The term “ad fraud” can be used to describe any activity done to deceive advertisers and advertising platforms by making them think the fake activity on ads is done by real users. This fake activity, depending on the type of fraud, can mean anything, including, but not limited to, fake impressions, fake clicks, and fake downloads and signups.
The digital ad industry is expected to grow at a CAGR (compounded annual growth rate) of 17.2% between this year and 2027. This means that the industry will be worth well over $1000 billion in 2027. As the industry continues to thrive, the incentive for fraudsters to find new ways to dupe advertisers and advertising platforms also grows.
So much so that fraudsters are now employing complex technologies and tools to commit fraud successfully and make quick money.
Here is a handy guide providing an understanding of what is ad fraud and the techniques used to commit it.
Types of Ad Fraud
Ad fraud can take many forms. For ease of understanding, we have divided them into three broad categories. Let’s learn about each one in detail:
Bot traffic, concerning advertising fraud, refers to the use of bots to generate activity on ad campaigns. Bots, depending on how sophisticated they are, can be employed for several activities. They can be used to send traffic from ads to the advertisers’ websites. Similarly, bots can be used to inflate impression numbers on campaigns that are targeting impressions.
In other cases, bots can also be used for spamming real users. Bots are employed by fraudsters to send messages and emails to users, often pretending to be representatives of real brands that they trust. Email spam is a serious problem that has led to thousands of people losing access to their email accounts, social media accounts, and even bank accounts.
As one can expect, instances of spam can hurt the brand’s reputation and dissolve the trust that the brand may have painstakingly built with its audience and customers.
Click fraud is widely considered to be one of the simplest forms of fraud to conduct. As the name suggests, click fraud entails generating fake clicks on advertisements. These activities are aimed at draining the ad budgets of advertisers who are paying for clicks.
To commit click fraud, fraudsters employ one of two methods. Some fraudsters employ click bots to generate clicks. These bots are usually sophisticated and are designed with capabilities to closely mimic real human activity. Bots, using proxy servers, can generate clicks from a variety of residential IPs, allowing fraudsters to go undetected by advertisers and advertising platforms.
Ad injection is the term used to refer to an ad that appears where it is not meant to appear. Fraudsters use ad injections to inflate impressions and clicks on ads, duping advertisers and making a quick buck in the process. Ad injections are usually delivered using malicious software or malware.
Tools Used by Fraudsters
Now that we have discussed the broad categories of fraud, it is now time to discuss the tools employed to execute these types of fraud.
Traffic Generation Tools
Fraudsters have several options at their disposal for generating bot traffic. One of the simplest ways to generate bot traffic is to use bot traffic tools. That’s right, there are specially designed tools that generate bot traffic.
Some of the most popular examples include tools like “Simple Traffic Bot” and “Diabolic Traffic Bot”. Using these tools, fraudsters can pay for directing bot traffic to specific websites or ads. The tools come equipped with VPN services that enable fraudsters to fake impressions and clicks coming from different locations.
Proxy servers, as the name suggests, are servers designed to help fraudsters hide their real location. These servers are also used to fake the location of clicks and impressions generated by traffic generation tools and click farms.
Fraudsters run click farms to commit click fraud. Click farms are establishments that house smartphones, tablets, and computers that are operated by cheap labour. The employees of click farms are tasked with clicking on thousands of advertisements, like social media posts, or following social media accounts.
Malware and Botnets
Botnets are networks of bots running on devices owned by real users. These bots operate in the background without the knowledge of the owners of the infected devices.
The fraud starts when an unsuspecting user downloads a malware-laced application on their device. Depending on the device, this can be anything from a browser toolbar to a utility smartphone application such as a torch app.
These apps, while serving their basic purpose for the user, keep running in the background and inject ads on the websites that the user visits. With this, these ads register impressions from real users. Thanks to this, the fraudster behind the malware-laced app gets paid for the impression.
There have been many cases where it has been found that developers of such apps are paid by fraudsters to hide malware within the code of their apps.
Techniques and Tactics
Besides tools, fraudsters also employ a variety of techniques and tactics to commit fraud and get past the filters put in place by advertising platforms. These include:
Concerning ad fraud, spoofing refers to the act of pretending to be something or someone that one isn’t, with the malicious intent of gaining someone’s trust to abuse it. Ad fraud spoofing can take three forms, namely, domain spoofing, user agent spoofing, and IP spoofing.
