Ad FraudWhy Don’t Advertisers Notice When Criminals Are Robbing Them Blind?

September 21, 2023 | 18 min read

This image was created by artificial intelligence using the following prompts:

Visualize digital ad fraud - which is an attempt to fraudulently siphon revenue from businesses through online advertising, pops of red and teal.

Ad Fraud

In a Nutshell

Ever pay for an ad, but catch zero engagement? If so, you might already be familiar with ad fraud. This post will go over different types of online ad scam threats, give you some red flags to watch for, and offer a few tips that can help you protect your marketing investment.

The Top 15 Ad Fraud Threats to Know in 2024 & How to Stop Them

Wherever you find merchants making money, it’s a sure bet you’ll find fraudsters, too. Case in point: online advertising.

More and more merchants are reaping the benefits of digital marketing. Not surprisingly, cybercriminals have devised ways to hijack online ads and make money at merchants’ expense.

The numbers are huge: according to recent estimates, US merchants lost $23 billion to ad fraud last year. Fraudsters are cashing in, while advertisers often can’t figure out what’s going wrong. That raises the question: what can you do about it?

What is Ad Fraud?

Ad Fraud

[noun]/əd • frôd/

Digital ad fraud refers to any attempt to fraudulently siphon revenue from businesses through online advertising. Click fraud, domain spoofing, and cookie stuffing are all examples of ad fraud.

Fraudsters typically use bots, or autonomous web programs that hackers design to conduct malicious activity, to commit ad fraud. Some industry specialists speculate that nearly half of all web traffic is generated by bots, and a good chunk of that activity may be malicious in nature.

Some of these bots can be sophisticated enough to deceive individual users, publishers, and even global platforms like Google. That’s what makes this widespread, often hard-to-detect threat both deeply frustrating and alarmingly commonplace.

Ad fraudsters make money by exploiting the financial mechanisms behind digital advertising. Advertisers pay for impressions, clicks, or conversions, while fraudsters aim to artificially inflate these metrics. The advertiser ends up paying for non-existent or worthless interactions as a result.

Ad fraud attacks have a dual impact: they drain companies' advertising budgets while also skewing analytical data. This makes it hard for advertisers to determine the success of any given campaign.

Top 15 Most Common Ad Fraud Tactics

For many advertisers, the fight against ad fraud has climbed to the top of their agenda. They need to prioritize monitoring and counteract these deceptive practices to ensure their advertising budget is used effectively to reach genuine customers. Beyond the direct financial impact, combating ad fraud is also critical for stopping security risks, and protecting brand reputation.

Fraudsters are sophisticated, and develop new tricks every day. That said, most online advertising scams make use of one of the following tactics:

Domain Spoofing

Domain spoofing could be described as “site impersonation.” Here, the scammer builds a site deliberately designed to look like a reputable publisher. Unwary advertisers are scammed into paying premium prices for ads on the counterfeit site.

For example, the fraudster might promise advertisers ad placements on auto industry publication CarAndDriver. The fraudster creates and hosts a professional-looking website using the domain “CarDriver.com.” Advertisers then pay the fraudster a premium price, believing their ads will appear on the more heavily trafficked site.

Click Fraud

Click fraud, also known as pay-per-click fraud, is a way to artificially inflate traffic for online advertisements. Bots (or occasionally humans) target pay-per-click (PPC) ads and pretend to be legitimate site visitors.

This can deplete an advertiser’s budget or skew the ad’s performance. In most cases, the goal is to steal revenue by repeatedly clicking on ads, as each click requires the ad network to pay the phony publisher.

Cookie Stuffing

Cookie stuffing is fraud aimed specifically at the affiliate marketing space. Affiliate marketing is where an advertiser works with a network of third-party affiliates to drive traffic to the site.

Cookie stuffing is the practice of secretly sneaking affiliate tracking cookies onto the user’s browser. For example, if a user makes a qualifying purchase, the fake cookie tells the advertiser to send a commission to the cookie-stuffing scammer.

