Defeating Digital Ad Fraud: An In-depth Look

Look. We’ve been in the advertising industry for a while now. Over the years, we've seen ad fraud take many forms and many names. And now, as business evolves into the digital marketing world, fraud is evolving with it.

Here’s the rub - none of us likes to talk about this. And why would we? It exposes parts of this business that many of us would rather keep quiet. But to hell with it! This affects everyone in the online advertising world - agencies, clients, publishers, vendors - and frankly, it needs to be a bigger conversation. At SpicyPixel, we take fraud prevention very seriously because agencies like ours are the prime targets for attacks. And as much as we do to protect ourselves, we want to ensure that everyone else is protected too.

So get your tech-geek on, because in this article, we’re talking about Digital Ad Fraud. We'll show you how to recognize Digital Ad Fraud and give you some kick-ass ways to combat it in this blog post.

What Even Is Digital Ad Fraud?

Digital Ad Fraud refers to scammers on the internet who profit by using dishonest tactics to rip off advertisers. It includes everything from malware, bot traffic, phony impressions, and fake Click-Through-Rates designed to exhaust all of your ad spending budget.

The two most common types of ad fraud are invalid traffic and nonexistent traffic. 

— Invalid Traffic is just a fancy way of saying bot traffic or non-human traffic, which is essentially a bunch of 0's and 1's pretending to be human. One example is Click-Bots that repeatedly click on ads to artificially inflate Click-Through Rate (CTR). We cover this more later.

— Nonexistent Traffic refers to ad campaigns that appear successful but in reality are just a whole lot of nothing.

Sometimes, Digital Ad Fraud is also called Invalid Traffic (IVT), Invalid Clicks (IC), or Invalid Conversions (IC). But we just call it Bullsh*t (BS).

The Impact of Digital Ad Fraud On Marketers

Digital Ad Fraud is one of the fastest-growing types of fraud out there. The cost of ad fraud can rack up to millions of dollars in lost revenue, throwing ad budgets off balance, distorting performance metrics, and giving an unfair advantage to competitors. Not to mention, it makes it nearly impossible for businesses to reach their target audience, resulting in lower revenue and higher costs. It's a real nightmare that affects businesses all over the world, not just in the United States.

How to Recognize Digital Ad Fraud

Digital Ad Fraud can be hard to spot if you don’t know what you’re looking for. But once you know the secret hacks, you’ll be spotting fraudsters all the way from their parents' basement. By keeping these tips in mind, you can quickly identify when Digital Ad Fraud is happening and tackle any issues head on.

Check Your Cookies to Evaluate the Quality of Your Impressions.

Each ad impression can be identified by a unique set of digital cookies associated with a specific user or device. Marketers can analyze these cookies to learn where the impression came from and even the type of device used to generate them. This goes a long way when analyzing performance metrics like Click-Through-Rates (CTR) and Conversion Rates (CVR). 

So for example, say you’re only targeting local area codes around Denver and suddenly notice an enormous increase in traffic. Sure, maybe Coloradians are just obsessed with your brand. But then you check the cookies and find out your clicks are originating from foreign countries you haven’t thought about since middle school geography class. Sorry to say, but you’re most definitely a victim of Digital Ad Fraud. 

Lookout for Click-Bots and Click-Farms!

Click-Bots are automated tools commonly used to continuously click on online ads. Click Farms, on the other hand, are groups of people or devices hired solely to click on ads repeatedly, usually for money. Both are used to artificially inflate the value of your advertising campaigns. 

If you suspect either, don’t panic! In such cases, simply check for Click-Through-Rates (CTR) that are higher than expected for a given region or budget. If something seems off to you, there are tools you can use to stop click bots.

Tools like ClickCease, Lunio, Fraudlogix, Anura, and AdTector are all online programs you can buy that can help identify click bots and put an end to them.

Understanding Domain Spoofing

Domain Spoofing is a technique used to trick advertisers into thinking that their ads are being displayed on legitimate and reputable websites. For example, fraudsters may create fake websites with real-sounding domain names to lure media buyers into placing bids and displaying ads.

For example, a fraudster might use the domain name cnnnews.com instead of cnn.com. And, when the media buyer purchases ad space, the fraudsters collect. Not only does this suck through your ad budget like a vacuum, but it also hurts the reputation of the legitimate website.

Luckily, these “spoofed websites” are easy to spot once you visit their site. They look like your typical spammy website. You know the kind — the ones where you feel like you’ll get a computer virus just by looking at the screen. The ones where it’s ad after ad after ad, all stacked on top of each other.

There’s actually a term for this. It’s called Ad Stacking, and it’s exactly what it sounds like. Fraudsters stack several ads directly on top of each other, resulting in multiple impressions from a single page view. It looks really sketchy, but the fraudsters don’t care. As long as people visit their bogus page, they can collect on impressions and generate revenue. 

Identifying Cookie Stuffing

Cooking Stuffing. Sounds delicious, right? Believe you me, we wish it was. 

We advertisers use cookies to track which affiliate is responsible for referring a particular website visitor. This way, we know who to pay for any sales or leads generated from that click-through.

