Understanding Ad Fraud

Understanding Ad Fraud

Ad Fraud is becoming more-and-more common in the news (methbot and hythbot) and more prevalent on advertisers’ radars.  But what exactly is ad fraud and how is it hurting everyone involved in the digital ecosystem?  This post will cover off on the most common forms of ad fraud and how to mitigate its impact.


What is fraud?

Broadly speaking, fraud in general is intentional deception intended to result in financial or personal gain.  In the context of advertising fraud this concept holds true but is executed in a number of ways (via ads), ultimately reverting back to the broader definition.

The five most common forms of ad fraud are:

1.       Ad Stacking

2.       Ad Injection

3.       Domain Spoofing

4.       Click Farms

5.       Bots (Non-Human Traffic/Invalid Traffic)

Let’s take a look at each in more detail.


Ad Stacking:

Piling multiple ads on top of each other, where only the top ad will be viewable, but demand side clients (buyers) are charged for all ads in the stack.

The ads become like layers of wallpaper—users have no idea that the wallpaper has 7 more layers of underneath and only the top layer is viewable.


Ad Injection:

Showing an ad on a website without the publisher’s knowledge. This negatively impacts the user experience on the website, and the publisher is not compensated for the impressions seen by visitors.

The malware source is typically from toolbars or other browser extensions.  Software such as PDF converters or browser toolbars, for example, are often offered for free to the consumer and monetized through deals developers make with ad injectors, who pay out affiliate fees to software developers every time someone installs their software or clicks an injected ad.

Example:  A user downloads a tool bar add-on, after the download the user’s computer is operating normally. After a few days the user notices that their computer feels slow and that their battery power is draining faster.  This is because dormant software has been programmed to activate a few days after the download, this then hijacks what ads are served, and this also supersedes what ads a publisher thinks their serving.  Click here for a demo to see what injected ads look like.


Domain Spoofing:

When a fraudulent publisher passes a fake URL in the ad request, thereby lying about where the ad will actually run. For example, an ad is running on, but the referring URL that was passed is, this would be considered domain spoofing.  This is typically conducted by publishers who are commonly blacklisted and want more ads to appear on their site.  The alternative URL pass-back is typically coordinated with a Supply Side Platform (SSP) provider and the publisher directly.


Click Farms:

Groups of people, often in third world countries, typically paid very little money to navigate websites and mimic normal human behavior.

This is sometimes done to artificially inflate traffic/site reach; otherwise, it is done to build up fake user profiles/cookie data in order to make their associated bots more appealing to advertisers.  To see a dramatized version of this click here for an example.


Bots (Non-human/Invalid Traffic):

Are you serving your ad to Bob Smith or Bot Smith?

A bot is a malicious program or software application (malware) that runs automated tasks over the internet to simulate human activity and is financially motivated.

Bots are perpetrated through the use of malware, which is a piece of software put onto a user’s computer without their knowledge. Once infected, a computer will surf the web, browse on sites, click on ads, and more—all while the owner of the computer is completely unaware.  Bots have become increasing more sophisticated, they can now mimic social media profiles, download apps, and even make purchases.

The perpetuation of bots typically falls into one of two categories:

Botnets – Relies on various machines around the world, replies on sophisticated software

Bot Farms – In one physical locations, replies on sophisticated hardware


Side Note:  Publisher Aided Bot Traffic

Fraud isn’t just generated by a malicious third party, publishers can intentionally be at play as well.

Some publishers intentionally purchase fake traffic for the purposes of arbitraging higher CPMs.  For example If 100k fake visitors can be purchased for a $2 CPM and that publisher can gain $5 CPM, they’ll then make a profit every time they repeat this process.  There is a market to buy traffic that clears major third party verification vendors (click here to view one such offering) so it is increasingly important to be monitoring domain level information to ensure you’re not serving on fake websites.


Mitigating Ad Fraud

Now that we know the major types of ad fraud, what can we do to prevent it?  Before a campaign launches it is highly recommended to work with a third party verification partner such as:  DoubleVerify, Integral Ad Science, MOAT, or White-Ops to name a few.  These partners can assist with wrapping ad serving ads with monitoring or blocking tags based on their backend logic to keep your ads safe from fraudulent and non-brand safe environments.  Before a launch it is also recommended to use demand side platform (DSP) pre-bid settings that may exist to help anti-target devices that have been identified as malicious.  Finally while your campaign is live, continue to work with your verification partner and conduct Ads.txt audits to ensure the traffic your ads are running on is legitimate.

Have further questions about ad fraud?  Contact us to see how we can help with your digital questions.




Balancing Quality with the Fallacy of Efficiency

Measuring Awareness Campaigns