Ad Fraud: Everything You Need to Know

Brock Munro
March 2, 2022
May 16, 2024
Ad Fraud: Everything You Need to Know

The advent of any new technology is—invariably—closely followed by its misuse, with this sequence of events clearly seen in the world of online advertising.

Some estimates suggest that the cost of ad fraud will hit $44 billion this year, accounting for 45% of total ad spend. Others suggest that the annual cost of ad fraud will grow from $35 billion in 2018 to $100 billion in 2023.

Regardless of which estimates you pick, the cost remains eye watering. The growing volume of global online advertising fraud underscores the need for advertisers and publishers to get ahead—and stay ahead—of those who abuse the system for their own financial gain.

Read on to learn what online advertising fraud is and how you can limit your exposure.

Table of contents:

What Is Ad Fraud?

Types of Ad Fraud

How Do Bots Drive Ad Fraud?

How Does Ad Fraud Affect Publishers?

How Does Ad Fraud Affect Advertisers?

How to Prevent Ad Fraud?

Final Thoughts

What Is Ad Fraud?

Ad fraud is the practice of inflating impressions, clicks or conversion data for financial gain, wasting the advertiser’s budget in the process.

The practice—also known as advertising fraud or digital ad fraud—covers a broad range of malicious activities in online advertising.

Ad fraud can be committed by cybercriminals—either working alone or in a group—as well as large organizations seeking an unfair advantage over their competitors. Regardless of the perpetrator, the result is always the same: money is wasted on ads that are not seen by their intended audiences.

Ad fraud can also be defined as Invalid Traffic (IVT), which refers to any online activity that is made up of non-human traffic. The Interactive Advertising Bureau (IAB) has broken such online activity into two categories:

  • General Invalid Traffic (GIVT) is generally performed by spiders or bots without the intent to commit ad fraud and so is considered the most acceptable form of invalid traffic
  • Sophisticated Invalid Traffic (SIVT), on the other hand, is designed with malicious intent and can include bots masquerading as humans while interacting with digital ads. SIVT is much harder to detect than GIVT.  

Ad Fraud Rates Around the World

The US and Canada ranked as the region with the highest ad fraud rate in 2020 at 2.1%, according to Statista. This was followed by Europe, the Middle East, and Africa (EMEA) at 2%.

Types of Ad Fraud

The digital ad fraud landscape is constantly changing, with mobile ad fraud as much a problem as fraudulent traffic on desktops. Here are some of the most common types of attacks targeting ad campaigns.

Click Fraud

Click fraud involves individuals or bots deliberately clicking on an advertiser’s pay-per-click (PPC) ad with no intention of buying the advertiser’s product.

Because such fake clicks create a false impression of the relationship between clicks and purchases, it’s one of the quickest ways that ad spend can be wasted.

Domain Spoofing

Domain spoofing occurs when a fraudster masquerades their fake site as a legitimate and, usually, highly sought-after site. They then trick advertisers into paying premium prices for low-quality ad space.

SDK Spoofing

SDK spoofing involves creating a bot within an app that then initiates fake clicks and app installs. Also known as traffic spoofing, SDK spoofing can trick advertisers into paying for app installs—sometimes, for as many as tens of thousands—that didn’t happen.

One of the most infamous cases of SDK spoofing involved DrainerBot, malware that generated video ad views without the knowledge of device users. It’s thought that apps containing DrainerBot were downloaded more than 10 million times.

Ad Injection

Fraudulent ads are placed on a publisher’s website without its knowledge and either replace the website’s existing ads or are positioned next to genuine ads.

Ad injection is usually conducted through compromised browser extensions, plug-ins and other types of malware.

It can be difficult to detect when it happens, as many popular security tools focus on server-side monitoring, while injected ads are inserted through the client-side of a connection.

Ad Stacking

Perhaps the best example of the old saying “nothing is what it seems”, ad stacking involves placing several ads on top of one another in one space.

The fraudster collects revenue for impressions claimed by each ad, even though the ad at the top of the stack is the only one visible to the user. 

