Ad FraudWhy Don’t Advertisers Notice When Criminals Are Robbing Them Blind?

Domain spoofing could be described as “site impersonation.” Here, the scammer builds a site deliberately designed to look like a reputable publisher. Unwary advertisers are scammed into paying premium prices for ads on the counterfeit site.

For example, the fraudster might promise advertisers ad placements on auto industry publication CarAndDriver. The fraudster creates and hosts a professional-looking website using the domain “CarDriver.com.” Advertisers then pay the fraudster a premium price, believing their ads will appear on the more heavily trafficked site.

Click fraud, also known as pay-per-click fraud, is a way to artificially inflate traffic for online advertisements. Bots (or occasionally humans) target pay-per-click (PPC) ads and pretend to be legitimate site visitors.

This can deplete an advertiser’s budget or skew the ad’s performance. In most cases, the goal is to steal revenue by repeatedly clicking on ads, as each click requires the ad network to pay the phony publisher.

Cookie stuffing is fraud aimed specifically at the affiliate marketing space. Affiliate marketing is where an advertiser works with a network of third-party affiliates to drive traffic to the site.

Cookie stuffing is the practice of secretly sneaking affiliate tracking cookies onto the user’s browser. For example, if a user makes a qualifying purchase, the fake cookie tells the advertiser to send a commission to the cookie-stuffing scammer.

Along the same lines, pixel stuffing hides an invisible ad inside a 1 pixel × 1 pixel square. Any impressions the legitimate ad gets are also received by the ads crammed into the stowaway pixel, stealing credit (and commissions) while delivering zero benefits to the advertiser.

A similar trick (mostly used on mobile devices) is ad-stacking, where ads are literally hidden (stacked) behind the real ad that the user sees. The fraudster gains impressions for as many ads as they’re able to pile up behind the legitimate message.

Fraudsters can manipulate the information sent back to ad servers during an ad interaction. This could include fake viewability metrics, false user interaction rates, or misleading engagement statistics. In-ad data spoofing makes the ad performance seem better than it actually is.

Whenever ads are shown on YouTube videos, the advertiser is charged a fee. Naturally, the most frequently viewed videos demand the highest price per view.

Spammers program bots to automatically “watch” the ads, generating false metrics that make it seem like the ads are getting more views than they actually are. The fraudster charges premium prices for the alleged “traffic,” even though human eyes never see the videos.

Geomasking is the practice of disguising the geographic location where certain web traffic originates. Obviously, different regions of the world have more or less value as a market. Fraudsters can exploit this by spoofing IP addresses to make the traffic look more valuable and then increasing advertising fees accordingly.

Here, a scammer serves basic, non-dynamic display ads, but reports them as more expensive video ads. Since video ads generally command higher rates, this scam significantly inflates costs for advertisers while providing no additional value.

A trick more commonly used with mobile advertising, fake installs are exactly as the phrase describes.

Scammers use emulation software to install fake apps that look and act like the genuine article. The program asks for data access during the alleged install, thereby gaining permission to access a device's information. An app gets installed on the unknowing user’s device, and the advertiser pays the marketer a commission for the install.

Ad tag tampering involves altering the code snippets (ad tags) used to display advertisements. Fraudsters manipulate these tags to misrepresent the type of content with which the ad will appear, or to siphon off ad revenue intended for legitimate publishers.

Similar to "man-in-the-middle" attacks, SDK (software development kit) spoofing involves a scammer decrypting SSL protection. The aim here is to allow the scammer to understand URL calls that symbolize in-app activities. This allows them to fabricate false app installations.

Some advertisers pay based on the number of app installs a partner generates. By using real devices operated by bots or emulator software, fraudsters can artificially inflate app installation figures. This creates the illusion that genuine users interact with the software when real people aren’t even viewing the ads.

In addition to the financial impact on the advertiser, rogue actors can also employ ads as a vector for malware distribution.

The scammer is paid to run an ad, but embeds a hazardous iframe within a website. If a viewer clicks the ad, it then reroutes the user to another site containing malware or spyware to harvest sensitive personal information.

