How to Manage Digital Ad Fraud
Digital Advertising Fraud is not new, but in recent years it has become a much larger and more complicated problem.
Here we will review what digital ad fraud is, how to detect and respond to it and how to prevent it from occurring on your digital marketing campaigns.
If you’re concerned about ad fraud and want assistance creating a robust fraud prevention strategy, MatrixPoint can help. We aren’t just experts on digital fraud though. We also provide a full suite of consulting services, including sales and marketing consulting, media consulting, ecommerce consulting, data privacy compliance consulting and data analytics consulting services.
If after reading this article you still have any questions about ad fraud, please feel free to contact us for a free consultation.
How Significant is the Threat?
Estimates of how bad the ad fraud threat actually is vary, sometimes wildly, but eMarketer recently reported that current estimates of the total cost vary anywhere from $6.5 billion to as much as $19 billion dollars annually.
2020 has also shown a marked increase in digital ad fraud, with mobile, display, OTT and click fraud all seeing significant rises in recent months.
Ad fraud threat is no longer only from random Eastern Europeans manually clicking ads to defraud affiliates or waste Google Ads spends. It is a sophisticated, coordinated and well-funded campaign run by real cybersecurity threats.
To make sure your advertising dollars are being spent wisely, it is critical that you understand what ad fraud is, how it occurs and how to prevent it.
What Types of Ad Fraud Exist?
To understand ad fraud, we first have to explain what it actually is, which requires going through the many different types of ad fraud that occur.
Some of these may apply to you, while others won’t. It is important to be aware of the many different ways that fraudsters can skim off the top of digital marketing campaigns because the more you know about the ways it’s run, the better you can prevent it from occurring to you.
Cookie Stuffing is one of the most common types of ad fraud and primarily occurs in affiliate marketing scams.
Cookie stuffing is used to make it look like an affiliate is doing a better job of referring traffic to an advertiser, generating more sales and thus pads the stats of the affiliate to earn a larger commission.
It’s a complicated process to explain, but for the purposes of this article, it’s important to know that it exists, that it happens and that you will need to pay close attention to your affiliates, their statistics and their behavior in order to watch out for it.
One of the big threats of cookie stuffing is that it won’t just lead to larger, undeserved commission payments, but that it will also misrepresent your audience information, especially your targeting or lookalike profiles, and thereby reduce the effectiveness of all your advertising campaigns.
Traffic fraud is one of the easiest to understand since it doesn’t require several paragraphs to explain; when a scammer commits traffic fraud, they’re tricking analytics into thinking that they’re generating more visitors than they actually are.
This is one of the easiest and most common ad fraud tricks to deploy, so be sure to watch your traffic statistics closely and to investigate any occurrences of unnatural spikes.
Impression fraud is another extremely prolific scam, affecting huge numbers of campaigns and wasting untold amounts of dollars. This tactic generates additional impressions so that the fraudster can collect more revenue for their CPM-based campaigns.
The purpose of running this scam is to create fake impressions, which get traded as actual impressions, even though they don’t deliver any benefits.
This doesn’t just siphon important advertising dollars away from your effective campaigns, but can also screw up your performance statistics, making it look like certain strategies aren’t working as well as they should be, which could influence revenue allocations and lead to much larger performance problems.
Click fraud is one of the most prominent and nefarious forms of digital ad fraud as it can lead to incredible wastes in spends, driving SEM or other PPC campaigns performance into the ground.
This is one of the hardest forms of digital ad fraud to prevent because it can be easily accomplished by anyone with access to the internet as all it requires is clicking on your ads without any intent to actually engage with or purchase your products.
Accordingly, click fraud isn’t just performed by sophisticated bot networks or cybersecurity villains, but can even be run by your competitors, who may be looking to burn through your daily, weekly or monthly PPC budgets so that their ads can be placed both for a cheaper rate and also in better positions.
Fortunately, click fraud is also one of the easiest forms of digital ad fraud to spot and there are a whole host of automated platforms now available to help monitor your PPC performance and flag any unnatural behavior.
Action fraud is one of the most complicated forms of digital ad fraud, going beyond basic clicks or traffic scams and getting into the realm of mimicking actual user behavior and engagement.
This makes action fraud slightly more difficult to perpetuate on a mass scale, but also far more debilitating for campaigns where it occurs as fake actions are likely to completely throw off your performance metrics and break your audience targeting models.
It’s incredibly important to monitor and identify action fraud as this is one of the biggest threats to running successful digital marketing campaigns.
Conversion fraud is another extremely problematic form of digital ad fraud as conversions aren’t just one of the important metrics that digital marketing campaigns are based on, they tend to be THE single most important metric of them all.
If your marketing campaign is hit by conversion fraud, you won’t be able to tell when you’re generating true conversions and actually converting a visitor, which can cause repercussions for performance.