Pixel Stuffing

Along the same lines, pixel stuffing hides an invisible ad inside a 1 pixel × 1 pixel square. Any impressions the legitimate ad gets are also received by the ads crammed into the stowaway pixel, stealing credit (and commissions) while delivering zero benefits to the advertiser.

A similar trick (mostly used on mobile devices) is ad-stacking, where ads are literally hidden (stacked) behind the real ad that the user sees. The fraudster gains impressions for as many ads as they’re able to pile up behind the legitimate message.

In-Ad Data Spoofing

Fraudsters can manipulate the information sent back to ad servers during an ad interaction. This could include fake viewability metrics, false user interaction rates, or misleading engagement statistics. In-ad data spoofing makes the ad performance seem better than it actually is.

Viewer Fraud

Whenever ads are shown on YouTube videos, the advertiser is charged a fee. Naturally, the most frequently viewed videos demand the highest price per view.

Spammers program bots to automatically “watch” the ads, generating false metrics that make it seem like the ads are getting more views than they actually are. The fraudster charges premium prices for the alleged “traffic,” even though human eyes never see the videos.

Geomasking

Geomasking is the practice of disguising the geographic location where certain web traffic originates. Obviously, different regions of the world have more or less value as a market. Fraudsters can exploit this by spoofing IP addresses to make the traffic look more valuable and then increasing advertising fees accordingly.

Video Ad Fraud

Here, a scammer serves basic, non-dynamic display ads, but reports them as more expensive video ads. Since video ads generally command higher rates, this scam significantly inflates costs for advertisers while providing no additional value.

Fake App Installs

A trick more commonly used with mobile advertising, fake installs are exactly as the phrase describes.

Scammers use emulation software to install fake apps that look and act like the genuine article. The program asks for data access during the alleged install, thereby gaining permission to access a device's information. An app gets installed on the unknowing user’s device, and the advertiser pays the marketer a commission for the install.

Ad Tag Tampering

Ad tag tampering involves altering the code snippets (ad tags) used to display advertisements. Fraudsters manipulate these tags to misrepresent the type of content with which the ad will appear, or to siphon off ad revenue intended for legitimate publishers.

SDK Spoofing

Similar to "man-in-the-middle" attacks, SDK (software development kit) spoofing involves a scammer decrypting SSL protection. The aim here is to allow the scammer to understand URL calls that symbolize in-app activities. This allows them to fabricate false app installations.

Automated Install Centers

Some advertisers pay based on the number of app installs a partner generates. By using real devices operated by bots or emulator software, fraudsters can artificially inflate app installation figures. This creates the illusion that genuine users interact with the software when real people aren’t even viewing the ads.

Malicious Redirects

In addition to the financial impact on the advertiser, rogue actors can also employ ads as a vector for malware distribution.

The scammer is paid to run an ad, but embeds a hazardous iframe within a website. If a viewer clicks the ad, it then reroutes the user to another site containing malware or spyware to harvest sensitive personal information.

Hidden Ad Layers

In this tactic, fraudsters layer multiple advertisements, all stacked on top of one another in a single ad slot. To the user, it visually appears as if there's only one ad. In terms of the data reported to the advertisers, though, multiple ads are being “viewed” by that user. Each one racks up a charge for the advertiser.

Phantom Inventory

In this type of fraud, scammers create fake websites or web pages that simulate real inventory, often mimicking popular websites. Advertisers think they are buying valuable inventory, but their ads are on dummy websites with little to no genuine user traffic.

Protect your ad dollars by eliminating ad fraud threats. Get started today.REQUEST A DEMO

These examples demonstrate the constantly evolving and complex nature of ad fraud. But how do you spot an attack before it’s too late? Let’s take a look.

How Does Ad Fraud Impact Advertisers?

Ad fraud isn't a minor inconvenience; it's a multi-billion dollar problem that has far-reaching consequences for advertisers. Beyond the immediate financial setbacks, the ripple effects can distort market analytics, tarnish brand reputation, and even expose businesses to legal risks.

