Unmasking 9 types of digital advertising fraud

According to the website Statista, the costs related to digital advertising fraud worldwide have grown from 35 billion dollars in 2018 to 100 billion in 2023. Given the difficulty of calibrating this major industry problem, the estimate may vary depending on the source. However, all of them reflect figures that are alarming enough not to be ignored.

Moreover, advertising fraud is not something that only affects advertisers, their advertising budgets, and brand safety. It’s a global issue that also burdens publishers operating with programmatic advertising and, of course, users.

Fraudulent techniques are becoming more sophisticated with the ongoing progress in technology and robotics which is enabling more and more elaborate simulations all the time and causing millions of euros in losses every single day throughout the world. And that’s not all. In addition to the economic impact, advertising fraud also leads to legal troubles as businesses operating unlawfully are often behind such deceit.

Hence, the importance of being aware of the most common types of digital advertising fraud and, above all, the actions you can take to halt them.

Types of Digital Advertising Fraud

The 9 most common types of digital fraud affecting the advertising industry are:

1. Spoofing: masking a website, mobile application, or television channel to pretend to be them for fraudulent purposes and thus achieve better prices, fill rates or both. The result is harmful to both the advertiser, who bids for an impression not actually wanted, as well as the publisher whose identity is stolen and will not, therefore, profit from its advertising inventory.
   
   
2. Click spamming: also known as click flooding, it involves sending thousands and even millions of false clicks to a Mobile Measurement Partner (MMP) to increase the likelihood of having some of them erroneously allocated to the spammer to earn revenue for non-existent conversions such as the installation of an app. Over time, click spamming may cause a more serious problem if an advertiser increases their investment in these networks in the belief the ads are getting good results when, in all reality, the clicks, users, and conversions are false.
   
   
3. Click injection: a sophisticated click-spamming method specific to Android devices. It involves using an app the user already has on their device to detect new application installations. When the user installs a new app on their device, the scammers get a notification and activate click injection before the download is finished. They then receive the reward for the installation, stealing it from the actual publisher or advertising network the user came from.
   
   
4. Bot subscription or bot traffic: this term refers to the “non-human” traffic a website or app receives. The modus operandi consists of a series of malicious bots generating false impressions, clicking on ads, and replaying videos to increase campaign traffic, thereby receiving the corresponding economic compensation. As a result, the advertiser ends up wasting all of their advertising budget on false users with no return.
   
   
5. Ad stacking: a type of advertising fraud where several ads are overlapped or “stacked” in a single location. Users will only see the ad on top; however, an impression is recorded for each of the ads in the stack. This means advertisers using CPM campaigns pay for false impressions.
   
   
6. Pixel stuffing: similar to ad stacking, pixel stuffing is a trap where illegitimate ads are hidden from end users. How is this done? It’s quite simple: they use tiny 1×1 visual representations to insert a number of fraudulent ads. This causes everyday situations like listening to audio without the accompanying videos. As a result, a number of fraudulent and invisible impressions are generated with the scammers receiving compensation.
   
   
7. Install fraud or install farms: app installation fraud can be human or automated. It basically consists of falsifying installations through bots or teams of people to get cost-per-installation compensation or even manipulate rankings in app stores to increase visibility in an attempt to encourage real installations.
   
   
8. Retargeting fraud: robots visit pages pretending to be real users to generate false clicks on retargeting ads of high value for brands. The scammers take advantage of the situation to make off with the extra fee paid by advertisers for retargeting.
   
   
9. Geo masking fraud: masking the geographic origin of advertising campaign traffic in an attempt to collect results originating in low-quality or non-desirable locations. This is a type of IP spoofing. 
   
   

The Negative Effects of Advertising Fraud

All of these various forms of advertising fraud have different negative impacts on publishers and advertisers: both immediate and long-term.

The most immediate effects for advertisers have a direct impact on the advertising budget for a specific campaign. For example, false impressions or fraudulent installations force the advertiser to pay for results that do not actually exist. And besides paying for these fraudulent actions, there is also a direct effect on the achievement of legitimate goals. The cost may increase and cause the advertiser to make the erroneous decision of removing the ads in the belief they are not profitable when they are in all reality.

Advertisers may lose profitable advertising channels and publishers also lose important revenues because of ad fraud.

