What is Ad Fraud? Why It Matters & What You Can Do

Ad fraud actually surpassed credit card fraud in terms of volumes of money lost. But, what is ad fraud?

Put simply, ad fraud is the practice of hosting ads on a publishing platform and inflating the volume of clicks, impressions or conversions to collect a payout.

Primarily, ad fraud is a money making scheme for unscrupulous app and bot developers or website owners. There is a certain expertise needed to create a successful ad fraud campaign, often involving hiding traffic sources, generating fake traffic and sneaky tactics to collect more money for more ads.

It’s technically a more organised form of click fraud, the difference being that click fraud is often a form of casual vindictive behaviour.

Research from the University of Baltimore and Cheq found that ad fraud and click fraud cost marketers $35 billion in 2020, with that amount set to rise in 2021. As ad fraud isn’t technically illegal, there are currently very little resources deployed to combat it. Google, Bing and others do have some processes to protect against the most obvious sources of click fraud, although this is widely considered to be inadequate.

What Are the Different Types of Ad Fraud?

Although the definition of ad fraud often involves bots or automated processes, there are other methods that include the human touch. These ad fraud techniques are the most common that you’re likely to encounter.

ad fraud is the practice of hosting ads on a publishing platform and inflating the volume of clicks, impressions or conversions to collect a payout.

Hidden Ads or Ad Stacking

There are several practices whereby sites can host ads which are technically not viewable by the human eye. Displaying the ad in a 1×1 pixel square, stacking multiple ads on top of one another or displaying the ad outside of the viewable area are the most common practices.

Using this approach the site owner will get a payout for the ad being displayed, but the advertiser will see little or no traffic or clicks as a result.

• Ad displayed in an imperceptible format
• Zero to extremely low chance of traffic
• Often used by fraudulent publishers looking to profit from multiple ads on their sites

Click Farms

Click farms are one of the main forms of human powered ad fraud. Essentially, real people are hired to click on your ad, although they are not legitimate customers and will not actually complete a sale, making their click worthless.

A click farm can be an actual place, often a warehouse in the developing world with hundreds of people assigned to like, click and interact with content for hours a day. Click farms can also take the form of remote workers. You might have seen those ‘make $ working from home’ ads online, which are often a type of click farm. These ‘paid to click‘ businesses have been growing in size in recent years and now present a real problem to marketers.

• Real people from unique IP addresses make click farms hard to combat
• Non genuine traffic with no chance of a conversion
• Used by organisations looking to boost their views (often through paid campaigns)

Bot Traffic

The number one source of ad fraud, bot traffic refers to automated systems set up to click or interact with sites. However, not all bots are created equal. Simple bot programs are often set up to do simple repetitive tasks such as scanning through domains clicking on a set group of ads or performing a single repeated action across multiple sites. These types of bots are relatively easy to spot as they have a consistent IP address and cookie profile.

You might have noticed simple bot behaviour with spam messages in your inbox, or if you run a blog or website you will probably have seen spam comments.

Increasingly sophisticated bot traffic is where headaches start for advertisers. These can do more complex tasks such as:

• rotating IP addresses
• mimicking user behaviour
• using proxy servers to disguise their location

These bots can play the PPC system, both maximising exposure to the highest paying ads and creating traffic that looks authentic for a higher chance of a big payout.

• The main source of fraudulent clicks and ad fraud
• Simple bots are easy to combat as they have predictable and simple behaviour
• Complex bots are often used by criminal organisations to boost their income

Hijacking Clicks or Ads

This clever method uses malware to hijack the ad (also dubbed as: malvertising) on a website and replace the code in the hijackersfavour. For example, by changing the ad displayed, the hijacker can display their ad and not pay for the placement, with the original advertiser picking up the bill.

This can also work to redirect clicks to a different site even if the original ad is displayed. So the advertiser pays for the click but the hijacker benefits from the traffic generated.

• Malware designed to change the code of a display ad in the hijackers favour
• Can either divert traffic from genuine ads, or display a different ad on top of the advertisers’

Impression Laundering or Arbitrage

This clever form of fraud siphons off legitimate display advertising onto less relevant, or sometimes downright shady sites. These sites usually also have high traffic. This usually hits advertisers with a high price CPM (cost per mile) campaign, where the ad success is measured in impressions rather than actual clicks.

By using a series of clever redirects, as far as the advertiser is concerned their ad is being displayed on legitimate partner sites.

• Ads can be seen on irrelevant sites, or sites promoting illegal activity
• These sites tend to be high traffic so impressions can be very high

How to Protect Yourself From Ad Fraud

Although these are the most common types of ad fraud, the goalposts are always moving and new forms of digital fraud are developed almost daily. And, as the practice isn’t outlawed, it can be very tricky to minimise or even be aware of your exposure to ad fraud.

There are a few things you can do to limit your exposure to these potentially expensive practices. Some are things you can do in your PPC campaign set up, others will involve using a paid service. Depending on the potential for gain or loss, you might want to weigh up which is best for your business.

Monitor your data

At the absolute minimum, keeping an eye on your traffic sources and CTR data will help you to identify if something fishy is going on. If traffic appears to be coming from a suspicious location, or you’re experiencing a high CTR but little in the way of conversions then look closely at your advertising partners and consider limiting traffic from certain locations.

Blacklists

If you suspect dodgy traffic is coming from some less salubrious partners, you can blacklist certain domains and IPs of “users” that click. As you have little control over malware or traffic coming through those sites, keeping them blacklisted is a good way to avoid the fraudulent traffic that they might be attracting.

Ad Fraud Protection

With the rise of ad fraud and click fraud you’ll find services such as ClickCease designed specifically to defend and protect your ad campaigns. The sophisticated algorithms help protect against bot traffic, click farms and multiple clicks on ads from suspicious IP addresses.

Ad fraud protection is particularly suited to high value or high volume campaigns, especially those targeting competitive keywords. Marketing agencies dealing with multiple clients will especially see the benefits, although some surprising industries do fall foul of click fraud and ad fraud.

Check out the full report into the ipact of click fruad on SME businesses here.

If you’re using Google Ads or Bing Ads, sign up for a free trial of ClickCease to for your own ad fraud audit.