Blog , 01 Jul 2022

How Does Digital Ad Fraud Occur?

Jeanie Verona,

Content Creator

The conversation about cybercrime tends to revolve around a few common issues: phishing attacks, credit card fraud, malware, and so on. 

Despite these common problems, digital ad fraud makes up a significant portion of the cybercrime we see today, despite seldom being discussed. 
In fact, recent research on ad fraud suggests that this illegal practice will account for some $68 billion in losses in 2022 (up from $59 billion in 2021).

Digital ad fraud can occur in three different ways:

  1. accidentally – a user clicks on an ad by mistake,
  2. maliciously –  a user intentionally acting to impact the underlying business’s ad spending, or
  3. through ad malware – a software is designed to click ads repeatedly

What Is Digital Ad Fraud?

We already covered this in our previous article, but let’s explain it again and refresh your knowledge.

Digital ad fraud is any invalid web traffic relating to digital ad placement.
it is effectively using the ad to drive up costs for the underlying business without any chance of a resulting conversion.

When a business places an ad online, it either directly or indirectly agrees to pay the websites on which that ad is hosted whenever the ad is clicked. However, not all such clicks represent a genuine interest in the advertised product, service, or platform.


Looking at the estimated costs of digital ad fraud, we do see a huge increase since 2018. Within the next year, an estimated increase of 23% from 81 billion US dollars to 100 billion US dollars is expected.

estimated cost of digital ad fraud worldwide from 2018 to 2023
Source: Statista

The 10 Most Common Types Of Ad Fraud

  • Click Fraud
  • Click Injection
  • Fake App Installation
  • Domain Spoofing
  • Cookie Stuffing
  • Pixel Stuffing
  • Geo Masking
  • Ad Injection
  • Viewer Fraud
  • Ad Stacking

In our first article about Digital Ad Fraud, we nudge a little about the most common types of ad fraud. Here we will give more explanations for better understanding. Let’s take a look at some more specific types of ad fraud that can occur.

1) Click Fraud

Click fraud is typically carried out by bots and refers to the active targeting of pay-per-click ads. Bots simulate clicking on those ads and waste the budget of advertisers. Alternatively, the bots might simulate ad clicks to boost the rankings of a social media post, webpage, or specific ad campaign.

The object of this type of digital ad fraud is to trick an advertising platform into believing certain levels of activity from real users. This signals that a post, web page, or advertisement is more popular than it truly is. Note that most click fraud is carried out on a large scale, with many fraudulent clicks occurring simultaneously through multiple links or ads.

2) Click Injection

Then there’s click injection. Click injection is a type of ad fraud that occurs when users install a free app with a virus or bot hidden within. While the app may or may not perform its main advertised function, its primary purpose is to perform click injection fraud.

click injection
Click Injection

Click injection fraud apps monitor their devices for so-called install broadcasts on app stores. When they detect that a signal app is launched, it sends a message to an attribution provider with a register for an ad click. That click is then reported to a marketing campaign.

Essentially, it involves hijacking user apps to simulate fraudulent consumer activity. This type of fraud is more common with mobile apps, including in-app advertisements, shopping displays, etc. Many online or app-based games are especially vulnerable to this type of ad fraud.

3) Fake App Installation

Next is fake app installation. Many mobile applications these days have ads on the screen’s sides or bottom. Therefore, it’s no surprise that click farms or other fraudulent advertisers manually install apps repeatedly. They then interact with the ads within those apps by performing whatever necessary actions to register an ad click.

The biggest click farms automate this to the extreme; simulated mobile devices take care of app installation and repeatedly advertise clicks. This significantly impacts the advertiser’s metrics and makes in-app advertisements or installs seem more active than they are. It’s one of the major problems that app developers and advertising firms have to watch out for.

