Explaining Ad Fraud and How It Affects Advertisers & Publishers
Ad fraud is a pervasive problem that infects every corner of the industry. Advertisers, publishers, marketers, and brands – they're all affected by the many different types of ad fraud and the way they distort clicks, impressions, and other metrics the digital ad ecosystem relies upon for its very survival.
But like many issues plaguing the ad industry, ad fraud is a complex, multi-tiered problem that wreaks havoc from different angles – most notably by way of fraudulent, invalid traffic (IVT) or malware & malvertising. Whatever route it takes, however, the results can devastate the industry, either from advertisers paying for ads the audience never sees, or bad ads and their malicious activities & payloads. Given that complexity, we wanted to closely examine ad fraud, the different types found across the ecosystem, and what you can do to protect yourself from its negative impact.
The Evolution of Ad Fraud
Five years ago, the most prevalent form of ad fraud was fraudulent traffic, making its presence known over a few years as odd click-through rates and traffic patterns started to perplex the industry. But as more industry experts looked under the hood, it became obvious that fraudulent traffic had permeated the ecosystem.
At its peak in 2015, IVT cost the industry $4.6B per year in lost ad spend. After time, though, companies developed and adopted solutions to identify, catch, and prevent fraudulent traffic, and bodies like IAB and TAG published regulations to help curtail the issue. While IVT remains a problem, it’s now closely monitored by advertisers, platforms and publishers alike.
But given how smart fraudsters are, there are always new loopholes to expose and leverage, especially in this open digital ad ecosystem. What was once viewed purely as traffic fraud has now exploded into its own not-so-cottage industry, where a relatively generic term like ad fraud equates to several different ways that fraudsters work the system.
Today, from those straightforward roots of fraudulent click-through rates and traffic patterns, we now venture into new malicious territory, where bad ads and invalid traffic are two sides of the same destructive ad fraud coin. In today’s environment, while invalid traffic continues to garner attention, it’s the bad actors hijacking ads to exploit budgets and deliver bad experiences to the end-user that captures most of the attention.
In other words, ad fraud now encompasses both IVT as well as malware, auto redirects, and many other forms that, collectively, put additional stress on advertisers in an already volatile, crowded, and competitive landscape.
Ad Fraud in 2020
We concede that the term ad fraud now means so many different things, a comprehensive conversation on the topic could last for days. However, not all forms of ad fraud are created equally, and there are some especially problematic types that we want to zoom in on.
Traffic Fraud: Beware of the Bots
As we mentioned, traffic fraud is the common ancestor in the ad fraud family tree. But what started as fraudulent click-through rates has now turned into a digital goldmine for fraudsters and newer iterations of traffic fraud through both IVT and non-human traffic (NHT).
In general, traffic fraud is a more widely reported issue as it deals with advertisers spending money on ads never seen by the target audience. In its most current forms, traffic fraud typically refers to ads delivered to bots or at least never seen by a human. Although fraudsters have several different tricks up their sleeves to create fraudulent traffic that appears legitimate, there are three primary offenders.
- Domain spoofing – Falsely reports a served ad’s domain so that end users think, for instance, they’re running on the NY Times website and paying a high CPM. In reality, it’s either bot or low-quality traffic acquired for fractions of a penny.
- Fake websites – Using bot traffic coupled with different tactics to increase CPMs and page views so fraudsters can earn ad revenue.
- Stacked or non-viewable ads & pixel stuffing – Loading multiple ads on top of each other, into a 1X1 frame so no-one can see them, or loading and running ads below the fold in windows that aren't viewable. This traffic fraud is especially common with video.
Malware & Malvertising: Click with Caution
We can argue that bad actors use IVT and NHT with malicious intent by fraudulently profiting from what should be industry gains. However, most of the ecosystem associates the “malicious” label with malware & malvertising, where fraudsters deliver a malicious payload or activity through an ad.
At Ad Lightning, we see over 1,000 active threats every month, trying to steal personal information, arbitrage video CPMs, generate additional IVT, and a host of other malicious activity. Naturally, this warrants a closer look at the different types of malware & malvertising to give you a better idea of what the industry is up against.
Ad & video stuffing – An ad delivers multiple creatives or runs multiple illegal auctions in a single impression. These ads “stuff” numerous unviewable ads into one slot so that the fraudster can monetize the impresion. They often arbitrage the display CPM price while charging advertisers the video CPM price.
Malicious browser extensions – Inject unsolicited script to hijack ad slots, track users, redirect users to unsafe pages, entice users to install other malicious extensions, and perform other malicious activity like crypto mining.
Trojan horses – Malicious code or software that looks legitimate to the user but can quickly infect their machine.
Phishing scams – Collect personal information like usernames, passwords, phone numbers, and Social Security numbers, usually through a fake company support page or or promise of a gift card.
Auto redirects – Forcefully redirect users to a new page or ad, usually in an attempt to trick the user. It’s common for auto redirects to lead to a piece of malware or a phishing scam.
Between these two main types of ad fraud, traffic fraud and malware & malvertising, researchers estimate that the industry loses approximately $20 billion every year. It's a complicated problem that lacks a cohesive, unified approach from digital ad participants. Ultimately, it's going to take the cooperation of advertisers, publishers, and exchanges alike to root out the problem.
In the meantime, publishers have effective solutions to protect themselves from much of the dangers of ad fraud, especially through holistic technologies that stop the ads before they can wield any damage. Ad Lightning's solution, for instance, identifies and addresses the malware that drives fake ads and the fraudulent, often malicious intent from their creators.