Honest advertising isn’t an oxymoron, or at least it shouldn’t be. And studies have shown that consumers don’t mind advertising, in their social media feeds, during ecommerce browsing or internet searches, so long as it’s appropriately personalized. According to an RSA survey of over 6000 European and American adults, as reported in Forbes, only 17% of consumers think there’s anything unethical about personalized ads.
What people object to is fraudulent advertising, or ad content that is illegally served or unwanted. These misleading or even illegal ads give online marketing a bad name, and make life difficult for honest publishers, who simply want to get the word out about a new product or service.
A recent bit of research from Twilio, reported in Business of Apps, reveals that while 62% of consumers expect personalized ads, there are trust issues too, concerning personal data and targeting technologies. Clearly there’s work to be done to reassure consumers. In part, this will require publishers to be hyper-vigilant for fraudulent activity.
Here we give a breakdown of the six most common types of fraudulent online advertising, as well as the impact they can have on publishers.
Bots / Non-Human Traffic Ad Fraud
Instagram posts, message boards, blogs and comments sections are rife with irritating fake posts, created by bots armed with a rudimentary understanding of the English language. Here’s an example:
Hi! Love your content – so insightful and original. Makes me think of the unique way our
skincare product line rejuvenates your youthful appearance. >>> dubiouswebsitelink
They post millions of such comments in the hope of harvesting thousands of click-throughs, which can boost the target site’s credibility and sales. They pretend to come from a human, or at the very least from a site that has an awareness of the recipient’s posts and activities. However, the process is fully automated, which is why their comments are often irrelevant or peculiar.
Worse than that, they can be used to generate fake traffic, which a fraudulent third-party may then charge for, claiming they’ve made your site more popular or visible.
Statista reported that 54.6% of fraudulent ad activity worldwide consisted of fake users and bots in 2020. Fake users are irritating, and harvest clicks by imitating real human engagement. But they’re relatively benign compared to the blight that is Payment Per Click (PPC) fraud (see below).
Click Farms Ad Fraud
Recently, the University of Baltimore calculated that ad fraud costs businesses around $35 billion globally. The ad tech industry experiences between $16.5 and $16 billion of this lost revenue, according to a 2019 Digital Ad Fraud report.
Much of these losses are due to PPC fraud. Since websites who host ads charge per click, fraudulent parties use automated click bots who target those selfsame ads. This artificially inflates the number of clicks, unless they are identified as fraudulent, producing illicit revenue for the fraudulent party.
When organized on a massive scale, such fraudsters are known as click farms. They prey on influencers, start-ups and other vulnerable parties who are trying to achieve the holy grail of virality and engagement. They offer the greedy a quick way to gain thousands of likes, shares or clicks.
The advertiser is effectively paying for engagement they aren’t getting, and the publisher runs the risk of being sued for overcharging or failing to provide the service as advertised.
Until sites develop foolproof methods for identifying and blocking bots, publishers may have to take steps to protect their revenue, but creating exclusion lists for known click farms, distribution exclusions for problematic sites, and even geographical blocking, if bots originate from one location.
Ad Injection Fraud
You show off your sparkling new site and—what’s that at the bottom of the page? —a banner ad you most definitely did not give the green light to. When this occurs, you have been the victim of Ad Injection Fraud, the illegal insertion of ad content into pre-existing or even non-existent ad locations.
In April 2020, Facebook took LeadCloak to court for allegedly helping scammers run fake ads on its platform. Facebook’s ad review systems would see and clear an acceptable ad, but Facebook users would be presented with something else entirely. The real ad content included fake news pages, COVID-19 misinformation, diet pill ads and other ads which violated Facebook’s content policy.
This technique of cloaking can significantly damage a platform or site’s reputation, and result in legitimate advertisers growing wary of being associated with a badly regulated space.
Sometimes the ads illicitly injected can even be for rival businesses, such as the famous Target/Walmart case back in 2014. Or they are simply ads which have not been paid for, reducing ad revenue. An arms race in ad approval processes and approval evasion is underway. For now, hypervigilance is advised, and the regular review of banner, sidebar, and pop-up ads.
Domain spoofing is a common form of phishing, operated with various degrees of sophistication. A fake domain will be set up with a very similar name to that of a legitimate business – i.e., MlCROSOFT.COM (where the capital I is really a lowercase L). Unusual fonts, the combination of letters and digits and rare suffixes are giveaways of this kind of behavior. This site may be provided in a link within a comment or social media post or sent in an email.
The aim is to fool the unwary into visiting a fake site that may harvest personal information, sell them fake products, or display dubious advertisements. The technique can also be used to spread malware or conduct a denial-of-service attack (DoS or DDos) or man-in-the-middle attack (MITM) to steal data or blackmail users.
A huge increase in phishing sites occurred in 2020-21, with a sixfold rise to over 630,000 faux sites in the first quarter of 2021. The damage to reputation, legal repercussions and time and money lost in making reparations to defrauded customers can have a massive impact on publishers and advertisers alike.
This is a type of fraud perpetuated by fraudulent affiliates who claim to have been pushing traffic to a site, when in fact they have done nothing of the sort. Fraudsters manage this by stuffing site visitors’ browsers with irrelevant cookies suggesting they have visited dozens or hundreds of other sites.
These cookies then remain on users’ browsers until they coincidentally visit one of the sites in question, at which point the affiliate is paid as if there was a true causal connection between the two events. Revenue is siphoned from clients who hire the affiliate to increase ad traffic, while the clients miss out on those real-world click-throughs.
Cookies can be stuffed when users click on any of the following fraudulent objects:
- An image link which won’t load but instead heads to a cookie which displays invisible content (so that the user isn’t aware they have been fooled).
- A browser extension offering added value, but secretly dropping cookies.
- A php file which inserts cookies while you install an app.
- A WordPress plugin which packages unwanted cookies.
- A fake site, which requests users to allow cookies as any site would, but then drops hundreds of inappropriate ones.
As well as being a breach of European GDPR privacy legislation, such activity is against most affiliates’ terms and conditions, and is illegal in some territories (it’s considered a type of wire fraud in the US). Sites doing business with such affiliates could be held liable.
Furthermore, this activity creates a false perception of success, denying legitimate marketers the opportunity to promote genuinely effective services.
There are techniques that a platform can use to evade this nefarious practice, fortunately, including traffic monitoring, behavioral analysis, and device fingerprinting (tracking the journeys of specific user devices to measure legitimacy). All of this must be done without breaching privacy regulations, of course.
Impression fraud is when advertisers pay for impressions they don’t receive. By shrinking down the suggested display space to a single pixel, fraudulent ad servers can claim an impression while displaying blank space to the viewer. Potentially hundreds of ads could “present” as single pixels, triggering a fee.
This technique is sometimes combined with the use of bots to click on these invisible ads to generate PPC revenue.
The Solution: Partner with a Legitimate Ad Monetization Platform
One of the best ways to maintain ad hygiene on your platform, site or app is to partner with a reputable ad monetization platform, such as Freestar.
A legitimate ad management solution will deliver real value while protecting against fraud attempts and maintaining your reputation. Freestar takes ad quality seriously, especially how it affects the publishers we work with and their users. From SPO to monitoring and maintaining blocklists, Freestar wants to ensure we’re maximizing ad revenue and improving yield.
They’ll also maximize effective personalization and make your platform a desired destination for advertisers seeking to dodge the fraudsters and charlatans.
Why not book a Freestar demo today?