2021 was a busy year for ad fraud—and there’s every indication that 2022 will be just as busy (if not more so)! Every day, fraudsters concoct new schemes (or modify old ones) to try and steal ad revenue from companies just like yours.
From bots, to human fraud farms, to domain spoofing tricks, there’s no end to the inventive ways that fraudsters continue to innovate the field of illicitly taking your ad money. The question is: “Are you prepared to stop ad fraud in the upcoming year?”
In this blog, we’ll take a look at some ad fraud trends and statistics that everyone should know, explain a few different types of ad fraud to watch out for, and outline a strategy for protecting your ad budget in the new year!
Ad Fraud Statistics & Trends to Know
Before you can fight fraud in your ad campaigns, it’s important to know some basic ad fraud statistics. This way, you can set a reasonable budget for your ad fraud detection and prevention efforts (since you’ll have a better idea of your level of risk and what needs to be done to minimize said risk).
The Cost of Ad Fraud
How much does ad fraud cost companies around the world? In 2020 alone, ad fraud cost advertisers $65 billion—and it’s projected to cost around $100 billion in 2023!
Naturally, some advertisers stand to lose more money than others. For example, fraudulently-placed ads and other related issues once cost Uber around $100 million in a single year before they caught the source of the fraud and eliminated it.
Basically, the more you spend on ads and the longer it takes you to catch ad fraud, the more you’re likely to lose to fraudsters.
How Much Activity Does Ad Fraud Account For?
Ad fraud is almost omnipresent in online advertising. If you’re running an ad campaign, regardless of what platform you run it on, odds are that a fraudster has affected it in some way.
However, the exact rate of ad fraud in a campaign can vary from one example to the next. One way to estimate fraud would be to look at where traffic comes from. Some estimates say that roughly 38% of all internet traffic comes from “bad” bots—automated programs designed to carry out some nefarious purpose. Another 24% of traffic on the web comes from “good” bots (benign programs like Google’s web crawler bots that it uses to find and rank website pages). All told, that’s 62% of net traffic coming from invalid sources that won’t convert (because they’re bots, not people).
Mixed in with the human traffic is activity from human fraud farms—operations that seek to defraud companies of their ad budget by using real people to click on ads. Fraud from these operations can be especially tough to find since there’s a real person behind the screen.
It’s not unusual for any given ad campaign to have a fraud rate between 25% and 40% (or higher). In other words, if you launch a campaign that attracts 100,000 leads, then anywhere between 25,000 and 40,000 of those leads may be fake. Worse yet, if fraudsters used real consumer data to make their fake leads look real, you could be on the hook for TCPA violation fines.
The Cost of TCPA Violations
The Telephone Consumer Protection Act of 1991 (TCPA) is a Federal Communications Commission (FCC) regulation that restricts how businesses can communicate with consumers. Initially designed to thwart nuisance telemarketing calls, the rule has since been expanded to account for new developments in telecommunications technology and the creation of the National Do Not Call registry.
Each time a company uses automated communications to reach out to someone who did not opt-in to receive said communications, the company may receive a fine ranging between $500 and $1,500. So, if you had 25k-40k fake leads, your company could potentially lose $12.5 million to $60 million dollars to TCPA violation fines—even if you only reached out to each lead once.
The financial impact of damage to your company’s reputation following TCPA violations is harder to quantify, but is no less important to consider.
Key Types of Ad Fraud
Now that we know some important ad fraud statistics, what are the types of ad fraud you need to watch out for? If you Google ad fraud types, you’ll find a large collection of ad fraud horror stories sparked by different types of fraud. Here’s a bit of information about some of the most prevalent types of fraud you’re likely to encounter:
1. Affiliate Marketing Fraud
Fraud is often rampant in affiliate marketing campaigns. Unscrupulous affiliates who are more interested in making a quick buck than they are in helping promote their partners will use a variety of fraud tactics to illicitly claim money they don’t deserve.
