Digital ad spend has been on a rise with an exponential growth rate making it a 300 billion dollar industry. This kind of money attracts a huge number of fraudsters and hackers to find a loophole to make money unethically. Adage estimates that for every $3 spent,$1 goes to the fraudster’s pocket. In this blog post, we will explore some common types of ad fraud, so let’s get started.
Pixel stuffing is serving multiple ads in a 1×1 pixel iframe and is generally not visible to the human naked eye. Impressions are counted as the ad is technically present but not completely viewable. Do not confuse this with the non-viewable impressions as they are truly visible below the page but the user did not scroll down to reach the bottom of the page.
Ad stacking as the name suggests is layering several ads behind the visible ad. As the impressions are counted, the multiple advertisers end up paying the price even though only one ad was visible to the user.
Bots Disguised as Humans
This is very hard to detect as the fraudsters design the bots to exhibit human behavior like scroll through the webpage, click on multiple elements on the page, visit other websites, etc. Based on a case study conducted by White Ops, bot activity is higher at night and also they have a predominant presence in the video industry as the price is premium. Here is the case study if you would like to deep dive and learn more.
It is important to note that although bots generate significant traffic throughout the web, it is not necessarily bad. For example, the SERPs are a result of Google bots crawling the entire web to fetch the relevant results for you.
Ad injection is a fraud technique wherein these malicious hacking companies hijack the site to insert the ads without the publisher’s permission. Multiple placements by these diddlers are created without authorization to serve ads.
Domain spoofing is creating a fake domain to be appearing as someone else to hijack their ad revenue. For example, buying a domain www.cnbce.com and scraping the content from CNBC to create a website that looks exactly like CNBC to deceive the user. There are multiple types of domain spoofing including URL injection, cross-domain embedding, complex domain embedding, and more. Here is a blog post from IAS for further reading.
Even though click farm generates human traffic but these are still fraud as they are low paid workers working round the clock just to click on ads to generate ad revenue. They are not only used to just click on ads but create fake profiles to engage with the ads etc.
If you are an advertiser, you already know that the premium price/higher CPM is paid for a visitor who has already visited your site. To increase the fraud ad revenue, the bots usually visit brand sites to appear as an existing visitor for retargeting campaigns. The bots sometimes visit New york times or Washington post to be deemed as a high-value audience/ premium visitor.
This is commonly used to earn affiliate commission by wrongful sneaky attribution. A third party drops cookies on a user browser via shady popups or forced redirects to impersonate as the user has visited the site. Once the users convert, the fraudsters earn a commission instead of a true source. If you would like to know how cookies work, here is a detailed blog post for your reference.