For online advertisers, botnet traffic can be a costly problem. Without the proper safeguards, advertisers, and businesses waste money and resources on ad clicks driven by malicious botnets and fake referrals that won't generate a return. To prevent advertising fraud and boost your return on ad spend (ROAS), implement a bot detection tool and optimize your marketing attribution strategy.
What is advertisement fraud?
Advertising fraud refers to any botnet or automated activity using fraudulent clicks, referrals, malicious redirects, or malware installations. Fraudulent activity on an ad platform costs advertisers money because the automated or fake referrals provide no return on investment (ROI). This type of ad traffic is not from human users, so it may look like an ad campaign is successful until you see no revenue from your efforts.
Ads can cost millions monthly, and it's worth the investment if you have a monetary return. However, fake traffic will show no signs of human activity and is risky, leaving fraud detection solely on the ad platform.
The cost of advertisement fraud
Experts suggest that ad fraud could cost businesses $100 billion in 2023, up from $80 billion in 2022. With more businesses taking advantage of online advertising, ad fraud has become more lucrative for bad actors looking for a large payout.
In 2016, the "King of Fraud," Aleksander Zhukov, banked between $3 million and $5 million a day from automated botted fraudulent ad traffic. A sophisticated attack at this level usually requires a great collaborative effort, but this is one example of a single individual running a well-paid botnet. With enough virtual machines across the globe, a single bad actor could create clicks and traffic that look legitimate until advertisers notice a massive reduction in customer acquisitions.
Sophisticated attacks like Aleksander's "Methbot" scheme are challenging for ad platforms and networks to detect. Usually, advertisers notice anomalies in ad traffic and revenue, and it can lead to costly litigation. Uber sued several ad networks in 2019 – and won – after they wasted $100 million on fraudulent ad referral traffic. The dispute started when Uber noticed that app installations did not increase with the increased traffic and money spent. Uber later sued another ad network after they realized a majority of installations from the network were from click flooding.
Botnet traffic isn't the only risk to advertisers. Bad actors will create numerous fake accounts on publisher sites to host ads in higher-paying geographic regions (e.g., the United State and have these accounts interact with each other to trick users. Elon Musk recently accused Twitter of having at least 10% bot activity, threatening the platform's reputation for advertisers. Fake accounts waste advertisers' money and ruin an application's reputation, and advertisers are often the bread and butter for businesses like Twitter.
Types of advertisement fraud
Most threats against ad platforms use an extensive network of virtual machines and fake accounts across social media. Accounts are created using burner numbers, so there is no information overlap between them. Bad actors expect some accounts to be caught, but their goal is to keep them unlinked so that detection of one fraudulent account does not result in the entire botnet getting banned.
We know that ad fraud is expensive for advertisers, but threats come in different forms. Here are a few types of ad fraud:
- Hidden ads: Some platforms pay per impression, meaning publishers receive a small amount of money every time a user loads a page and an ad displays. Most ad networks have a limit to the number of ads that can be placed on a page, so malicious publishers use hidden ads to increase impressions and their payout.
- Clickjacking: Web page layouts are built with layers where elements can be placed "on top" of each other. Clickjacking involves displaying a visible harmless-looking ad with a transparent layer overlay containing a malicious link. Users think they are clicking the visible ad. Still, they are redirected to another location to either fraudulently send ad traffic to a targeted advertiser, trick users into falling for a phishing page, or install malware.
- Click flooding: This fraud involves automated clicks of online advertisement links, which intend to take credit for organic app installations. Not only does this deprive the advertiser of marketing dollars intended to incentivize organic installs, but it also impedes their capacity to effectively assess the success of their campaign or strategy.
- Fake app installations: Many advertisers pay per installation, so many cyber-criminals install an advertiser's app on numerous devices. The app is never used again, so that advertisers could spend millions on fraudulent app installs without further usage.
- Botnet fraud: Using potentially thousands of virtual machines located globally, a botnet creator automates click activity and sends fraudulent traffic to advertisers. The ad clicks to generate revenue for the fraudster, but the advertiser loses money from the fraudulent traffic.
How to prevent advertisement fraud
To bolster advertising success, businesses should take the necessary steps to safeguard their campaigns from fraudulent activity. This way, money and resources are not wasted on bad bots; they will yield higher returns with visibility directed toward their targeted audience.
Blocklist malicious users
Protect your online ad from malicious "users" by blocking suspicious domains and IP addresses. This will help prevent false clicks generated to inflate impressions or the cost of an advertising campaign—ensuring that you receive genuine engagement with your ads.
Manage your Ads.txt and Sellers.json files
It is essential to ensure that both an Ads.txt file and a Sellers.json file are hosted on your platform so that nefarious characters cannot resell your content. An ads.txt file declares the ad networks, exchanges, and supply-side platform (SSP) are authorized to resell content, while a Sellers.json provides additional information to verify the origin of impressions. Both serve as protection against ad fraud, as advertisers can easily see which companies have permission to resell advertising space or impressions.
Monitor data for anomalies
Monitoring traffic sources and click-through rate (CTR) data is essential in spotting any potential online advertising fraud. If traffic comes from a dubious location or the CTR is unusually high, but with no conversions, the business may want to pause the flow of ads from that particular source and thoroughly investigate their partners in the digital space.
Using Fingerprint to prevent advertisement fraud
Fingerprint’s BotD helps developers build tools around fraud based on business rules. Fingerprint does all the heavy lifting and simplifies detection so developers can code their applications to follow the regulations specific to your business.
It's an accurate and efficient way for enterprise companies to monitor their ad traffic and revenue, so they don't waste millions on fraudulent advertising.
Security of your advertising network and campaigns should be a layered approach, but you need a strategy to prevent ad fraud. Fingerprint adds a security layer at the application level so that marketing professionals can focus on effective advertising rather than chasing potential fraud.