For example, they may employ cookie stuffing techniques to claim credit for leads that they didn’t generate—taking money from honest affiliates and artificially inflating your ad spend.
2. Programmatic Ad Fraud
Some nefarious individuals may take advantage of your programmatic ad campaigns to commit fraud. Using bots, malware, human fraud farms, domain spoofing, or a combination of multiple techniques, fraudsters may try to falsify impressions or clicks in programmatic campaigns.
The problem is that the pre-bid fraud detection solutions used by many programmatic ad platforms aren’t up to the task of detecting the kind of sophisticated invalid traffic (SIVT) used in these fraud schemes—which leverages sophisticated bots that mimic human activity (and even actual humans). Instead, these filters are largely restricted to detecting general invalid traffic (GIVT)—which consists mostly of simplistic bots that act obviously different from humans.
3. Domain Spoofing
This is a technique used by fraudsters where they try to disguise one website as a different, more valuable website. By doing this, they can trick advertisers into paying more than they should for advertising space.
Domain spoofing can damage your brand by causing your ads to be associated with fake, spammy malware sites as well.
4. Cookie Stuffing
This is a specific technique often used by fraudulent affiliate marketing partners to steal credit for generating leads—even if they don’t actually promote your website, products, or services. They drop malicious cookies into a website visitor’s browser (typically without notifying them) so that, if they just so happen to visit your website later, the affiliate gets credit for “referring” them.
This misattribution wastes your ad spend and can even steal credit from honest affiliates who did promote your company.
5. Geo Masking
This is a common technique employed by human fraud farms located overseas. Here, the fraudster attempts to hide the actual location of their device using spoofing techniques. This way, a group of people making clicks from a fraud farm in China can appear as though they’re coming from a location in Sacramento, California or some other U.S. city.
Geo masking helps fraudsters thwart detection efforts that stop at simply filtering IP addresses coming from “overseas” locations. It also helps make the leads generated look more valuable since they’re apparently coming from a location that’s closer to the company placing the ad.
Many ad fraud strategies leverage the power of botnets—large collections of machines infected with zombie bot malware that allow fraudsters to remotely control them. Botnets help to mask the origin of cyberattacks and fraud schemes since the traffic is coming from the infected machine instead of the botnet’s controller.
It doesn’t take any special skill or knowledge to use a botnet for ad fraud. Prospective fraudsters can buy or rent pre-built botnets from hackers to carry out their attacks. Cheap botnets can cost less than $100 to rent—which is a startlingly low barrier to entry.
How to Protect Your Ad Budget in 2022!
So, what can you do to protect your ad budget from fraudsters in the upcoming year? Here are a few things to do:
- Start vetting your affiliate marketing partners. If you have an affiliate ad marketing campaign, vetting your partners can help you weed out fraudsters before they can take a lot of money and damage your marketing campaigns. For example, you could check to see if a marketing partner is using bots to artificially inflate their online profiles (see if they had a sudden large surge in subscribers, if anyone’s leaving relevant comments on their content, etc.).
- Check for signs of domain spoofing when making real-time bids. This can be done by checking the domain name and registry data of a website (looking for things like the registered owner of the website being an unfamiliar name, the website URL having typos in it, etc.). Also, if a website is well known for not running real-time bidding, but appears in an RTB process, that should be a red flag instead of an enticement to bid.
- Refine the metrics you use for ad fraud detection to avoid poor-quality “vanity” metrics that don’t give you the whole picture. Ad fraud is a complicated topic, so it’s unlikely that any one metric will be a good filter for stopping fraud on its own.
- Use an ad fraud solution from a proven and reliable partner. Anura’s own ad fraud solution checks hundreds of data points about website visitors and compares it to a massive database of real conversion data to positively identify fraud so you don’t have to waste money paying fraudsters.
Need help stopping ad fraud? Reach out to Anura today to get started!