If you’re working in the digital marketing space, you probably use lead generation forms as part of your marketing strategies. Usually found on landing pages, pop-ups, and other web page assets, lead generation forms let you collect information about potential customers by offering something valuable in exchange for personal data.
Unfortunately, like everything else online, lead generation forms aren’t safe from fraud. Bad actors are using form fills in a number of ways, all to make some money at the expense of online businesses.
How Lead Generation Fraud Affects Brands and Consumers
Many people, from bloggers to influencers, partner with affiliate programs as a way to earn some cash. Using trackable URLs, affiliates direct online traffic to certain websites with the goal of converting visitors into leads. In exchange for securing new leads, companies pay their affiliates a commission for each lead generated.
But not all affiliates abide by the rules. Dishonest ones sometimes use bots to crawl the web and scrape consumer information from other sites. The bots then drive traffic through an affiliate link and subsequently fill out lead generation forms with stolen or fraudulent consumer information.
Other corrupt affiliates might purchase fraudulent lead lists from third-party vendors. These lists are full of contact information for hundreds of individuals, usually collected by illicit means. Fraudsters simply copy the stolen data into forms, including names, email addresses, and phone numbers, thus “generating” leads for the affiliate company and boosting their commissions.
Lead Generation Forms and Click Fraud
We all know how lead generation fraud works. Advertisers place an ad, fraudsters make bots click through them, advertisers lose money, fraudsters get paid. However, after years of click fraud abuse, lots of programmatic platforms now have tools in place to catch fraudsters before they cause too much trouble.
But fraudsters aren’t stupid either. Now they just take a few extra steps to keep their click fraud schemes running. Once the bots click through an ad, they scan the landing page for any lead generation forms. Then, using real human users, fraudsters fill out the forms with scraped, bought, or entirely bogus data. That way, if the publisher uses a fraud detection service, any recorded actions on the landing page appear to be natural.
This combination of bot traffic and real human input lets many sophisticated click fraud operations pass under the radar.
No matter how they’re submitted, phony leads could tank your business, should you decide to contact unvetted leads. It only takes one unsolicited message to spark a TCPA firestorm, brand safety concerns, or wasted marketing spend.
Anyone could fill out this form with stolen information.
Let’s say you work for a banking company that uses online form fills to generate leads. Someone named John submitted an online application for a credit card. Since his information seems legitimate, you call him, but when he answers, he’s confused.
According to John, he never filled out a card application, let alone visited your website. Since he never really consented to the phone call, your company just broke TCPA compliance. If John decides to file a complaint, your business could face monetary fines.
Now imagine this happening over and over as fraudsters submit multiple “leads” through your online forms. Those TCPA violations could add up and even escalate into class action lawsuit territory if multiple people file complaints.
Aside from TCPA noncompliance, you could also face brand safety issues if any news of privacy violations hit mainstream conversations. Damage control is time consuming, not to mention costly, especially if you’ve already spent money on attempting to weed out all the phony leads.
Steps Toward a Solution
As long as you have lead generation forms, you could be a fraudster’s next victim. Luckily, there are ways to guard against suspicious form fills.
You could attach CAPTCHA puzzles to your forms to protect against bot submissions. However, they’re not as effective as they once were. Theoretically, CAPTCHA tests are designed so that only humans can solve them, but now many bots are sophisticated enough to do just that. Human click farms have also rendered the tool useless in some cases.
Your best bet is to screen web traffic through a lead generation fraud detection service. The most thorough services scan each visitor’s unique identifying information, like browser information, geographic location, and IP address. Based on a number of metrics and rules, detection services conclude if visitors are suspect or not. With that information in hand, you can make more informed decisions regarding your traffic sources.