclusively as a space for ads and even using a device to commit additional types of fraud, such as device impersonation.

Cybercriminals use computers, servers, phones, and more to spoof advertisers by faking real ad impressions, utilizing bots hidden within these user devices to mimic typical user behavior on websites or to otherwise impersonate real devices.

This type of bot activity, known as sophisticated invalid traffic (SIVT), is highly advanced and often starts with a publisher commissioning a third-party traffic provider to rack up clicks. Those providers occasionally subcontract the work out to fourth- and fifth-party aggregators—which is where, typically, malicious bots have infiltrated.

Content-driven fraud, which is slightly more complex, uses fake sites and apps to sell space to advertisers who think their ads will be reaching human eyes. This is mainly achieved on “ghost sites” or “cashout sites,” which are visited by bots who facilitate the fake impressions.

Sometimes, cybercriminals will also counterfeit, or “spoof,” reputable websites and brands. Because the malicious actors behind such schemes make these requests look nearly identical to those from the reputable website, it becomes difficult for advertisers to differentiate, meaning fraudsters earn a higher cost-per-click for ads that will earn no human impressions.

As technology evolves, cybercriminals do, too, and emerging digital formats such as CTV have become recent targets for fraud. Sophisticated bots are impersonating CTV devices, soliciting advertisers, and then selling these expensive ad impressions. Cybercriminals often attack these CTV ecosystems through SSAI spoofing—where ads are delivered, by way of proxy servers, in tandem with the video content so that the viewing experiences appear seamless.

In mobile advertising, meanwhile, there is the problem of app spoofing: the creation of fake apps to serve exclusively as a space for ads and even using a device to commit additional types of fraud, such as device impersonation.

Fraud is a multi-billion dollar industry. With every new ecosystem that enters the market, the opportunities for cybercriminals grow. In recent years, the advertising industry has made significant inroads in their fight against fraudulent activity—with improvements in built-in fraud prevention measures and many other third-party security tools.

With this increase in cybersecurity defenses, the cost and risk of crime has also increased, dissuading many would-be fraudsters from pursuing this particular method of cybercrime. However, increased protections have given way to more advanced evasion tactics from cybercriminals, as malicious actors continue to adapt to avoid detection.

Despite the growing prevalence of ad fraud, there are several ways to determine whether your campaigns have been impacted by fraudulent activity. By understanding the signs, such as unexpected traffic spikes, unusually high click-through rates, or suspicious geographic patterns, you can take proactive steps to protect your investments.

Some things to keep an eye out for include:

• Traffic spikes: Sudden, unexplained increases in website traffic can indicate bot activity or click farms, especially if the traffic isn’t converting into sales or engagements.
• Abnormally high click-through rates (CTR): A CTR that is unusually high, especially without corresponding conversions, may suggest fraudulent clicks or click spamming.
• Outlier geographic areas: Traffic from regions that aren’t aligned with your target audience could be a sign of geo-masking, where fraudsters mask their true location.
• Plagiarized ads: If your ads appear on suspicious websites, or if you notice your content being copied without permission, it could indicate ad injection or domain spoofing.
• Low quality traffic: Traffic that engages with your ads but doesn’t lead to valuable actions, such as purchases or sign-ups, may point to invalid traffic or bot interactions.
• Inconsistent conversion rates: A large amount of ad interactions without corresponding conversions could indicate that your ads are being clicked fraudulently or that your data is being artificially inflated.

Remaining vigilant and knowing the telltale signs of ad fraud can help you optimize your ad spend and keep those pesky fraudsters from jeopardizing your success.

Once you know what to look out for, combating ad fraud becomes that much easier. Today’s ad buyers and ad platforms also have a plethora of tools at their disposal to help combat this growing issue—such as bot management solutions, fraud detection filters, machine learning, and more.

