Online advertising is huge. And so are ad frauds.
The fact of the matter is — the world of digital advertisement is riddled with leeways for malicious activity, with scams and overwhelming busts practically at every corner. Ad fraud is probably one thing that is universally despised by every respectable industry worker.
What is ad fraud?
Ad fraud is a type of illegal activity that deliberately exploits various types of advertising technologies and benefits from their flaws.
It is not like it came out of nowhere — ad fraud was always there, but with the rise of ad tech and mass adoption of real-time bidding models, the problem that once was more of a pesky nuisance turned into a dangerous threat capable of seriously damaging companies.
First, let’s discuss the basics.
Types of ad fraud
There are several common types of ad fraud:
- Impression fraud: This is more common in mobile fraud. Users don’t see an ad, per se, but advertisers are forced to pay for it through manipulations.
- Click fraud: Click fraud involves bloating of cost per click (CPC) stats through bot and ghost sites. Companies use click fraud software automation to gather data, identify fraudulent click activity, and warn advertisers.
- Conversion fraud/action fraud: A more elaborate use of bots that are designed to imitate a full cycle up to conversion but with no actual result.
- Pixel stuffing: This involves slight manipulations with ad spaces (in case pixel stuffing ads are invisible yet present on the page). Technically, they are loaded but remain unseen. Nevertheless, the advertiser pays.
- Ad stacking: Stacking is placing ads on top of one another. Upon a visit, an impression is counted anyway, although an ad remains unseen.
- Ad injection: Where paid ads get replaced with other ads, hitting both advertisers and publishers.
- Cookie stuffing: Attaching multiple cookies to the user's consent. It is mostly a hit-and-miss but heavily affects affiliates who don't get their cut.
- Domain spoofing: Selling ad inventory on irrelevant websites that are falsely presented as relevant.
Unlike other types of digital fraud, which have the luxury of being clearly defined — ad fraud is more of a con than anything else. Ad fraud is not directly stealing money out of an advertiser's pocket. Instead, it manipulates an advertiser into spending the ad budget wrongfully so that the fraudster benefits from it.
Why is it possible? Real-time bidding is a complicated process with a lot of moving parts and not the most transparent metrics from all involved parties.
Because of that, it is unclear who is paying for what exactly, even without an ad fraud factor - the figures are always floating in one way or another. This means that, in a way, ad tech is ad fraud-prone.
Ad fraud vs. click fraud
With click fraud as a type of ad fraud, they can often get confused with each other.
Ad fraud is a form of online advertising where criminals use deceitful tactics to steal digital advertising revenue. With ad fraud, an advertiser pays for a website visitor who never actually saw the publisher's website, resulting in the publisher receiving payment for false impressions. Ad fraud can ruin the media and advertising industries by devaluing their inventory and compromising the trust, safety, and privacy of their users.
Click fraud is when a company attempts to artificially drive up its ad click stats via illegitimate, deceptive, or fraudulent clicks on its ads. A company committing click fraud might try to boost its click statistics by paying individuals to click on their ads multiple times, or through bot farms that automate actions like clicking an ad web page or entering credit card information.
Why is ad tech attractive for ad fraud?
Ad tech is attractive to fraudsters for two major reasons:
- The payouts are huge, and
- The risks of penalty are eerily limited.
According to the experts from The APP Solutions, both reasons grow out of lacking transparency and trust between industry players. The thing is — every involved party expects dirt.
The whole distortion and obfuscation schtick is incredibly damaging both for the reputation of advertisers and their budgets. Because ad tech a performance-oriented — numbers and results rule! The effectiveness of campaigns is based on what the metrics show — in terms of traffic, impressions, conversions, etc.
However, metrics are fallible. They can be rigged by certain manipulations with the information. This critical flaw is exploited by fraudsters. Sure, there are fail-safe mechanisms that prevent more blatant attempts, but there is always a way to “get on through” and “rig the game.”
Ad fraud damages
The thing is — ad fraud is a problem that is seemingly never going to go away completely. When one fraud method is exposed, there is always another one coming. It is an endless cycle.
Every year, ad fraud sweeps billions in damages, becoming more and more sophisticated and adopting emerging technologies and unconventional approaches to sneak into advertising ecosystems and do their dirty work.