Domain spoofing is used to make fraudulent websites look legitimate. This is done to enable fraudsters to list their website on advertising platforms. With domain spoofing, low-quality websites can appear to have high-quality ad inventory that is priced at a premium.
User-agent spoofing is used to fake activity coming from unique devices. With user agent spoofing, a bot’s activity, coming from a single device, can be shown such that it seems like the activity is originating from different, unique devices. IP address spoofing is a similar technique used to fulfill a similar objective. IP address spoofing allows fraudsters to hide their actual location and generate fake activity that looks like it’s coming from different locations.
Ad Stacking and Pixel Stuffing
Ad stacking and pixel stuffing are both techniques used by fraudsters to wrongfully maximize the impressions on the ads they host on their websites.
Ad stacking, as the name suggests, is the term used to describe the practice of stacking multiple ads on top of each other. This means that the user who lands on the website will only be able to view the ad placed on the top of the ad. However, if the fraudsters have stacked 15 ads below the top ad, they will report an impression on all those ads.
Pixel stuffing is a similarly notorious technique. With this, the ads appearing on the website are ‘stuffed’ inside a single display pixel. A pixel is too small to display any legible information.
Ad Hiding and Ad Injection
Ad hiding is also an impression-related fraud. As the term suggests, ad hiding is a technique that involves serving ads that are invisible to the user. This is done by hiding these ads behind content or other website elements. When the user lands on the website, despite not seeing the ad, the website owner gets paid for the impression registered on the ad.
Detection and Prevention
We’ve already discussed everything that is wrong with the digital ad industry from the perspective of fraudulent activities. Thankfully, advertisers are not completely powerless in the face of such situations. There are two layers of protection that digital advertisers can use to protect their ad budgets and campaigns.
What are these? Why is there a need for two layers? Let’s find out:
Industry Initiatives and Standards
The first layer of protection is provided by the digital advertising ecosystem. Since fraud impacts everyone involved in the digital ad supply chain, there are some united efforts by industry players to keep fraudulent activities in check.
For instance, all advertising platforms have filters in place that are designed to weed out the bad players. Similarly, a couple of years ago, three regulatory organizations- The Advertising Business Group (ABG), Interactive Advertising Bureau (IAB GCC), and Trustworthy Accountability Group (TAG) came together to “fight criminal activity and promote brand safety in the digital advertising supply chain”. Other compliance standards, like the European GDPR, also help protect privacy and fight against fraud.
Unfortunately, despite the existence of all these measures, fraudsters continue to thrive. Honest advertisers lose their marketing budgets to fraudulent activities every day. Advertisers cannot simply depend on the protection offered by the digital ads ecosystem. This is where the second layer of protection becomes relevant.
Fraud Detection Tools
Advertisers are responsible for deploying and managing the second layer of protection for their campaigns- ad fraud detection software. These tools, like mFilterIt, monitor the activity around your campaigns in real time and use AI and ML algorithms to flag instances of fraud. A reliable tool will also allow you to automatically block sources of fraudulent traffic and clicks.
While doing all of this is also possible manually, there are two problems with that approach. One, there is room for human error. While analyzing thousands of data points, missing a couple of instances of fraud is a very real possibility. With AI and ML algorithms that continually update their definition of what counts as fraud and work on autopilot, this issue is resolved.
Secondly, tracking ad activity manually is usually not done in real time. You can analyze the data when it comes to you after the fraud has happened and you have lost your marketing dollars. On the contrary, with a tool like mFilterIt, you can rest assured that your campaigns are being monitored in real-time and any threats are also blocked in real-time.
Ad fraud and the digital advertising industry seem to be growing at the same pace as each other. As digital advertising continues to be a lucrative avenue for businesses to reach their customers, it also presents a lucrative business opportunity for fraudsters. That’s why, modern digital ad fraud is being executed by well-funded organizations using state-of-the-art technology and innovative tactics.
Priyanka is a proficient writer with five years experience of 5 years in writing for multiple digital platforms. She specializes in writing well-researched blogs for industries like Travel, Digital Marketing, Ad Tech, and MarTech. Currently, she is working as a Senior Content writer with mFilterIt. During her tenure, she has created informative and captivating content to engage relevant audiences.