4) Domain Spoofing

Another common form of ad fraud is domain spoofing, where malicious actors present unsafe and low-quality websites as reputable and legitimate publishers. This technique aims to hide the actual site from advertisers and trick them into paying more money for ad space. The fraudsters then pocket the extra cash when they receive it via text to pay systems, bank transfers, etc.

domain spoofing
Domain Spoofing

Fortunately, advertisers can watch for domain spoofing by looking for several signs:

  • Incoming traffic from the spoofed domain doesn’t match what the spoofed website should logically receive. For example, suppose an advertising platform is just starting to advertise on a new website launched one day previously. In that case, that website shouldn’t get a ton of traffic under even the best circumstances.
  • CPM (cost per mille) is much too low for a supposedly high-value site.
  • The domain doesn’t usually run ads.
  • The website publisher isn’t selling ad space in a real-time bidding or RTB auction.

The domain owner has a suspicious-looking email address.

5) Cookie Stuffing

Cookie stuffing ad fraud occurs when affiliate marketing advertisers use cookies to track different affiliates. Cookies are tiny files that store text within web browsers. They allow affiliate marketers to determine which affiliates are responsible for referring website visitors and purchasers to their brands. It’s an essential part of what makes affiliate marketing work.

However, affiliate marketing can be affected by criminal activity through ad fraud. A fraudster sends many affiliate tracking cookies to a target website visitor’s browser with cookie stuffing. All these cookies are sent at the same time.

When that webpage visitor visits an affiliate website, all the tracking cookies ping simultaneously. The affiliate marketing program then gives lots of credit to the fraudster all at once, even if they never actively promoted the site.

Over time, cookie stuffing can consume a lot of ad spending and hurt affiliate marketers. The fraudster, in this case, steals the credit for leads and sales.

6) Pixel Stuffing

Pixel stuffing is ad fraud in which a fraudster makes a tiny, 1×1 pixel area for an ad display. But within that area, cybercriminals display up to hundreds of ads on a webpage. Then, when visitors view the small pixel area, the fraudster gets credit for ad impressions.

Note that these one-pixel ads don’t generate actual results – viewers normally don’t notice those tiny ads. This type of ad fraud only works with marketing programs that spend their advertising dollars on impressions, which is one reason why the CPM model is getting less and less attractive.

pixel stuffing
Pixel Stuffing

7) Geo Masking

Geo masking ad fraud can impact advertising campaigns with different ad spend amounts for various regions. For instance, a company might start a marketing campaign that pays more for leads coming from the US, while they are paying less for leads coming from other countries.

With geo masking, fraudsters hide lead locations when they generate leads for their advertisers. They typically do this by spoofing IP addresses to make them look more valuable than they are. Then they charge advertisers for the illegitimate leads they generate.

8) Ad Injection

Ad injection involves leveraging malware, plug-ins, and browser extensions to put ads where they should not be. Alternatively, they may replace certain ads on websites with different advertisements. Then, when website users click on misplaced ads, fraudsters get credit for all those clicks even if they don’t own the websites.

Ad injection is one of the riskiest in legality since it inserts fraudulent ads and websites without the site owner’s permission. In these cases, victimized website owners miss out on ad revenue since their chosen advertisements are being replaced with fraudulent ones.

9) Viewer Fraud

Last but not least is viewer fraud. With viewer fraud, automated bots watch video ads on platforms like YouTube, generating impressions for advertisers. Of course, those impressions are false since the videos are being “watched” by bots rather than real people.

In these circumstances, ad fraud can be costly for advertisers. All that ad spend is wasted without the video ads being shown to real users.

10) Ad Stacking

Ad stacking is what it sounds like, although fraudsters can do it in various ways.

The main technique is when multiple ads are layered on top of each other in one single ad placement. So if a user clicks on one ad, he not only clicks on that displayed one he’s seeing but also unintentionally clicks several ads that are layer underneath.

Ad stacking is a fraud technique that became prevalent a few years ago and has remained a prominent concern in the ad fraud space. 

Ad stacking example: one real ad impression and 4 fake ad impressions
Source: Abusix

There are several reasons fraudsters use ad stacking as well. First is “click stuffing,” whereby the fraudster generates unnatural clicks and may even gain attribution if one of the hidden ads corresponds to something the visitor eventually uses or downloads. The second is “impression stuffing,” which amounts to scamming via false impressions from unearned clicks. The third is “viewability fraud,” essentially skewing viewability metrics through fraudulent clicks.