Here are some practical solutions for helping identify and prevent ad fraud:

• Use bot management solutions: Implement bot management tools that detect and block fraudulent traffic by identifying suspicious behavior patterns.
• Monitor ad activity regularly: Continuously monitor ad activity to spot unusual patterns, such as sudden spikes in traffic or high click-through rates, which could signal fraudulent activity.
• Leverage machine learning: Use machine learning algorithms to differentiate between real users and bots by analyzing behavioral data, device fingerprints, and other metrics to flag abnormal interactions.
• Implement geo-targeting and verification: Ensure that ads are being served to the correct geographic regions and verify the location of traffic to avoid fraudsters using geo-masking techniques to fake their location.
• Verify publisher integrity: Regularly audit and vet the publishers and platforms where your ads are displayed to ensure they follow industry standards and aren’t involved in fraudulent practices like domain spoofing or ad injection.
• Set up fraud detection filters: Work with ad platforms to set up advanced fraud detection filters that can automatically flag or reject invalid traffic.

Empowered by our collective protection approach, HUMAN is on a mission to disrupt the economics of cybercrime.

HUMAN believes that the best way to dismantle ad fraud is to disincentivize it. Our cutting-edge detection methods help ensure that committing ad fraud has real and lasting consequences. We verify more than 15 trillion digital interactions every week and can give our clients insight into the difference between human and bot traffic patterns with just a single line of code. Receive multilayered protection through our leading ad fraud product:

• MediaGuard
  With this tool, we help ad tech platforms, media owners and advertisers gain context into each impression, even before the bid; cross-referencing our findings against our global detection knowledge base in order to identify ad fraud within milliseconds. Advertisers can utilize MediaGuard to provide insight into and protection against even the most dynamic bots, across any device or ecosystem.

Our approach gets results, both big and small.

In 2016, for instance, we took down Methbot, at the time the world’s largest ad fraud botnet, whose ringleader, the self-proclaimed “King of Fraud,” was recently sentenced to 10 years in prison. Since that exhilarating success, we’ve invested even more deeply in our belief in collective protection with the formation of the Human Collective – a group of more than 25 industry leaders who come together to fight ad fraud.

In 2016, for instance, we took down Methbot, at the time the world’s largest ad fraud botnet, whose ringleader, the self-proclaimed “King of Fraud,” was recently sentenced to 10 years in prison. Since that exhilarating success, we’ve invested even more deeply in our belief in collective protection with the formation of the Human Collective – a group of more than 25 industry leaders who come together to fight ad fraud.

What is the most common type of ad fraud?

The most common type of ad fraud is click fraud, where bots or individuals click on ads repeatedly without any intention of converting, artificially inflating click-through rates. This is often carried out by fraudulent publishers or third-party services seeking to generate revenue from non-legitimate interactions.

How do you report ad fraud?

To report ad fraud, you should contact the ad network or platform where the fraud occurred and provide evidence of suspicious activity. Additionally, you can file complaints with industry groups like the Interactive Advertising Bureau (IAB) or use fraud detection services to help report fraudulent behavior.

Is ad fraud the same as click fraud?

No.

Ad fraud is a broader term that encompasses various types of fraudulent activities in digital advertising, including click fraud. Click fraud is a specific type of ad fraud where individuals or bots repeatedly click on ads with no intention of converting.

What happens if someone clicks on a fake ad?

When a user clicks on a fake ad, they may be redirected to a fraudulent website, which could lead to exposure to irrelevant content, malware, or phishing attempts. Here, the advertiser ends up paying for the click, even though it doesn’t result in any genuine engagement.

How does Google detect fake traffic?

Google can spot fake ad traffic through advanced algorithms that analyze user behavior patterns, flagging unusual activity such as rapid clicks or suspicious geographic locations. It also uses machine learning and bot detection tools to filter out traffic generated by fraudulent sources, ensuring that only genuine users interact with ads.

How do you collect data for ad fraud detection?

Collecting data for ad fraud detection involves monitoring user behavior, such as click patterns and session durations, to identify anomalies that may suggest fraudulent activity. Tracking referral sources and IP addresses also helps detect suspicious traffic, providing a comprehensive view for detecting ad fraud.