How to Detect Ad Fraud and Bot Traffic in Digital Advertising

ad fraud in advertising
Programmatic technology has inadvertently shifted the media buying landscape toward a standard of quantity over quality. But the convenience of programmatic packaging can lead advertisers to overlook the true sources behind their traffic. Most marketers don’t consider that more than 40% of traffic on the internet is estimated to be bot traffic. And some of these bots are bad bots helping scammers commit ad fraud that’s costing the industry billions of dollars each year. So, can you really trust the numbers your campaigns seem to be generating?

What is ad fraud?

Ad fraud is an effort to exploit digital advertising through fraudulent representation of ad data as a means of generating revenue. This umbrella term covers many different practices that constitute advertising fraud, but most methods defraud digital advertising networks by mimicking human traffic or hosting ads on fraudulent sites.

An online advertisement, such as a display ad, might be placed onto a website or an app that is owned or corrupted by malicious actors. These scammers then utilize different tactics that allow them to falsely attract and interact with ads as pseudo-publishers for their own financial gain.

Types of ad fraud

There are several types of advertising fraud, with scammers using various methods to steal fraudulent publishing revenue. Below, we’ll review how these ad fraud techniques work.

Impression fraud is any fraudulent activity aimed at generating false impressions. This could be caused by scammers placing a fake, possibly invisible ad in front of a legitimate ad that redirects to a fraudulent site upon being clicked, earning an impression on the fraudulent site (more on this ad stacking method later). It could also be done via a legitimate ad being placed directly onto a fraudulent site without the advertisers intent, and using bots to generate false impressions of that ad on the site.

Click fraud is one of the most basic, common forms of ad fraud, with large numbers of ad clicks being generated by automated click programs or human click farms. The latter consists of low-wage workers paid to click on ads for long periods of time. Click fraud leads to misleading click data without any actual sales resulting from the fake ad engagement.

Location-based ad fraud is a more complex form of ad fraud in which a scammer may spoof multiple devices to make them appear to be in a certain location to defraud geo-targeted advertising.

Hidden ads are used as a method of stealing impressions, in which the scammer places an invisible ad onto a fraudulent website to take advantage of impression-based ad revenue.

Ad stacking fraud and pixel stuffing are methods of ad fraud similar to hidden ads – with ad stacking, the fraudsters will place a fraudulent ad over top of a legitimate one but make it difficult to remove from a user’s view or even impossible to see, allowing it to steal clicks when users try to close it or click on the legitimate ad. The fraudsters might also stuff a fraudulent ad into a single pixel, making it incredibly small and essentially impossible to see. This lets them easily steal impressions undetected.

Domain spoofing ad fraud is when fraudulent sites masquerade as a reputable site by using a web domain that appears to be relevant to a certain market or another reputable site. This can sometimes lead advertisers and DSPs to publish on that site by mistake, but is easier to detect than most other forms of ad fraud.

Click hijacking occurs when an attacker is able to compromise a website, a user’s computer or a proxy server and redirect a click on a legitimate ad to a click on a fraudulent one.

Fake app installation ad fraud is commonplace in a market filled with in-app advertising. Mobile ad fraud like application ad fraud can occur through this method which entails click farms of users downloading apps in bulk.

Bots and botnets are like the technological manifestations of ad fraud attackers themselves, multiplying their efforts and automating their attacks. As mentioned previously, over 40% of the traffic on the internet is estimated to be bot traffic. There are two types of bots: good and bad. According to a report from Imperva, it’s likely that around 15.2% of traffic are good bots that are owned by legitimate businesses and automate tasks to improve users’ experiences online. Bot fraud in digital advertising is carried out by bad spam bots, which may make up 25.6% of traffic and help scammers take advantage of digital advertising on a massive scale. Botnets are an additional way of complicating the effort to detect bots, as it links multiple bots across multiple devices to make them all look more legitimate due to their different IP addresses.

What is the danger of ad fraud?

One of the worst results of ad fraud for advertisers is lost potential revenue and, therefore, a poor return on their ad spend. Advertisers might believe they’re getting a certain number of impressions or clicks – in reality, a portion of those engagements are fraudulent and don’t carry any human intent with them. 

In many common pricing models for digital ad inventory, the number of impressions (CPM, for example) or the number of clicks (CPC) will determine how much a publisher is paid. These models can be easily taken advantage of with technology like bots that can run up the data automatically.

How to detect ad fraud

If you want to prevent ad fraud, you’ll need to detect it first. A good place to start with fraud detection is to be able to identify bot traffic. Keeping an eye on your site’s analytics data – look at metrics like page views, session duration and bounce rate – can help you spot invalid traffic flowing in. Pairing this with the source and medium of where the traffic is coming from can help you differentiate where your real users are being converted.

Bot detection can be successful if you can notice odd trends in your analytics, like abnormally high page views or bounce rates, unusually low session durations or random spikes in traffic from an unexpected location. This can help you identify click fraud and other ad fraud to stop bots from ruining your ad spend.

How to prevent ad fraud

Once you’ve identified bot traffic to your site, you can start to take steps to prevent further ad fraud in your campaigns. Unfortunately, a lot of ad fraud is incredibly difficult to detect, even with backend analytics data. 

Many analytics platforms like Google Analytics can help with bot filtering, though, that will detect and filter out all known bots to give you a more accurate picture of how many real users are reaching your site through your ads. If you have also used your analytics to detect risky sources of traffic, you can work to block traffic from those sources and ensure that they aren’t showing up as listed publishers in your future media campaigns. 

One of the best ways to prevent ad fraud in your advertising campaigns is to buy inventory directly from publishers you trust. If you want to reach a target audience on a reputable site that is contextually relevant to the products or services you’re promoting, publisher direct buys can help you avoid the worry of buying inventory in bulk across a range of sites you haven’t vetted. 

BriefBid’s free media planning software can help you plan effective publisher direct media campaigns and discover new media vendors that use 3rd party ad fraud detection tools. Learn more and get started with BriefBid’s media planning software today.  

Share this post

Create omni-channel media plans in minutes, assign or discover media partners, and receive personalized proposals from media sales teams. Free for agencies and brands.

Media flowchart - Media Planning Software

Looking to advertise outside of Facebook?
Discover new solutions and media partners.

100% free for agencies and brands. Unlimited users.