The long-term impact is even more harmful. In fact, there are implications for future campaign planning by marketers based on unrealistic data, erroneous traffic targeting, and, as a result, the long-term distribution of advertising investments prioritizing fraudulent sources ahead of other legitimate ones which do not seem to achieve such spectacular results. Goals can even be set which are absolutely unattainable or a profitable advertising channel can end up being avoided. The result of all of this is nothing more and nothing less than a loss of potential customers and a failure to reach sales targets.

As for publishers, the impacts are also obvious: they stop profiting on their advertising inventory when victims of identity theft with the resulting economic losses involved not to mention they are forced to invest in security systems and protocols.

How to Fight in-App and Web Fraud. 6 Actions You Must Implement

As an active part of the digital advertising ecosystem, you can take action against in-app and web fraud in 3 phases: prevention, monitoring, and blocking. Here are some specific actions that may be quite useful:

1. Control your inventory: as an advertiser, you can prevent fraud by selecting the partners you work with well, making sure they are certified, and ensuring they work in accordance with industry standards as set forth by organizations such as the Interactive Agency Bureau (IAB). Another useful bit of advice is to avoid purchasing cheap inventory. In fact, the cheaper the inventory, the higher the risk of buying fraudulent traffic. As for publishers, the essential thing is to monitor ad creativity, especially when the ads come from little-known sources, in order to detect any inappropriate, adult, or violent content or redirecting to pages that may install malware on devices.
2. Urge transparency: a lack of transparency in the digital advertising industry not only affects the data and cost of resources, but also the quality of the ads. This causes a lack of visibility for marketers when making decisions and for publishers as to the advertising, they should host on their sites. As a result, advertisers pay more for impressions and clicks which do not correspond to real people and publishers lose revenue they would otherwise earn from their inventory. These problems may be easily avoided if all parties are transparent when it comes to exchanging information and handling reliable data that amount to effective results for everyone.
3. Insist on the use of ads.txt and app-ads.txt: ads.txt for websites and app-ads.txt for apps (Authorized Digital Sellers) is an IAB initiative through which the advertising systems authorized to sell a publisher’s inventory are publicly displayed. For advertisers, requiring this from the outlets you work with is a quality guarantee ensuring you are buying genuine advertising inventory from authorized sellers.
4. Use visualization tools: constant monitoring of KPIs for a campaign using analytics and analysis tools like Google Analytics can be key to detecting possible security breaches. They include traffic from bots with abnormally high visits to a particular site or unexpected increases in bounce rates; exaggeratively long or tremendously short sessions; as well as sudden conversion peaks or traffic from rather uncommon locations. Another situation indicating fraud which is easily detectable using data visualization tools occurs when only a few downloads of an app are detected despite thousands of clicks or even a large number of installations from countries excluded from the campaign or during odd times of the day.
5. Work with verification and anti-fraud tools: Pixalate detects and blocks up to 40 types of fraudulent traffic on different devices; Impact, Integral Ad Science (IAS), and Oracle Moat specialize in monitoring and blocking fraudulent traffic. On the other hand, the post-bid firewall is a security mechanism that avoids displaying ads on websites or content considered inappropriate and unsafe for brands. Thanks to this technology, which comes into action after the purchase of a programmatic ad, the ad is blocked from being served on sites that do not meet the security criteria and brand values, such as those related to fake news, hate, or adult content. What’s more, ad verification suppliers provide an additional level of protection against pixel stuffing by integrating trackers into advertising campaigns. Thus, the verification solution takes action each time the tracked ad is published to prevent it from being displayed on pages that do not meet the geographic, site, or content parameters set up for the campaign which would create a security gap for the brand.
6. Demand external certification and auditing: Trustworthy Accountability Group (TAG) and Media Rating Council (MRC) can issue certification to guarantee brand safety with extensive audits backing the reliability of publishers’ traffic. 

As you can see, advertising fraud is a threat to all sides of the digital ecosystem with no exceptions. Fighting it begins with being clearly decisive in forcing the advertising industry to become more secure and offer higher quality while continuing to implement individual actions aimed at preventing and stopping it. Such decisions include working with partners like Tappx which prioritized a strict quality protocol in 2019 over short-term profits. The “Quality First Framework” to work only with direct, proprietary, and operated traffic was a courageous decision that has allowed us to obtain effective results and grow in a more sustainable and reliable way for our partners.