Digital ad fraud remains to be one of the most serious challenges affecting the programmatic ads market and limiting its growth. And despite various new tools and technologies used to counter it, the volume of fraud is on the rise. 

According to a report by Statista, it is estimated that the global losses related to digital advertising fraud will grow exponentially within the four years between 2018 and 2022, from US$19 bln to $44 bln per year. In 2020, advertising fraud caused economic losses of $35 bln worldwide. The total size of the global digital advertising market was estimated at $333 bln. Which means that ad fraud represents more than 10% of the whole market. 

We’ve already touched on the topic of ad fraud when talking about invalid traffic (IVT) and shadow banning, but ad fraud is a much more comprehensive and diverse field not limited to IVT. So today we are going to take a closer look at it and provide you with some basic information on the main ad fraud techniques popular among programmatic ads scammers today. 

What is ad fraud? 

 

Ad fraud in general is a practice of defrauding digital advertising networks, agencies and advertisers by creating fake online ad impressions, clicks, conversions or data events in order to generate revenue. 

The term ‘ad fraud’ got in wide circulation in late 1990-s, with the first research paper on the topic published in 1999. In 2016 World Federation of Advertisers published its first guidance on ad fraud, advising its members on how to fight this problem. 

Professionals in the advertiser’s side of this business, such as ad agencies and marketing specialists, name ad fraud as the worst aspect of programmatic ad buying. According to a recent survey by eMarketer, 38% of specialists working in the advertising industry believe that increasing levels of ad fraud is one of the leading issues limiting the development of the programmatic ads market. 

Ad fraud vs. IVT (invalid traffic)

It is also worth mentioning that ad fraud and invalid traffic are not the same thing, even though some people use these terms interchangeably. Invalid traffic is used to describe all ad clicks and impressions that were not made by a real user with genuine interest. There are different kinds of invalid traffic and not all of it can and should be qualified as fraudulent. Non-human ad impressions can be caused by search engine bots and other web crawlers. 

Latest Stories 

You can tell how common ad fraud is just by looking at the most notable cases of exposed ad fraud over the years. It seems like in 2020, a major scheme or solution was identified almost every month. In the first half of 2020, Pixalate uncovered DiCaprio, a CTV exploit designed to fool ad systems by making mobile devices look like Roku streaming apps, and later Monarch, another CTV/OTT ad fraud scheme stealing from premium brands and political ad budgets via Roku apps.

 

In February 2021, the 404bot, a large-scale ad fraud scheme where fraudsters took the advantage of ads.txt file vulnerabilities to impersonate a publisher’s webpage, was uncovered by DoubleVerify. 

In April 2020, the largest CTV ad fraud botnet operation ever, dubbed Icebucket, was identified. The operation has counterfeited more than 300 different publishers to date and spoofed at least 2 million IP addresses from over 30 countries, 99% of which were US-based.

In August 2020, a new ad fraud botnet, named MultiTerra, targeting premium publishers on connected CTV and mobile, was uncovered. It was stealing roughly $1 million per month from publishers by spoofing their ad inventory.

 

And this list could go on and on. 

Types of Ad Fraud 

Not all ad fraud is the same. On the contrary: there are countless different types of fraudulent activities in the digital advertising realm. Let’s go through some of the most common ones. 

 

• Botnet click fraud.

Fraudsters use botnets to generate fake advertising clicks and/or visits to websites displaying ads on a large scale. Botnets consist of multiple Internet-connected devices that have been compromised by an attacker. Each of these devices have click bots installed without the owner’s knowledge, which are used to generate fake clicks. 

 

• Click farms.

‘Click farms’ is a term used to describe organized groups of real workers who are performing clicks (typically for a low wage) on a massive scale on links provided by scammers. Click farms do the same thing click bots are doing, except fraud clicks are made by real users which makes it harder to identify and trace this type of ad fraud. 

 

• Ad stacking (hidden ads).

Ad stacking is a type of fraud widely used in programmatic ad sales. Several ads sold on the same website get stacked upon each other to mislead advertisers. This way, ads seem to have good viewability and are gaining impressions, despite in reality the ad is located under another ad and is not seen by the user. 

 

• Click stealing (click hijacking).

Click stealing is a bit more sophisticated type of as it involves scammers redirecting genuine user clicks to be clicks for different ads (hence, “stealing” a click for a real ad). In order for this scheme to work, the attackers need to compromise the user’s device, publisher’s website, a proxy server or an ad network platform by injecting malicious code.

 

• Domain spoofing.

Domain spoofing is when fraudsters are pretending to be a reputable company or one of its employees by using a domain that looks very similar to a real reputable domain. When it comes to ad fraud, domain spoofing is used to basically steal ad revenues from well-known brands like the authors of the Monarch scheme did. 

 

• Location-based spoofing. 

Location-based spoofing is currently growing in popularity along with increasing demand for location-based ad audience targeting. Using proxy servers and other techniques, fraudsters make certain devices look like they are in or around a specific location when in fact they can be thousands of miles away. For advertisers that rely on location-based targeting, such as retailers or restaurants for example, this can be a serious problem. 

 

• Fake app installations. 

Finally, fake app installations is one of the most common types of mobile ad fraud. With this method, fraudsters conduct installations of apps with ads on multiple mobile devices and interact with them generating paid clicks and impressions. This can be done both automatically (botnets) and manually (click farms). 

Summary 

Even though ad fraud is primarily the problem that advertisers, ad networks and agencies have to deal with, honest publishers are suffering from scammers just like the other market players. On a general level, the prevalence of ad fraud is decreasing ad prices for clicks and impressions, causing ad revenues to decline. Individually, a publisher can easily become a victim of ad scammers who are using techniques such as click hijacking or domain spoofing. 

This is why it is always a good idea to have your websites and ad inventory managed by professionals with proven expertise in the programmatic ads market. This is us! pubGENIUS’ ad ops specialists are well-versed in the best practices and trends of the industry. We know how to utilize innovative programmatic ad technologies to protect your ad inventory from fraudsters and achieve maximum ad revenues. We will make sure that your websites are optimized, and your ad inventory is set up and operating with maximum capacity at all times. 

 

Get in touch with pubGENIUS Team to get free consultation 🙂

Contact us