Ad stacking happens mostly on sites known as MFA or Made-For-Advertising. These pages are overwhelmed with content that drives low-cost ad advertising

How to prevent ad stacking?

There are tools and browser extensions where you can identify ad stacking. A simple example will be that if there are six ad slots on the website, the tool or the extension will let you know that there are, let’s say, maybe 15 ads on that same website. If you check the domain and see multiple ads layered on one static placeholder, then that’s ad fraud.

Tools, extensions, software, or apps can help you check and identify ad stacking.  The process looks straightforward, but it requires often a dedicated team to track each ad in each campaign. Recovering after detection is another journey and out of scope for this blog post.

Here are some tools and software designed to identify ad stacking:

  1. Adjust

It specifically works to stop and combat fraud in user acquisition. Comparing the timestamps of the false impressions and clicks makes it possible to identify ad stacking, making it reasonably simple to stop. 

  1. Singular

Singular provides advertisers with leading mobile ad fraud prevention technology that can detect and block many different forms of fraud.

  1. ClickCease

By rejecting fraudulent clicks and removing suspect IP addresses in real-time, ClickCease safeguards your Google Ads campaign against click fraud. Consequently, you will see an improvement in the outcomes of your advertising campaigns and an increase in website traffic without going over budget.

  1. Protect360

Protect360 is an effective click fraud prevention tool that keeps track of visitors to your website that clicks on Google PPC ads. This solution seeks to prevent fraudulent clicks and guarantee that the ad campaigns drive organic traffic to your website. It is specifically made to avoid mobile ad fraud.

  1. Clixtell

Clixtell is the best choice if you seek a reliable, effective, automatic click fraud protection service. Stoping click fraud activities in real-time keeps your allotted budget for Google Ads and Bing Ads secure.

While there are no all-inclusive tools that can prevent all digital ad fraud, you do have the option of investing in assistance –– primarily through GIVT and SIVT detection. These two abbreviations correspond to different types of invalid ad traffic, and there are some sophisticated tools you can invest in.

SIVT stands for “Sophisticated Invalid Traffic,” and refers to many of the digital ad fraud practices defined above (such as malware, location fraud, and bot fraud). A SIVT identification tool won’t necessarily catch all fraudulent activity. Still, it will help you become aware of some instances of invalid traffic so that you can adjust ad spending as needed.

We mentioned just how expensive digital ad fraud can be. Therefore, it is necessary for companies running paying for digital advertising to have measures in place to avoid falling prey to the attacks described above. So what should you prevent ad fraud from happening to your company?

Consult An Information Security Analyst

If you’re concerned about the potential for ongoing digital ad fraud, you can consult a professional information security analyst. People in this professional field have deep backgrounds in cybersecurity and are skilled in analysis and problem-solving. They are typically responsible for protecting the networks and data of the organizations they work for from various breaches or attacks.

This does not mean that an information security analyst spots any ongoing ad fraud. However, someone with this skill set and background may be better equipped to use tracking tools (like those for identifying SIVT), identify irregularities, and implement solutions.

Establish A Security Operations Center (SOC)

Similarly, you can also establish a security operations center within your business. As we’ve touched on that topic in a few blog posts here at Abusix, this is an internal team responsible for all IT issues, including those related to cybersecurity. Your security operations center should be staffed by professionals (like the information security analysts described above) trained in identifying, analyzing, and investigating threats.

Staffing a SOC will not completely prevent or dissuade digital ad fraud. However, it enables your business to respond when attacks are identified and mitigate any potential damage that may stem from an attack.

Conclusion

Digital ad fraud can take many forms and can be highly costly for a business engaging in paid ad campaigns. By recognizing the different types of fraud and taking further steps to protect your company against them, you are already one step ahead to reduce the potential for damage.

Share
Linkedin Icon Twitter Icon Facebook Icon E-mal Icon
Two computer monitors showing AbuseHQ

Start your Cybersecurity Investment

Let’s get in touch to discuss how AbuseHQ can help you to fight against 2022 cyber threats.

Get a demo

Products & Tools

Type

Topic

Get in touch

Talk to us

Do you want to remove your IP/domain from one of our blocklists?
Please use our lookup-service and follow the instructions there in order to get that resolved.