However, it is important to understand that ad fraud is not meant to be a destructive factor. It is damaging, but its ultimate goal is to parasite an ad network. More sophisticated cases of ad fraud are long-running parasites that take their cut little by little.
On the other hand, there are cases of so-called “Corporate Ad Fraud,” when competitors are trying to cause as much damage as possible in a concentrated hit. However, from a technical standpoint, both are fought with the same methods.
10 strategies to decrease ad fraud risk
Below I have provided you with 10 strategies that will help you decrease ad fraud risk.
1. Know your enemy
The first step in fighting ad fraud is to know how it affects your campaigns. There are several red flags that can be signs of something fishy going on in your campaign.
Let's go through them:
- Lacking performance is probably the most obvious sign that something is going south. It is especially easy to detect by comparing different channels (for example, on-site ads and Facebook marketing).
- Poor on-site analytics is another disturbing call. If such metrics as bounce rate and session durations take a nosedive while the overall amount of sessions is growing - it is almost a guarantee of ad fraud happening.
- Anomalous click-through rate (CTR) often occurs in spikes through click fraud. If there are certain ads that deliver more than expected without reasonable explanation while others under similar circumstances are floundering - it is better to investigate the activity.
- Suspicious IP addresses can be caused by traffic fraud. In cases of traffic fraud, IP's often originate from data centers instead of real stations. By identifying such, you can blacklist them and cut off your campaign.
2. Know your metrics
The next step in effectively fighting against ad fraud is to closely study your metrics. Numbers can be rigged, and that is easy to spot in comparison.
While it may seem obvious, there is a reason to do it — metrics provide you with the context of a situation that constitutes the big picture of your ad campaign.
Here’s what you need to check:
- Typical CTR,
- Standard bounce rate,
- Typical session time, and
- Realistic conversation rates over different channels.
These metrics serve as a background against which you can compare any sudden spikes of activity and conversions.
It is much easier to detect suspicious activity if you know that this kind of spike is out of the ordinary.
3. Avoid easy-to-fake ad goals
Easy-to-fake goals are the ones that bring you direct benefits (i.e. impressions and clicks). These are proxy metrics that do not guarantee actual business gains (i.e. conversions in the form of sales, subscriptions, and so on).
Coincidentally, these metrics are also among the most sensible to ad fraud. Because of that, it is unreasonable to build your campaign goals around them.
While it is not a guarantee to fully avoid the effects of ad fraud — making more tangible goals can help lessen the impact of ad fraud to a minimum.
4. Pay for ad performance, not clicks
As a direct aftermath of choosing easy-to-fake goals comes paying for the wrong thing (i.e. clicks and not the actual performance). It is one of the most common mistakes made by advertisers.
The thing is — numbers are easy to rig. It is not a big deal to paint a satisfying figure or augment it with the help of bots, then demand pay because formal requirements are met.
It is much harder to pay from fraudulent results if you are aiming at something more tangible, such as conversions or purchases.
These things are harder to fake in a convincing manner. Therefore, it is much easier to filter which results will be paid for and which will be discarded.
5. Use diverse methods of fraud detection
Because ad fraud is a sprawling and multi-faceted process, it requires a similarly multi-faceted approach to its detection.
There are three major methods used in ad fraud detection:
- The signature-based method uses a set of patterns to detect suspicious actions, impressions, clicks, or traffic. It compares patterns with the monitored activity and determines whether it is suspicious and worthy of further investigation. In result, fraudulent activity can be shut off before it settles in.
- Anomaly-based uses statistical analysis and historical data to check ad spaces, websites, or publishers. This helps it detect questionable happenings, such as suspiciously spiking traffic, odd ad space placements, and other things of interest.
- Credential-based is a method that studies the digital credentials of suspicious websites (its registration data, ranking, tagging, types of activity, etc.) to determine if it has the potential for generating fraud activity. Credentials are analyzed through combined methods of reverse crawling, thorough checks of the content, and tagging. This method also includes the study of the site’s position on trustworthy rankings.
6. Use universal whitelist and blacklist domains
IP blocking is one of the most effective ways of making ad fraud operations ineffective for a time being. One of the ways to maintain continuity with this effort is to keep a twofold domain list — whitelist and blacklist.