Pixel Stuffing

As the name suggests, pixel stuffing occurs when individual pixels are converted into ad space. An ad is inserted into a tiny space—often 1x1 pixel in size—which allows impressions to be recorded, even though the ad itself is for all practical purposes invisible to visitors.

As with ad stacking, pixel stuffing enables fraudsters to place many more ads on a website than would otherwise be possible. 

Geo Masking

Geo masking, also known as location masking, capitalizes on the fact that traffic from one country or region can be more valuable than traffic from another.

Fraudsters use this type of ad fraud to disguise low-quality traffic and upsell to advertisers that think it’s higher quality traffic from a sought-after country or region.

How Do Bots Drive Ad Fraud?

As you’ve just read, bot traffic is behind some of the most common types of advertising fraud. But while bots can be trained to do any number of things, their nature is always the same: mimicking real user behaviors that include clicking on ads, watching video ads, or opening mobile apps.

With the spread of mobile technology, that ability to mimic real users has become even more of a problem. In April 2020, 29 fraudulent apps were removed from the Google Play store, but only after they’d already been downloaded 3.5 million times.

Just two months later, two barcode apps that produced ads that instantly vanished were also removed.

Another concern has been the growing availability of botnets, which are networks of bots. In 2020, the rate to hire someone to execute a Distributed Denial of Service (DDoS) attack fell to as little as $10 per hour

How Does Ad Fraud Affect Publishers?

Advertising fraud affects publishers in several ways. In an immediate sense, the revenue earmarked for publishers is claimed by fraudsters, as illustrated, for example, in cases of ad injection.

This not only reduces their income but, when it occurs repeatedly or over a long period of time, it can also damage the relationships that a publisher has built with both advertisers and clients.

More distressing still is that, in most cases, the publishers are not at fault. They’re simply unlucky enough to have had their websites infiltrated by fraudsters.

The consequences of advertising fraud go even further. As domain spoofing illustrates, some fraudsters are able to set up websites that seem legitimate, which then draw in advertisers. In such cases, ad space is often advertised at attractively low rates, which can drive legitimate publishers to do the same. This, in turn, only serves to deflate the wider marketplace and, ultimately, publishing revenue.

When ad fraud occurs, it can become difficult to distinguish high-quality ad space from fraudulent ad space. And with the breakdown in professional connections upon which ad networks depend, what suffers most is the lifeblood of the digital marketing industry: trust.

How Does Ad Fraud Affect Advertisers?

Ad fraud obviously wastes ad spend. It’s estimated that ad fraud will cost advertisers $44 billion this year. But ad fraud can affect advertisers far beyond their balance sheets.

The digital marketing team at an ad agency, for example, may be trying to gauge the effectiveness of one of their agency’s advertising campaigns. The problem, however, is that the campaign has been hit with ad stacking, making an accurate assessment extremely difficult. The campaign’s ads have received many impressions but relatively few clicks because of the ad stacking.

The team may assume that the campaign’s original message was ineffective, leading them to revise it. This is despite the fact that the ad might have been effective if it had been shown to its target audience. Such a situation, then, leads to more money and time being wasted.

Ad fraud may also end up encouraging unethical behavior among advertisers to their long-term detriment. For example, an agency may be aware its ads are attracting fake clicks, but may be reluctant to admit this to its clients as some of the campaign’s metrics—such as high click-through rates (CTRs) or ad impressions—paint an impressive but inaccurate picture of success.

Although such tactics will eventually damage the agency’s reputation, some may be prepared to risk everything for the sake of immediate profit.

Then there are those advertisers who simply won’t admit that they’ve been hit with ad fraud, fearing the fallout from such an admission. The end result is advertisers not doing their job properly and, as is the case with affected publishers, the erosion of their relationships with their clients.

In another sense, ad fraud can also undermine the wider community’s confidence in the digital advertising industry.

Governments, for example, may perceive the industry to be incapable of managing such a problem, prompting calls for greater regulation. And consumers, in turn, may see such calls as a sign that the promotion of some brands hasn’t been as ethical as it should have been.

