Understanding Ad Fraud: relatively short guide

May 2018

There is always someone who thinks he is smarter than the others who want to extract an extra buck or two without breaking a sweat due to some elaborate sleight of hand shenanigans. Cue Ad Fraud. It is probably one of the most poignant examples of fraud in any industry.

As such, programmatic Ad Fraud is one of the biggest problems in the advertising industry, the one that gives it a bad rap. You know how it goes: if there is any form of money and multiple middlemen involved — expect something fishy to turn up.

According to Adage, every $1 out of $3 spent on online advertising is snatched by the fraudsters.

Every year ad fraud causes damages amassing up to $16,4 billion in 2017, with expectations to rise towards $20 billion in 2018. These are some crazy figures. But why are those numbers growing? Despite all efforts, every time there is a new technological solution to detect it — ad fraud evolves and starts again.

But first, let’s sort a few things out.

What is Ad Fraud?

In a way, Ad Tech is fraud-prone. The other crucial factor for its spread and influence is that it is not the most complicated thing to pull off from a technical standpoint.

If talking purple, programmatic Ad Fraud is that pesky nuisance that nags you continuously but never really tries to take you down and, after succeeding, taps you in the back. To put it merely, Ad Fraud is a deliberate malicious activity that manipulates ad content delivery and prevents its serving to the targeted audience. One of its primary weapons is bots. These software programs carry out the dirty work.

Ad Tech attracts fraudsters with its money figures. Just think about it — the payouts are enormous, and the risks of penalty are eerily limited. It is not card fraud where you can get a big-time if busted — in the case of Ad Fraud. It is not much you can do with it after you’ve been duped. It is not like your money was stolen. It was you who spent it the wrong way. Sure, you’ve manipulated into doing so — but the fact remains.

Ad Fraud operates on multiple levels. It can manipulate traffic, and it can work with more sophisticated things, such as impressions, conversions, and full-on imitation of user activity. For Ad Fraud, stats are the primary field of tricks. The distortions and obfuscations of a real state of things are the biggest problems with Ad Fraud. The thing is — Ad Tech is a performance-oriented thing. Numbers and results are everything. The campaign’s effectiveness is based on what the metrics show — in terms of traffic, bounce rates, impressions, conversions, etc.

However, metrics are fallible. It can be rigged via specific manipulations with the information. The fraudsters exploit this critical flaw. Sure, there are fail-safe mechanisms that prevent more blatant attempts, but there is always a way to “get on through” and “rig the game.”

What drives Ad Fraud?

To understand how to counter programmatic ad fraud, one needs to understand what drives the fraudsters with their malicious intentions to the Ad Tech industry. And the reason is in its very nature.

There are two major types of Ad Fraud operation. In terms of technical solutions — there is not much difference. The difference is in the scope and intentions of the process.

The first type is performed by a criminal intending to feed of your operation. In this case, Ad Fraud is not a destructive factor. It can be described as a parasite that sucks resources (i.e., money) and is interested in a long-term relationship without making much of a fuss in the process. It is a form of pickpocketing in the realm of ones and zeroes.

Competitors perform the second as a means of disrupting the marketing operation and damage overall business proceedings. In this case, Ad Fraud can be very damaging and potentially destructive to the company.

How exactly Ad Fraud affects Ad Tech?

While financial gain is the main reason for Ad Fraud, the direct result of Ad Fraud activity in Ad Tech is not exactly that. It is insufficient information that affects critical decisions regarding the proceedings of the campaign.

In addition to wasting money, distorted stats and warped campaign results take the ground off the marketer’s feet and leave them bumfuzzled.

Even though the chosen strategy might be useful in a normal situation, the malicious sources’ presence dilutes its effect.

Common Types of Ad Fraud

Cookie Stuffing

Cookie stuffing is one of the most common types of Ad Fraud. It is primarily used in affiliate marketing schemes. Cookie stuffing misleads and dilutes audience information and subsequently messes up the results of an entire campaign.

Cookie stuffing done right sucks the campaign into a warped wormhole. You get the results, and they often look very good. Judging from the performance stats, your campaign is working. And so you go on, and it bleeds more and more money to the fraud void.

How does it work? Cookies are crucial elements in tracking user’s journey from affiliate sites to the main sites. When a user comes and clicks on an affiliate link — there is a cookie exchange. When a user comes to the source site — the source site pays for it to an affiliate. Cookie stuffing pads out the stats and makes the source site pay more while gaining less.

Traffic fraud

Traffic fraud is one of the most basic types of Ad Fraud. It is the easiest to implement and easiest to detect.

As you know — traffic generates revenue. However, traffic is a thing that can be easily imitated. That imitation can trick the analytics into thinking that everything is going better than ever, thus increasing spending for imaginary results.

Impressions are in the center of CPM-based operation. TImpressionaud aims to generate hollow fake impressions that will be subsequently traded as real, albeit delivering zero benefits. Since these impressions are virtually useless, their uselessness affects overall CTR, damaging the website’s position.

Here’s how it works — advertisers buy ads from the publisher, but some part of ads is served to intentionally irrelevant low-profile websites that do not generate anything. However, advertisers do not see that immediately.

According to reports, their ads are served to legit websites relevant to the target audience. This trick is achieved by an elaborate redirect planted into ad calls.

Cost-per-click is one of the standard models for digital advertising. It is what it says on the tin. Clicks are also one of the easiest things to rig.

