Experts estimate that total fraud losses in 2018 totaled $3.9 trillion, an increase of 49.5 percent over the last 10 years. Fraud takes many forms, from account takeover attacks to identity theft. But ad fraud might be one of the most insidious types. It’s also one of the most prevalent, with advertisers expected to lose more than $5.8 billion to it this year.
Some estimates range as high as $42 billion, because ad fraud is tricky to measure. There is no agreed-upon method to detect whether an ad impression is fraudulent or not, and anti-fraud vendors have various methodologies for measuring it.
It would be easy to blame bad actors, but ad fraud is also perpetrated by dishonest publishers using false clicks and stacked ads to take advantage of advertisers. This practice has been increasing with the rise of real-time bidding (RTB). According to Juniper Research, roughly half of programmatic display dollars go to fraud.
The latest Digital Fraud Tracker explores the various forms ad fraud can take, as well as how publishers and developers are fighting back.
Types of Ad Fraud
Bots are used for click spamming, which simulates a high number of clicks that appear to be from real devices. Another method is click injection, which generates fake clicks while apps are being installed.
Some fraudsters hijack legitimate clicks instead of generating them with bots. Malware can redirect users who have clicked on ads to websites infected with spyware or trojans, resulting in the impression being stolen from the advertiser. Click hijackers spoof the domain name (DNS) on a user’s router or crack websites to insert a redirect on the ad.
Clickbots aren’t just used by hackers. A dishonest publisher might charge for ads that are essentially invisible to visitors, as they are made super small or are stacked with multiple ads so that only one is visible. Some might go as far as displaying ads on fraudulent websites, then redirecting ad calls so the advertiser sees legitimate sites rather than illicit ones.
Disincentivizing Click Fraud
PYMNTS recently spoke with Facebook’s Director of Product Management Rob Leathern on how the company fights ad fraud by vetting advertisers and weeding out potential scammers.
In this situation, the best way to fight ad fraud is to make sure fraudsters are disincentivized from using Facebook for their schemes. Invalid traffic generates profit through clicks, so Facebook’s ad revenue system focuses on business outcomes rather than engagement.
“It’s certainly not impossible, but [it is] much more difficult to fake real outcomes for advertisers,” Leathern said. “Outcomes like adding something to a shopping cart, buying something, downloading a white paper, et cetera.”
The problem with invalid traffic is that it might not be detected until it’s too late. Yinglian Xie, co-founder and CEO at DataVisor, explained why this is such a problem.
“As invalid traffic attacks become increasingly sophisticated, detection – particularly early and proactive detection – is becoming exponentially more challenging. By harnessing the power of bots, modern fraudsters are able to impersonate legitimacy and obfuscate both their identities and their techniques with unprecedented skill and accuracy. To make matters worse, they’re able to do so at massive scale,” Xie said.
Though with accurate detection solutions, it is possible to spot patterns that indicate this type of large-scale, coordinated activity. This requires advanced, unsupervised machine learning algorithms that can detect in real time. This is important because fraudsters are able to quickly change their techniques and vary attacks on the fly.
“The key to spotting an invalid traffic attack is early detection, [which] can reveal the correlated patterns of activity that are a prerequisite for coordinated attacks at scale,” noted Xie.
Now, developers can be held accountable for ad fraud. Facebook sued two app developers, LionMobi and JediMobi, earlier this month for generating fraudulent revenue via click injection.
This is why some developers have been taking proactive approaches to fight ad fraud. Marketing platform Singular recently released an ad fraud-fighting tool for Android developers specifically geared toward preventing fake app installations. The tool parses activity time stamps and communication with Google Play’s servers before making a call on the legitimacy of the installation.