In 2020, ad fraud actually surpassed credit card fraud in terms of both money lost and as a percentage of the industry revenue. In fact, according to research from Cheq, ad fraud makes up 10.5% of all digital marketing activity.
Of course, there are huge sums of money involved. And, despite the efforts of the major advertising platforms, there seems to be no end to the growth of ad fraud.
Increasingly marketers are aware that they need to avoid ad fraud. As a result of this, the market for ad fraud prevention is growing rapidly.
So what can you do? And is ad fraud an issue that really affects your business?
What is ad fraud?
Ad fraud is the practice of fraudulently inflating the views or clicks on an online ad for financial gain. This normally involves hosting ads on a website or app and generating fake traffic, or invalid traffic, in a number of ways.
Primarily, ad fraud is a money making scheme for unscrupulous app and bot developers or website owners.
Creating a successful digital ad fraud campaign takes a level of technical expertise.
For example, many campaigns involve using complex technical features such as domain spoofing, pixel stuffing or click injection – all designed to maximize impressions and fool marketers. There’s also the matter of hiding traffic sources, generating fake traffic and tactics such as impression fraud to fool the advertising platforms and bring in as much money as possible.
Ad fraud or click fraud?
Ad fraud is a form of click fraud, although one that is more organized. In fact, click fraud covers less organized forms of fake clicks and impressions, such as intentional malicious clicks from individuals
Research from the University of Baltimore and Cheq found that ad fraud and click fraud cost marketers $35 billion in 2020, with that amount thought to have exceeded $40 billion in 2021.
As ad fraud isn’t technically illegal, bringing legal charges against ad platforms or even ad fraud operators can be long winded and complicated. Google, Bing and others do have some processes to protect against the most obvious sources of click fraud, although this is widely considered to be inadequate.
Read more about click fraud in our complete guide
What Are the Different Types of Ad Fraud?
Although the definition of ad fraud often involves bots or automated processes, there are other methods that include the human touch. These ad fraud techniques are the most common that you’re likely to encounter.
Hidden Ads or Ad Stacking
There are several practices whereby sites can host ads which are technically not viewable by the human eye. Displaying the ad in a 1×1 pixel square, stacking multiple ads on top of one another or displaying the ad outside of the viewable area are the most common practices.
Using this approach the site owner will get a payout for the ad being displayed, but the advertiser will see little or no traffic or clicks as a result.
- Ad displayed in an imperceptible format
- Zero to extremely low chance of traffic
- Often used by fraudulent publishers looking to profit from multiple ads on their sites
Click Farms
Click farms are one of the main forms of mass produced traffic for ad fraud. Essentially, bots or real people are hired to click on your ad. Of course these are not potential genuine customers, so that click is worthless to the advertisers.
A click farm can be an actual place, often a warehouse in the developing world with hundreds of people assigned to like, click and interact with content for hours a day.
Click farms can also take the form of remote workers. You might have seen those ‘make $ working from home’ ads online. Some of these can be remote clicking work, using PTC (paid to click websites or apps). These paid to click businesses have been growing in size in recent years and now present a real problem to marketers.
- Real people from unique IP addresses make click farms hard to combat
- Non-genuine traffic with no chance of a conversion
- Used by organisations looking to boost their views (often through paid campaigns)
Bot Traffic
The number one source of ad fraud, bot traffic refers to automated systems set up to click or interact with sites. However, not all bots are created equal.
Simple bot programs are often set up to do simple repetitive tasks such as scanning through domains clicking on a set group of ads or performing a single repeated action across multiple sites. These types of bots are relatively easy to spot as they have a consistent IP address and cookie profile.
You might have noticed simple bot behaviour with spam messages in your inbox, or if you run a blog or website you will probably have seen spam comments.
Increasingly sophisticated bot traffic is where headaches start for advertisers. These can do more complex tasks such as:
- rotating IP addresses
- mimicking user behaviour
- using proxy servers to disguise their location
These bots can play the PPC system, both maximising exposure to the highest paying ads and creating traffic that looks authentic for a higher chance of a big payout.
- The main source of fraudulent clicks and ad fraud
- Simple bots are easy to combat as they have predictable and simple behaviour
- Complex bots are often used by criminal organisations to boost their income
Hijacking Clicks or Ads
This clever method uses malware to hijack the ad (also dubbed as clickjacking, click injection, or malvertising) on a website and replace the code in the hijackers favour.
For example, by changing the ad displayed, the hijacker can display their ad and not pay for the placement, with the original advertiser picking up the bill.
This can also work to redirect clicks to a different site even if the original ad is displayed. So the advertiser pays for the click but the hijacker benefits from the traffic generated.
- Malware designed to change the code of a display ad in the hijackers favour
- Can either divert traffic from genuine ads, or display a different ad on top of the advertisers’
- Click injection can claim organic clicks fraudulently on hidden links and ads (without the users knowledge)
Impression Laundering or Arbitrage
This clever form of ad fraud siphons off legitimate display advertising onto less relevant, or sometimes downright shady sites. These sites usually also have high traffic. This usually hits advertisers with a high price CPM (cost per mile) campaign, where the ad success is measured in impressions rather than actual clicks.
By using a series of clever redirects, as far as the advertiser is concerned their ad is being displayed on legitimate partner sites.
- Ads can be seen on irrelevant sites, or sites promoting illegal activity
- These sites tend to be high traffic so impressions can be very high
How to Protect Yourself From Ad Fraud
Although these are the most common types of ad fraud, the goalposts are always moving and new forms of PPC fraud are pop up regularly. And, as the practice isn’t outlawed, it can be very tricky to minimise or even be aware of your exposure to ad fraud.
There are a few things you can do to limit your exposure to ad fraud and get your ad spend under control. Some are things you can do in your PPC campaign set up, others will involve using a paid service. Depending on the potential for gain or loss, you might want to weigh up which is best for your business.
Monitor your data
At the absolute minimum, keeping an eye on your traffic sources and CTR data will help you to identify if something fishy is going on. If traffic appears to be coming from a suspicious location, or you’re experiencing a high CTR but little in the way of conversions then look closely at your online advertising partners and consider limiting traffic from certain locations.
Blacklists
If you suspect dodgy traffic is coming from some less salubrious partners, you can blacklist certain domains and IPs of “users” that click. As you have little control over malware or traffic coming through those sites, keeping them blacklisted is a good way to avoid the fraudulent traffic that they might be attracting.
Ad Fraud Protection
With the rise of ad fraud, it’s advisable to use fraud detection services such as ClickCease. Click fraud prevention services are designed specifically to defend and protect your digital advertising campaigns. The sophisticated algorithms help protect against bot traffic, click farms and other forms of invalid traffic such as VPNs.
Ad fraud protection is particularly suited to high value or high volume campaigns, especially those targeting competitive keywords. Marketing agencies dealing with multiple clients will especially see the benefits, although some surprising industries do fall foul of click fraud and ad fraud.
Check out our full report into the impact of click fraud on SME businesses here.
ClickCease is designed to protect online ads on the major ad networks, including Google, Facebook and Microsoft/Bing. Stop bots, get more leads and maximise the return on your ad revenue by using ClickCease.
Sign up for a free trial and run your own ad fraud audit.