An Easy Guide to Understanding Ad Fraud
Table of Contents
A recent study by 16 leading programmatic publishers, including Business Insider, The Washington Post, and The New York Times reveals an alarming volume of counterfeit inventory across display and video ads.
Having examined the total inventory across 26 domains, the study found that video callouts were overstated more than 57 times the available inventory, accounting for over 700 million counterfeit call-outs a day. Meanwhile, display callouts were overstated by 4 times, suggesting that publishers lose an estimated $3.5 million to ad fraud daily.
Whether you’re a publisher or an advertiser, ad fraud can negatively impact your bottom line. However, there are steps you can take to prevent, detect, and address it. First, however, it’s critical to understand ad fraud and how it works. Read on to learn more.
What is Ad Fraud?
Ad fraud comes in many forms, but it is generally defined as any activity that dupes advertisers into paying for:
- Non-Compliant Ads: Advertisements that appear on sketchy websites, redirect to the wrong URL, or target the wrong audience, resulting in wasted impressions and clicks
- Fake Clicks: Spoofing pay-per-click (PPC) ads to increase site revenue or deplete a company’s ad budget
- Fake Impressions: Involves selling ad inventory on fake websites and setting up bots to generate large amounts of false impressions; dupes advertisers into paying the full price of zero-value impressions
Common Types of Ad Fraud
Ad fraud generally falls into two categories—mobile ad fraud and desktop ad fraud. Here’s how they differ:
Mobile Ad Fraud
This type of fraud occurs when illegal revenue is generated from mobile campaigns. They are typically app-based and follow either a cost per install (CPI) or cost per action (CPA) scheme.
- SDK Spoofing – Also known as SDK hacking, SDK spoofing is a type of bot-based fraud that involves installing malware on apps. The perpetrator hacks mobile measurement partners (MMPs), companies that measure campaign performance, and listens to their communication with ad networks and app stores. They then replicate this information, which simulates ad clicks, real installs, and in-app events. This data is sent through malware like Trojan APK, Trojan SDK, and botnets. When successful, this tactic dupes advertisers into paying for hundreds and thousands of installs that did not actually happen.
- Click Spamming – Click spam occur when the perpetrator floods the MMP or attribution tool with fake clicks in hopes of generating organic installs. The organic install is then mistakenly credited to the fake click as a paid install and therefore receives the advertiser’s money.
- Bots and Emulators – Back in the day, gamers used software to emulate Nintendo systems so they could play their favorite console games on PC. Mobile bot fraud works similarly. Emulators are used to mimic legitimate users, simulating actions like ad clicks, in-app engagement, and real installs.
- Device Farms – Device farming involves manually performing actions like clicks and installs to simulate engagement from “real users.” While it is common among ad fraudsters, this tactic is also used by unscrupulous individuals to generate fake social media followers and an influx in in-app store downloads, ratings, and reviews.
- Click Injection – Another form of click-based fraud, click injection uses apps on a user’s phone to listen to installation broadcasts. Through malware, the perpetrators are informed when new apps are installed, prompting fake clicks before installation is completed. The MMP will then attribute the install to the fake click, and the perpetrator takes credit for the install.
Desktop Ad Fraud
This type of fraud occurs when illegal revenue is obtained from desktop advertising campaigns, including native advertising, programmatic advertising, cost-per-click, display advertising, and impression campaigns.
- Click Farms – Click farming works similarly to device farming but is exclusive to fake clicks. Poorly paid workers are tasked by the fraudster to generate impressions —they click links, surf websites, follow accounts, sign up for newsletters, and more.
- Cookie Stuffing – Also known as cookie dropping, cookie stuffing is a type of affiliate fraud that plants third-party cookies into a user’s web browser. The malicious cookies prompt e-commerce sites with affiliate programs to misattribute the traffic to the fraudster.
- Ad Stacking – As its name suggests, ad stacking involves stacking multiple ads on top of each other in the same ad space. But, the user can only see the ad on top. Despite this, advertisers are still charged for the impressions and clicks generated by the fraudulent ads. Also, since the hidden ads are technically functional and meet pixel requirements, advertisers still have to pay for them.
- Pixel Stuffing – Similar to ad stuffing, this scheme involves stacking multiple ads on top of each other, but only one is visible to the user. Unlike ad stuffing which uses full-sized ads, pixel stuffing conceals minuscule ads (undetectable by the human eye) within a normal-looking ad. Without knowing it, users view and click multiple ads, and the perpetrator receives the payout for the fraudulent impressions.
- Domain Spoofing – Another form of impression ad fraud, domain spoofing involves using a company’s domain to impersonate the business or one of its employees. The fraudster sends emails containing false domains or creates websites that can easily be mistaken as the original domain. Visitors will typically enter sensitive data like credit card details, thinking that they are on the right website.
- Ad Injection – This scheme occurs when fraudsters inject ads into a website without the user or domain owner’s consent. The unauthorized ads are dispatched when users unknowingly download malicious toolbar extensions or adware plugins. Users who click on these ads are redirected to other domains.
How to Detect Ad Fraud
While ad fraud is irreversible, there are precautions that you can take to prevent similar issues in the future. One is to catch them early before significant damage occurs.
You can fight ad fraud using these detection methods:
- Signature-Based Detection – This method enables publishers to detect suspicious activities, impressions, clicks, and traffic. It involves comparing a set of patterns with monitored activity to identify suspicious activities.
- Anomaly-Based Detection – This type of detection utilizes statistical analysis and historical data to spot anomalies in websites and ad spaces. Suspicious activities that may trigger further investigation include sudden spikes in website traffic and questionable ad space placements. This method helps detect bot-based and click-farm ad frauds.
- Credential-Based Detection – The credential-based method helps predict potential fraudulent activities. It uses reverse crawling to scan content and its tagging before comparing them with requirements for impressions. Also, it compares the gathered data with reputable ranking tools like Alexa. If data doesn’t add up, it is assumed that fraudulent activities will likely occur.
- Honey-Pot Based Detection – This method uses honeypot, a computer security mechanism, to detect, deflect, and, to some degree, counteract malicious bots and ad-network crawlers.
Enjoy Safe and Secure Video Advertising
Familiarizing yourself with the different types of ad fraud is only the first step to prevention. The second and arguably most crucial step is finding an ad platform that is a safe and secure environment.
Aniview, a trusted video advertising agency, has partnered with Fraudlogix to bring advertisers tried-and-tested fraud detection and management solutions. By leveraging Fraudlogix’s fraud prevention tools, users can detect non-human traffic across all in-stream, out-stream, and in-banner video campaigns.
Join the over 500 million monthly active users that Aniview provides with innovative and secure advertising and monetization solutions. Reach out to us now to learn more about our services.