Whitelist contains sites that are verified as trustworthy and effective — the ones you specifically target.
Blacklist contains websites that are considered discredited with various types of fraud spotted. The blacklist can also contain IP addresses of identified bots.
However, using whitelists and blacklists is not really an effective solution on its own. It is mostly a catch-up that can serve as a solid shield for already identified threats.
You can check out suspicious domains on sites like MxToolBox.
7. Use an ad verification vendor
An ad verification vendor provides an additional layer of protection against ad fraud. Basically, it helps to identify cracks in your anti-ad fraud armor.
Vendors provide performance insights with various metrics, such as viewability and invalid traffic.
With the assistance of these tools, you can shut down low-quality publishers and websites while performing a thorough campaign audit, which can be subsequently used in the optimization of the campaign.
Among the most trusted Ad Verification Vendors are DV Pinnacle, Moat Analytics, and Comscore.
8. Use ads.txt
Ad arbitrage is a process of third-party buying, repackaging, and reselling impressions that are highly fraud-prone.
Ads.txt is a fool-proof solution for keeping your ads from being used in fraudulent activities.
Ads.txt has authorized digital sellers developed by IAB Technology Labs that help to prevent illegitimate inventory arbitrage and some forms of domain spoofing. It is a text file, similar to robots.txt, designed to make certain ad tech processes more transparent and trustworthy.
What does ads.txt do to lessen an impact? Ads.txt files contain data on the parties involved in a particular ad tech operation (i.e. SSP, DSP, Ad Exchange, etc) — basically, it is a certificate of a partnership.
With an ads.txt file in the root domain — web crawlers can see the relations of particular actors of the operations. Ads.txt can also be used as an ID reference in real-time bidding requests. As such, it can indirectly block the unverified side from interacting with the rest.
Companies, such as AppNexus, provide handy Ads.txt validator tools that simplify the implementation process.
9. Build trust and transparency
One of the ways to lessen the risks of getting hit by ad fraud is working with trustworthy ad server networks that have a reputation as ones that deliver the goods.
Sure, it limits the choice to the big boys of the segment (i.e. Google, Bing, DoubleClick, Facebook, etc), but, at the very least, it guarantees that you won’t get trapped in the swamp of fraud with swarms of bots.
On the other hand, it is very useful to maintain transparency with your partners and demand it from each involved party.
More detailed reports and a more open approach to operations might be a solution. Although, this is rather challenging due to a lack of stability in the digital ad market.
Implementation of blockchain is a potential game-changer, but the technology is yet to be capable of operating in ad tech scopes.
10. Apply artificial intelligence (AI) machine learning solutions
One of the common threats of ad fraud is that it is constantly evolving, prompting you to adapt to its current state in order to minimize its effect on your marketing operation.
It is a tiresome process filled with trials and fails that require a lot of effort.
In addition, efficient fraudulent activity detection requires processing huge amounts of data, which takes precious time.
Hopefully, the rapid development of machine learning software makes the fight against ad fraud a lot easier and much more efficient.
How? There is a song by Daft Punk titled “Harder, Better, Faster, Stronger” — that is a rather accurate description of what AI and machine learning bring to the table.
Not only is artificial intelligence software able to sift through the stream of data faster, but machine learning enables more effective results with each coming round.
Solutions like Forensiq and AppsFlyer are implementing elements of AI and machine learning to their stacks, and it seems like the technology is here to stay.
However, it should be noted that machine learning versus ad fraud is still in the process of finding its feet.
Ad fraud is a big problem
At the moment, ad fraud remains one of the biggest problems in the advertising industry. Even with the aforementioned methods of fighting back— it still runs berserk over an industry, poisoning thousands of advertising ecosystems and causing millions of dollars in damages in the process.
On the other hand, ad fraud is one of the reasons why advertisers moved away from simple ad campaigns and toward ones more demanding and hard to fake. This necessity made digital advertising much better, and that wouldn't have been possible if not for the massive ad fraud onslaught.
Hopefully, with the development of technologies and implementation of new legislation— things will change, and, one day, we will talk about ad fraud as a thing of the distant past.
Want to secure every element of your business? Find out some other security threats that e-commerce companies face and how to protect yourself.
This article was originally published in 2018. It has been updated with new information.