How to Prevent Ad Fraud?

There’s no silver bullet for ad fraud, but with the right measures you can protect your marketing activities. What’s most important is that organizations work proactively to detect ad fraud as soon as possible in their ad networks. Here’s a list of the most effective ways to take the fight to the fraudsters.

Maintain an Ads.txt File

Ensure you have an ads.txt file that declares the ad networks, exchanges and supply side platforms (SSPs) who are allowed to re-sell your ad content.

Another thing to check is whether your monetization partner hosts a valid Sellers.json file, which enables advertisers to verify the origin of the ad space and impressions they’re buying.

Set Up IP Blacklists

When it comes to click fraud, setting up an IP blacklist on Google Ads can be effective. As soon as you receive suspicious clicks, blacklist the relevant IP addresses from viewing your ads in future.

Look Out for Copyright Theft

To stop someone from plagiarizing content from your website, it’s worth setting up exact match Google alerts or using a service such as Copyscape, which monitors your content across the Internet. If someone plagiarized your content, send them a takedown notice.

Set Up Custom Alerts

It can be difficult to spot ad fraud just by looking at on-page behavior. Because of this, you’ll need to look out for any sudden changes in your metrics and traffic. Google Analytics and other analytics tools allow you to create alerts based on sessions, page views and other metrics.

Question Your Metrics

Some forms of ad fraud generate metrics that seem unrealistic—for example, an ad that’s registered 100% viewability, or a report that there’s been zero exposure to ad fraud. Question metrics that don’t match the behavior of real users.

Question Anomalies

This time the focus is on ‘blips’ or metrics that just don’t seem right. If the click data in Google Ads, for example, is telling you that 90% of your clicks are from a country or region your ads aren’t targeting, that should raise a red flag.

Ask Your Users for Feedback 

Although some types of ad fraud, such as ad injections, can be difficult for site owners to spot, it can be easier for site visitors. Because of this, it’s worth making it easy for your site’s visitors to provide feedback on your pages and ads.

Work With a Trusted Vendor

Some ad tech vendors have specific expertise in monitoring traffic quality, as well as combatting ad fraud. Find such a vendor and work closely with them.

Check Third-Party Plug-Ins and Scripts

Various third-party CMS plug-ins, extensions and scripts have to be used to run certain forms of advertising and analytics. If you’re a publisher, don’t use such devices if they’re from a developer you don’t trust, as they can be a channel for ad fraud.

Before using a plug-in or other device, check its code to verify that it only does what it’s meant to do.

Inform Your Legal Team

There are many ads that are not regulated, and when ad fraud strikes then dealing with the problem can be challenging. Because of this, it’s worth informing your legal team or lawyer about your ad campaign before you launch it.

Learn More About Ad Fraud

It’s worth following industry groups such as the Association of National Advertisers, as they do important work in defining standards and educating and updating stakeholders about the latest news in digital advertising.

Final Thoughts

Ad fraud is a many-headed beast and, given the constantly changing digital advertising landscape, its movements can be difficult to track and predict. When it strikes, it wastes ad budgets, damages revenues, and erodes the relationships upon which successful ad networks are built.

But by becoming familiar with the various types of ad fraud and how they work, you can then set up measures to prevent ad fraud.

After all, the only things more effective than a carefully planned ad fraud scam are prepared and nimble advertisers and publishers.

Publift helps digital publishers get the most out of the ads on their websites. Publift has helped its clients realize an average 55% uplift in ad revenue since 2015, through the use of cutting-edge programmatic advertising technology paired with impartial and ethical guidance.

If you’re making more than $2,000 in monthly ad revenue, contact us today to learn more about how Publift can help increase your ad revenue and best optimize the ad space available on your website or app.

Grow with us

Grow your business with a sustainable, long term partnership. If you're making more than $2,000 in monthly ad revenue, contact us today to boost your revenue with our all-in-one solution.
Laptop screen with web page open

Success Stories