In this tactic, fraudsters layer multiple advertisements, all stacked on top of one another in a single ad slot. To the user, it visually appears as if there's only one ad. In terms of the data reported to the advertisers, though, multiple ads are being “viewed” by that user. Each one racks up a charge for the advertiser.

In this type of fraud, scammers create fake websites or web pages that simulate real inventory, often mimicking popular websites. Advertisers think they are buying valuable inventory, but their ads are on dummy websites with little to no genuine user traffic.

The most direct impact of ad fraud is financial. Advertisers pay for impressions, clicks, or actions that have no value because genuine users do not generate them. This is essentially money down the drain, reducing the ROI of advertising campaigns.

Ad fraud can throw off key performance indicators (KPIs), making it difficult for advertisers to understand what's actually working. Bot traffic and fraudulent clicks inflate numbers, leading to incorrect conclusions and ineffective future strategies.

With a significant chunk of the advertising budget being siphoned off by fraudsters, the actual cost to acquire a legitimate customer becomes artificially high. This reduces the profitability of all customer relationships.

Time spent identifying, understanding, and combating ad fraud takes away from other essential activities. It often requires an investment in specialized tools or services for fraud detection, diverting resources from other areas.

When ads appear on fraudulent or inappropriate sites due to domain spoofing, this can seriously harm a brand's image. Even if an advertiser receives a refund for the fraudulent activity, the damage to their reputation can have long-lasting effects.

Fraudsters don't discriminate. They will target any advertiser, including your competitors. However, if your competitors are better at detecting and preventing fraud, they could gain an unfair advantage, acquiring market share at your expense.

Fraudulent activities like geomasking can make it seem like your ads are effective in markets where they are not. The resulting data will lead you to make poor decisions about where to allocate your advertising budget in the future.

Advertisers could face legal repercussions if ads end up on sites with illegal content due to fraud. Although the placement is unintentional, the onus may still be on the advertiser to ensure their ads appear in appropriate settings.

Ad fraud can indirectly impact a company's stock price or valuation. As performance metrics decline and customer acquisition costs rise, investor confidence can wane, impacting funding and financial stability.

Whether it's investors, board members, or marketing partners, stakeholder relationships can be strained by the constant issues brought about by ad fraud. It could result in losing valuable partnerships and could require difficult conversations about why advertising objectives are not being met.

The Ads.txt (Authorized Digital Sellers) initiative employs a simple text file that allows publishers to publicly list authorized sellers of their ad inventory. Advertisers can verify this list to ensure they're purchasing from legitimate sources.

Don't underestimate the power of customer feedback. Provide an easy mechanism for visitors to report any suspicious activities they notice, like copycat websites or phishing emails. Direct communication with your audience can sometimes catch issues that automated tools miss.

Scammers often clone legitimate websites by copying pictures, logos, and text. Use services that scan the internet for unauthorized usage of your content. Google's “exact match” alerts are a helpful starting point for monitoring content theft.

Selecting a vendor with proven expertise in combating ad fraud is crucial. Reputable vendors will offer technologies for tracking traffic metrics, monitoring ad quality, and identifying bots or malware, often by using accredited third-party solutions.

While it’s not yet in wide use, blockchain technology solutions can deliver absolute transparency. Anyone accessing the public record can identify traffic and track ad spend, making it difficult for fraudsters to hide their work.

Utilizing multi-factor authentication for account access adds an extra layer of security. It makes it more difficult for fraudsters to gain unauthorized access to your advertising accounts.

Periodic audits of your traffic and conversion data can help you identify unusual patterns indicative of fraud. Look for irregularities in metrics like engagement rates, click-through rates, or geographic distribution.

Programmatic advertising automates the buying process. However, it can also make you more susceptible to fraud. Limit programmatic buys to known, trusted networks or private marketplaces to reduce exposure.

The first line of defense against ad fraud is often your own team. Make sure they are educated about the types of ad fraud and how to spot them. Encourage a culture of vigilance and continuous learning to stay ahead of new types of fraud.

While affiliate network anti-fraud tools can greatly mitigate fraud risk, help from the right outside vendor can greatly increase your protection. Affiliate-specific fraud tools are designed to give merchants deeper insight into their affiliate programs and help weed out fake clicks.