When you think of cybercrime, the first thoughts that come to mind are likely centered around the big-time data breaches that make headlines. When companies such as Marriott, Yahoo, Equifax, and Capital One have hundreds of millions of records exposed, it tends to make an impression.
Hollywood has contributed to the imagery that surrounds cybercrime as well. Malicious hackers sit behind sophisticated computer setups in their hoodies while they effortlessly break into government networks, banks, and other targets.
Yet not all cybercrime involves data breaches. In fact, one of the largest indictments in recent years charged a group of cybercriminals with stealing tens of millions of dollars through ad fraud. The group responsible, named 3ve (eve), was said to have used sophisticated techniques to exploit victims through their digital marketing campaigns.
What Is Ad Fraud?
Ad fraud is a serious problem. According to Juniper Research, losses from ad fraud reached $42 billion in 2019. That is up 21 percent from the previous year, and they expect losses to hit $100 billion a year by 2023.
This type of cybercrime leverages several techniques to steal money from advertisers, such as:
- Impression fraud—when ads are not viewed by an actual human but are fraudulently displayed to collect money.
- Click fraud—when click farms or botnets, such as the Methbot used by 3ve, are used to fraudulently click on advertisements.
- Affiliate fraud—targeting affiliate marketing campaigns designed to generate clicks, leads, or sales.
- Lead fraud—when humans are used to completing lead generation forms for criminal groups who are paid for each “lead.”
- E-commerce fraud—is common with affiliate marketing scams in which a fraudulent transaction is generated from an affiliate link. The publisher is paid for generating a sale before the chargeback happens.
- Sourced traffic—when fake traffic is purchased to make a site appear more popular or to engage in digital advertising campaigns (e.g., generating clicks or impressions).
- Fake websites—using a technique called domain spoofing, criminals are able to make themselves look like legitimate sites to sell advertising space.
To accomplish much of this type of activity, the bad guys rely on botnets and human fraud farms.
Botnets are collections of computers that are infected with malware. These computers can exist anywhere—in schools, businesses, hospitals, or even homes. They do what the malware that infects them tells them to do. In many cases of ad fraud, they are instructed to visit websites to generate impressions or even click on ads.
The problem with botnets is that anyone can rent an existing botnet for almost nothing.
Human fraud farms are a bit more expensive, but that is because they are better at avoiding most fraud detection solutions.
Just as the name implies, human fraud farms are collections of real people whose job it is to commit acts of ad fraud listed above on behalf of the criminals that pay them.
Ad Fraud Costs You Money
If we look at the $42 billion number from Juniper Networks and do the math, ad fraud costs more than $115 million per day. That is quite a bit of money spent for no type of return.
Research from Adobe shows that 28 percent of all traffic is fraudulent. It can be hard to wrap your head around numbers in the billions, so let’s break it down into some costs that are more relatable.
- If you spend $10,000 a year on digital advertising campaigns, $2,800 are lost to fraud.
- If you spend $100,000 a year on advertising, your losses total about $28,000.
- If you spend $1 million a year on advertising, you are losing $280,000 to fraud.
That shows only the tangible costs. Most of us never know how much we lose in time and other resources when securing, tracking, and creating ads that wind up falling victim to fraudulent activity.
Ad Fraud Affects Your Digital Marketing Campaign Metrics
Tracking metrics when it comes to digital advertising campaigns is an important way to gauge how different ads, publishers, and pieces of content are performing. So when you add the 28 percent of fraudulent traffic into the mix, you are adding contaminants into your data.
Think about A/B testing as an example. If one version of an ad is placed on a site that is rife with fraudulent activity and the other is not, you are going to have an inaccurate test. The one on the questionable site may even outperform the other, causing you to go with the less effective ad.
Vanity metrics such as impressions aren’t the only metrics subject to fraud. Lead fraud and e-commerce fraud are both measured by actionable metrics that can be manipulated. When ad fraud is so rampant and sophisticated, it causes you to question how you measure your campaigns. Worse, it may cause others in your company to question your metrics when data is inaccurate.
Ad Fraud Hurts Relationships
The problem of ad fraud affects everyone in the game. Publishers may be the perpetrators of fraud or the victims. Large sites that have built up their reputations are perfect targets for domain spoofing. Affiliates without scruples also pose a risk to your exposure to fraud. So how do you trust the properties where your ads are being placed? How do you trust the partners you are working with?
These concerns can put a strain on long-time relationships, but consider what they mean for new relationships as well. How do you reach out to new publishing partners who aren’t up-front about what they are doing to prevent fraud? Do you need to ask each one to prove they are who they say they are to avoid domain spoofing? Do you need to see their books to ensure traffic is legitimate? Despite the background research you perform, there is still the question of how honest your new partners are because you won’t have insight into everything they are doing.
The same is true for affiliates, ad networks, and any other partnership you form with an outside organization. You need to perform your due diligence to ensure they are on the up and up, but you need to be able to trust them as well. Part of keeping ad fraud from hurting your business is learning how to find the right partners to work with, whether it be a new publisher, an affiliate, or even an outsourced firm.
Luckily, there is a way to fight back against ad fraud. First, you need to understand what it is, how it works, and how it affects you. Just like cybersecurity professionals learn to defend their networks, you need to learn how to defend your digital marketing campaigns. That starts with finding a partner who specializes in helping businesses prevent ad fraud. The money you’ll avoid losing to fraud more than makes up for the costs associated with protecting your digital marketing campaigns from illicit activity.