Ad fraud can lead to:

Financial Loss

The most direct impact of ad fraud is financial. Advertisers pay for impressions, clicks, or actions that have no value because genuine users do not generate them. This is essentially money down the drain, reducing the ROI of advertising campaigns.

Skewed Analytics

Ad fraud can throw off key performance indicators (KPIs), making it difficult for advertisers to understand what's actually working. Bot traffic and fraudulent clicks inflate numbers, leading to incorrect conclusions and ineffective future strategies.

Increased Customer Acquisition Costs

With a significant chunk of the advertising budget being siphoned off by fraudsters, the actual cost to acquire a legitimate customer becomes artificially high. This reduces the profitability of all customer relationships.

Wasted Time & Resources

Time spent identifying, understanding, and combating ad fraud takes away from other essential activities. It often requires an investment in specialized tools or services for fraud detection, diverting resources from other areas.

Brand Damage

When ads appear on fraudulent or inappropriate sites due to domain spoofing, this can seriously harm a brand's image. Even if an advertiser receives a refund for the fraudulent activity, the damage to their reputation can have long-lasting effects.

Unfair Competitive Advantage

Fraudsters don't discriminate. They will target any advertiser, including your competitors. However, if your competitors are better at detecting and preventing fraud, they could gain an unfair advantage, acquiring market share at your expense.

Inaccurate Targeting

Fraudulent activities like geomasking can make it seem like your ads are effective in markets where they are not. The resulting data will lead you to make poor decisions about where to allocate your advertising budget in the future.

Legal Risks

Advertisers could face legal repercussions if ads end up on sites with illegal content due to fraud. Although the placement is unintentional, the onus may still be on the advertiser to ensure their ads appear in appropriate settings.

Decreased Investor Confidence

Ad fraud can indirectly impact a company's stock price or valuation. As performance metrics decline and customer acquisition costs rise, investor confidence can wane, impacting funding and financial stability.

Stakeholder Relationships

Whether it's investors, board members, or marketing partners, stakeholder relationships can be strained by the constant issues brought about by ad fraud. It could result in losing valuable partnerships and could require difficult conversations about why advertising objectives are not being met.

As you can see, ad fraud is not a problem to be taken lightly. It's a formidable obstacle that can cripple even the most well-planned advertising strategies. Acknowledging the myriad ways it can affect your operations, you are better positioned to implement strong defenses and mitigate these damaging impacts. 

Common Warning Signs of Ad Fraud

Since ad fraud comes in all shapes and sizes, no single tactic will be enough to protect publishers or advertisers. That said, a multi-level ad fraud detection plan can help alert you about fraud when it happens, allowing you to take defensive action.

Google Analytics and other such services can help monitor activity. However, even DIY tactics can detect and deter some types of ad fraud. Mostly, it requires basic analysis and common sense.

The following are a few of the key warning signs of ad fraud activity that you should watch for:

#1 Performance

If you’re looking for ad fraud, a lack of performance conversions (increased sales, for example) is a dead giveaway. An easy way to check is by comparing the performance of your display ad campaigns to other channels like Facebook, LinkedIn, or other well-known sites.

If 100 clicks from a Twitter ad result in 10 conversions, but your display advertising campaigns deliver zero, that should set off alarm bells. By the same token, something is still amiss if your display ads are bringing in 50 conversions compared to 5 via Twitter.

#2 Functionality

Take note of anything that seems out of the ordinary, like spikes in traffic that happen for no known reason. Certain fraud tools use historical data and statistical analysis to identify questionable events. But, even with these kinds of safeguards, you should stay alert for anomalies.

Some bots can be programmed to mimic human behavior, but most will not be that sophisticated. Look for tell-tale signs of real human behavior, such as visiting other pages on the site, filling out forms, and so on. Compare the results and look for any events that break the pattern.