Cookie Stuffing is when fraudsters secretly apply numerous affiliate tracking cookies to a website visitor’s browser. This type of Digital Ad Fraud gives the fraudster credit for leads and sales, even though they haven’t actually done anything to promote the site. Over time, cookie stuffing consumes a lot of ad spending and hurts honest affiliates. So it is crucial to recognize Digital Ad Fraud and protect against it by implementing strong advertising policies and controls.

Okay. All this talk about Cookie Stuffing has made us hungry, so let’s press pause and look at the 20 Best Stuffed Cookie Recipes.

Detecting Pixel Stuffing

Think a 200 x 200 banner ad is small? Just wait.

Pixel Stuffing is a type of Digital Ad Fraud that takes advantage of advertisers who pay a base rate for impressions, rather than pay by viewer engagement. Fraudsters will place micro-sized banner ads with super small pixel dimensions (such as 1 x 1) on their sites. This allows them to fit many ads as possible on a webpage.

Pixel stuffing happens regardless of company or industry. Even high-quality publishers can be compromised by third parties without realizing it. By investing in robust digital advertising technology and actively managing ad campaigns, businesses can ensure their ads reach only genuine users and are not exposed to fraudulent click activity or other forms of ad fraud. 

Identifying IP Spoofing

Ah, the ol’ Spoofing the IP trick. Fraudsters will use proxy servers and Virtual Private Networks (VPNs) to hide their actual IP addresses when generating fake traffic. Because IP Spoofing can be difficult to detect, marketers will believe that they are getting clicks and impressions from real users or reputable websites.

But How Can We Identify IP Spoofing?

Check for Duplicate IP Addresses: Analyzing network logs can help detect IP spoofing when multiple devices are using the same IP address.

Use Intrusion Detection Systems (IDS): IDS systems can analyzing network traffic and look for abnormalities which may indicate spoofing. 

Use Anti-Spoofing Technologies: Anti-spoofing technologies, such as Reverse Path Forwarding (RPF), can validate the source IP address and ensure that they are coming from a legitimate source. 

Advertisers can also employ IP filtering, device fingerprinting, and fraud detection algorithms to identify and prevent IP spoofing. These measures can block fraudulent traffic, safeguard advertisers from fraudulent ad impressions and clicks, and optimize their ad budgets. So, to all you geo-masking fraudsters out there – nice try, but we're on to you. 

Spotting Ad Injection

While some of the types of Digital Ad Fraud that we've covered so far are at least somewhat clever, Ad Injection is the most boring and basic type of ad fraud out there. Despite its lack of creativity, ad injection is widely used by novice fraudsters who hijack web pages and place unauthorized ads.

Identifying Ad Injection can be as easy as checking web pages for suspicious code or a sudden increase in ad impressions. Random redirects to sketchy websites and irrelevant pop-up ads that have nothing to do with the page are also a dead give-away.

To prevent ad injection, make sure your ads comply with all advertising rules and regulations. By being vigilant and using best practices to improve your ad quality, you can keep your campaigns safe from these amateur ad fraud attempts.

Advertiser Strategies to Combat Digital Ad Fraud

Digital Ad Fraud is becoming a serious issue in our industry. And let's face it, fraudsters are getting pretty good at it. But let’s not give them too much credit. There are ways we can fight back. The best defense is a good offense, and you can start by being proactive in monitoring your ad campaigns regularly. That way, you can quickly detect any suspicious activity and prevent it from happening again in the future. Here are some more tips for beating Digital Ad Fraud.

Use Cost-Per-Acquisition

When dealing with ad fraud, it's essential to use a cost-per-acquisition model rather than a straight bid price. This will help you lower the potential gutting of your ad budgets if you become compromised.

Maintain a Universal Blacklist

If you want to stay ahead of the game and protect your digital ad campaigns from fraud, you need to start maintaining a universal blacklist of suspicious advertisers and partners. Just imagine yourself a bouncer at a bar with a “Do Not Let In” list. Blacklists are the ultimate weapon in your fight against ad fraud, so make sure you're using them to block all that fake traffic from coming your way.

Monitor Your Data Closely

In order to actively prevent Digital Ad Fraud, you need to monitor your data closely. Yes, it's a bit of a hassle, but it's the only way to catch ad fraud in action. Set up custom alerts and track metrics like click-through rates and ad impressions. Trust us, it's worth the effort.

Don't forget to ask for user feedback to detect those pesky ad injections and forced redirects. Ad fraud may go undetected if users never let you know when they spot something sketchy. 

Final Thoughts for Advertisers

Okay, let’s get real here. Digital Ad Fraud is costing advertisers an estimated $1 for every $3 spent on digital advertising. So it’s kind of a big deal.

We can combat ad fraud by using all sorts of techniques, like traditional fraud detection or even artificial intelligence and ad blocking technology. But let's not ignore how much progress we can make when we work together as a community.

We can all start by working together to make sure everyone in the industry understands what to do when they think they’re being targeted. The Media Rating Council's Invalid Traffic Detection Guidelines is doing a great job pioneering this path for all of us. 

When we work together, we can effectively combat Digital Ad Fraud and ensure the security of our digital ad dollars. And more importantly, we’ll show fraudsters that we won't stand for their crap.