According to Pixalate, in 2017, one-click out of five was fraudulent. And there is a tendency towards two out of five. Why is it so? Click fraud is simple to pull off.

Ad Click fraud inflates the numbers of a CPC click and presents a distorted picture of the ad activity. While the number of clicks is there — the results of the clicks are not. This фізусе racks up fraudulent charges and so on — a perfect bleeding scheme for the fast times.

Curiously, it is more often used by competitors than criminals.

However, ad click fraud is the easiest to spot of all types of Ad Fraud. You can do it just by checking the reports on the following subjects:

  • IP address
  • click timestamp
  • action timestamp
  • user agent

Action Fraud

Action Fraud is a more sophisticated type of Ad Fraud. While Traffic fraud rigs the numbers and distorts the stats — action rigs the stuff that makes money moving. Action Fraud is designed to imitate meaningful user activity.

Action Fraud is much more dangerous and can potentially completely derail the campaign and affect the position of the website.

Conversions are the spice of Ad Tech. It is the most crucial thing in the business. While merely an action taken by the user denotes an intent, this thing costs a lot.

How does it work? There are ad fraud bots involved. With a little help from a couple of scripts, you can train the bot to perform simple actions.

The most superficial manipulation includes filling forms with some sort of information. More elaborate bots can also click on the links, imitate user journeys, and even download files. Such things can seriously mess with CRM.

While considered more precise and thus a more effective form of digital advertising, retargeting can be easily muddled by misleading information.

How does Retargeting Fraud work? With a little ad fraud bots’ help, fraudsters try to imitate user behavior in a couple of specific scenarios realistically. Because of its behavior, bots usually fly below the radar and are not spotted as bots. As a result, bots perform actions that qualify them as leads.

This trick boosts the prices for their impressions, and since there is nothing you can do with them business-wise — it turns into a waste of money and effort.

The affiliate model is one of the most common in digital marketing. It is a surefire deal. You get conversion — you get paid. However, it can also be exploited for malice.

Here’s how affiliate fraud works — just like in a regular operation, affiliate attract users but worked over to rig the stats and bloat the charge.

One of the most effective approaches involves Cookie Stuffing. Instead of a usual cookie exchange, affiliate sites spurts loads of cookies onto user computers that provide false flag signals after that affiliate claims his cut.

However, this fraud can be disrupted by anomaly-based and credential detection and neutered before wreaking havoc.

Ad Fraud Detection Methods

The problem with Ad Fraud, in general, is that you can’t reverse its effects. If the damage is done — you have to admit the failure and move around it. The only effective way of fighting Ad Fraud is by preventing even the slightest possibilities for it to happen.

There are four significant types of Ad Fraud Prevention:

You know the saying — actions speak volume. And ad fraud bots tend to act unnaturally overzealous regarding ad content.

The signature-based method uses a set of patterns to detect suspicious actions, impressions, clicks, or traffic. It compares patterns with the monitored activity and determines whether it is suspicious and worthy of further investigation.

As a result, fraudulent activity can be shut off before it settles in and brings some action.

If there’s something strange in your neighborhood — that’s an anomaly, and that is telling. The anomaly-based method uses statistical analysis and historical data to check ad spaces, websites, or publishers and detect questionable happenings, such as suspiciously spiking traffic, odd ad space placements, and other interesting things.

It is very useful for neutering bot and clicks farming facilities.

This method is used to determine the possibilities of fraud activities. To do that, it uses reverse crawling and checks the content and its tagging. Then it performs a comparison with requirements for impressions. Also, it compares the value with the trustworthy rankings like Alexa.

If things don’t click — it is implied to be a possible leeway for fraudulent activities.

Bluff is the best way of exposing the fraudster. In the realm of ones and zeroes, that is even easier than in the real world as bots are script-driven and don’t have second thoughts regarding the heat around the corner.

How does it work? Honeypot is an additional field that the users do not see due to a special script. However, bots don’t know that, and they fill that field and bust themselves. This triggers the rejection mechanism that prevents further fraud bot activity.

IP Blocking

After the fraudulent activity was exposed — the next step is to block the source of the disease. One of the more effective methods is to block its IP. That will indeed limit the fraudster’s reach.

Basically, it is good to maintain a wholesome blacklist and always compare it with widely available blacklists. Aside from proven fraud-likely IP’s, there also must be an additional list regarding suspicious IP’s.


Ads.txt has Authorized Digital Sellers developed by IAB Technology Labs to prevent illegitimate inventory arbitrage and some forms of domain spoofing.

What is it? Ads.Txt is a text-file aking to robots.txt designed to make specific ad tech processes more transparent and trustworthy.

Why it matters? Ad arbitrage is the process of third party buying, repackaging, and reselling impressions. As such, it is highly fraud-prone.

What ads.txt do to lessen an impact? Ads.txt file contains data on the parties involved in the particular ad tech operation (i.e., SSP, DSP, Ad Exchange, etc.). It is a partnership certificate. With an ads.txt file in the root domain — web crawlers can see the relations of particular operations actors. Ads.txt can also be used as an ID reference in Real-time bidding requests. As such, it can indirectly block the unverified side from interacting with the rest.

In Conclusion

Ad Fraud is one of the biggest banes of an advertising industry that runs amok over the thousands of advertising ecosystems.

Hopefully, this problem is actively tackled, and numerous solutions limit the fraudsters’ influence and prevent them from damaging the publishers and advertisers.

Writer, translator.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store