#3 Unrealistic CTRs

Perhaps the most obvious red flag is an unrealistically high click-through rate (CTR). It can be easy to ignore this warning sign simply because you want it to be true. However, if you're experiencing CTRs 0.5%, you’ll probably need to check into things further.

This is especially true if you’re only getting those numbers from certain sites. Check your analytics for things like high bounce rates and short session durations.

#4 Unusual Traffic Spikes

When you experience sudden, unexplained bursts in website traffic or clicks, this could be a strong indicator of fraudulent activity. Automated bots programmed to simulate user behaviors can flood your site or ads with visits to rack up the numbers. These spikes are often inconsistent with your typical patterns of user engagement and usually don't lead to conversions.

#5 Low Engagement Rates

A high number of clicks coupled with unusually low levels of user engagement. Normally, legitimate traffic comes with a certain level of interaction, whether it's time spent on the site, scrolling through content, or completing desired actions like filling out forms. If you notice engagement metrics like average session duration or pages per session are down, despite a surge in clicks, you could be looking at fraudulent activity.

#6 High Bounce Rates

A bounce rate is the percentage of visitors who navigate away from the site after viewing only one page. While bounces are normal, an unusually high bounce rate, coupled with high click rates, could indicate click fraud. Bots programmed for this purpose click on an ad and then leave immediately, failing to interact with the page.

#7 Suspicious Geographic Location

Your analytics tools show that a large percentage of your traffic is coming from countries or regions where you do not operate or are not targeting your ads. Fraudsters often use techniques like geomasking or IP spoofing to disguise the true origin of traffic, making it appear as if it's coming from a more valuable geographic location.

#8 Odd Hours of Activity

Legitimate user activity usually aligns with certain expected patterns, often tied to time zones or typical waking hours. Do you see an unusual amount of clicks or activity happening at odd hours when your target audience should be asleep or otherwise inactive? This could be indicative of automated bot activity.

#9 Mismatched User-Agent Strings

User-agent strings provide details about a visitor's browser and operating system. Anomalies can be a strong indicator of fraud, such as a mismatch between the device type indicated in the user-agent string and the kind of device where the ad was supposed to be shown. For instance, if your campaign is aimed at desktop users, but the user-agent string suggests mobile browsers.

#10 Short-lived User Accounts

In models where advertisers pay for specific conversions, like account sign-ups, a sudden surge of new accounts that are created and abandoned almost immediately can be a sign of fraud. Click scammers use these fake accounts to perform specific actions that trigger commissions or bonuses, only to discard the accounts once they've received the payout.

Save time. Recover revenue. Prevent chargebacks.REQUEST A DEMO

Recognizing these red flags can enable advertisers to act swiftly and minimize the impact of ad fraud. If you pick up on these, and suspect ad fraud as a result, you should contact the publisher or your ad network immediately.

Our Top 10 Tips to Prevent Ad Fraud

As we mentioned earlier, ad fraud comes in so many variations that a “one-size-fits-all” solution isn’t feasible. Attacking the problem from multiple angles is the only way to effectively mitigate risk. Here are a few suggestions for creating an effective prevention plan:

Implement Ads.txt

The Ads.txt (Authorized Digital Sellers) initiative employs a simple text file that allows publishers to publicly list authorized sellers of their ad inventory. Advertisers can verify this list to ensure they're purchasing from legitimate sources.

Ask Your Customers

Don't underestimate the power of customer feedback. Provide an easy mechanism for visitors to report any suspicious activities they notice, like copycat websites or phishing emails. Direct communication with your audience can sometimes catch issues that automated tools miss.

Protect Your Site Elements

Scammers often clone legitimate websites by copying pictures, logos, and text. Use services that scan the internet for unauthorized usage of your content. Google's “exact match” alerts are a helpful starting point for monitoring content theft.

Partner with Trusted Vendors

Selecting a vendor with proven expertise in combating ad fraud is crucial. Reputable vendors will offer technologies for tracking traffic metrics, monitoring ad quality, and identifying bots or malware, often by using accredited third-party solutions.

Consider Blockchain

While it’s not yet in wide use, blockchain technology solutions can deliver absolute transparency. Anyone accessing the public record can identify traffic and track ad spend, making it difficult for fraudsters to hide their work.

Use Multi-Factor Authentication

Utilizing multi-factor authentication for account access adds an extra layer of security. It makes it more difficult for fraudsters to gain unauthorized access to your advertising accounts.

Conduct Regular Audits

Periodic audits of your traffic and conversion data can help you identify unusual patterns indicative of fraud. Look for irregularities in metrics like engagement rates, click-through rates, or geographic distribution.

Limit Programmatic Buys

Programmatic advertising automates the buying process. However, it can also make you more susceptible to fraud. Limit programmatic buys to known, trusted networks or private marketplaces to reduce exposure.

Educate Your Team

The first line of defense against ad fraud is often your own team. Make sure they are educated about the types of ad fraud and how to spot them. Encourage a culture of vigilance and continuous learning to stay ahead of new types of fraud.

Employ Affiliate Fraud Tools

While affiliate network anti-fraud tools can greatly mitigate fraud risk, help from the right outside vendor can greatly increase your protection. Affiliate-specific fraud tools are designed to give merchants deeper insight into their affiliate programs and help weed out fake clicks.

Preventing and detecting these types of fraud requires a combination of automated detection tools and manual oversight to safeguard the interests of both publishers and advertisers. 

Ad Fraud: an Ongoing Issue

Ad fraud is a constant push-pull between advertisers (and publishers) and cybercrooks. Fraudsters are getting more sophisticated, so it’s hard to know exactly how widespread the problem is.

On the other hand, awareness on the part of advertisers is higher, and technology detecting ad fraud keeps improving. Blockchain offers tantalizing possibilities, as do advances in machine learning.

The issue is far from resolved, but there is hope for the future. In the meantime, though, being proactive about ad fraud threat sources is the only way to protect yourself (and your ad budget).

FAQs

What is ad fraud and how does it work?

Digital ad fraud refers to any attempt to fraudulently siphon revenue from businesses through online advertising. Click fraud, domain spoofing, and cookie stuffing are all examples of ad fraud.

Fraudsters typically use bots to commit ad fraud. These are autonomous web programs that hackers design to conduct malicious activity, and they are abundant.

What is an example of ad fraud?

In one common example of click fraud, cybercriminals use bots to repeatedly click on an advertiser's pay-per-click ads, falsely inflating engagement metrics. The advertiser pays for these fake clicks, depleting their budget without gaining any real customer engagement. As a result, the scammer pockets the unearned commissions at the advertiser's expense.

Is ad fraud legal?

Ad fraud is illegal as it involves deception and theft from advertisers by falsifying engagement metrics and activities. Those engaged in ad fraud can face legal repercussions, including fines and imprisonment. Despite its illegality, ad fraud remains a persistent challenge in the digital advertising industry.

How does ad fraud make money?

Ad fraudsters make money by exploiting the financial mechanisms behind digital advertising. Advertisers pay for impressions, clicks, or conversions, but fraudsters use deceptive tactics to artificially inflate these metrics.

How does ad fraud occur?

Generally speaking, ad fraudsters exploit various elements of the advertising ecosystem to cheat advertisers and, sometimes, publishers out of money. They typically use sophisticated tactics, including but not limited to automated bots, fake websites, and data manipulation, to falsely inflate traffic, clicks, or engagement metrics.

Is ad fraud a problem?

Yes. According to recent estimates, US merchants lost $23 billion to ad fraud last year.

Like What You're Reading? Join our newsletter and stay up to date on the latest in payments and eCommerce trends.
Newsletter Signup
We’ll run the numbers; You’ll see the savings.
triangle shape background particle triangle shape background particle triangle shape background particle
Please share a few details and we'll connect with you!
Revenue Recovery icon
Over 18,000 companies recovered revenue with products from Chargebacks911
Close Form