Conversion fraud will throw off all of your conversion models, impacting your decisions about who your ads should target, when they should be run, where they should be run and what they should say, which is likely to lead to significant performance declines.
There are a whole series of ways to conduct action fraud, and because of its potential ability to derail your campaign performance, we suggest monitoring for it and taking all necessary and available steps to prevent it from occurring in the first place.
Retargeting fraud is exceptionally problematic simply because retargeting is one of the most effective digital marketing strategies available, and any campaign with a significant amount of fraudulent activity is likely to fail or at least under-perform.
This scam uses bots to imitate user behavior, spoofing visits and sometimes even engagements to trick the ad targeting system into thinking that serving ads to these “fake” visitors is a good idea.
As with some of the other types of fraud outlined above, getting hit by a substantial amount of retargeting fraud won’t just influence your results, but is also likely to significantly harm your audience targeting models, conversion models and the effectiveness of your overall campaigns.
Affiliate fraud is one of the most common scams in all of digital advertising, and is typically accomplished via the cookie stuffing strategy we outlined above.
Fortunately, affiliate fraud can be combated effectively if you know how to spot it, and it can even be prevented by setting up affiliate campaigns that include monitoring and mitigation solutions built right into the technology.
How to Detect Ad Fraud
Ad fraud detection is an entire discipline worthy of its own specific article, but we’ll cover the basics here to make sure that you have at least a cursory understanding of some of the most common best practices for identifying the problem.
First, there are several different warning signs that you’ll want to watch for in your analytics, which is typically where ad fraud is going to first rear its ugly head.
When reviewing digital marketing campaign performance, make sure to look for any of the following signs, as these are common symptoms that ad fraud is taking place:
Any campaigns producing zero conversions or very little engagement activity, may be a sign that some kind of fraud is occuring.
Extremely Poor Engagement
Abnormally high bounce rates and very short session durations, few pages per visit and other similar terrible engagement rates can all signal that some kind of fraud is being perpetrated.
IP Addresses from Data Centers
If you’re finding visitors arriving from hosted servers, then it may be possible a traffic fraud campaign is being run against your campaigns, with the scammer faking visitors to pump numbers.
Extremely High CTRs
Anytime that you’ve got a CTR that is above and beyond the expected rate, especially if you have similar benchmarks to compare to, you should treat it as a sign that some kind of fraudulent activity could be under way.
Suspicious Site Lists
If you have a tremendous number of super long-tail site placements listed in your reports, with varying domains and pages listed, you may want to take a closer look at those URLs to identify if any of them don’t actually exist or are simply being used as fronts for scammers.
How to Respond to Ad Fraud
Typically, the first thing you’ll need to do when you spot any signs of ad fraud is to investigate and determine independently whether or not some kind of nefarious activity has been committed against you.
Digital marketing is complicated and signs of fraud could simply be indications that something wasn’t set up correctly. However, those situations need to be investigated and addressed to ensure you do not dismiss any red flags that do pop up in your reports.
Next, if you identify something suspicious, make sure to immediately collect evidence in order to avoid paying for the fraudulent activity. Additionally, you should not confront the perpetrator with the data until you’ve built your case against them.
Don’t delay this part of the process, as fraudsters can adjust their tactics on the fly and eliminate any signs of scammy behavior quickly. It’s important that you complete the due diligence process of documenting the fraudulent activity as soon as it’s identified.
Finally, you’ll need to shut off the flow of traffic, revenue, data, etc., to the questionable partner (if there is one), notify them that you’re questioning their results and ask them to explain the suspicious activity.
One of the best ways to identify actual fraud isn’t simply to find the data anomalies in your reports, but to look at the response your advertising partner provides when confronted with your suspicions, as there are several diversionary tactics that scammers attempt to use when called out on their shady activity.
If your partner can’t provide a valid answer as to why the data doesn’t look quite right, if they try to shift blame, try to cover up any problems using “yeah, but” type statements, or if they simply refuse to investigate and provide full transparency, then you may have a case of real digital marketing fraud on your hands and you’ll want to proceed accordingly.
How to Prevent Ad Fraud
While they do add cost and complexity to marketing campaigns, there are several different ways to protect your marketing budgets from ad fraud.
Each of these serves a specific purpose, and choosing only a single of the following strategies is certainly no guarantee that you’ll be fully protected against fraud.
We suggest reviewing the available options, comparing the services to your specific needs, then devising a custom approach that will maximize your protection while minimizing your costs.
License Anti-Click-Fraud Software
It’s not easy to prevent ad click fraud and monitoring it manually can be too time-consuming to make it worth the effort. Fortunately there are options for licensing anti-click fraud software that will do the work for you.
These programs typically integrate into Google Ads or other PPC accounts by adding tracking codes to landing pages and tracking templates in the SEM systems, allowing you to automatically detect:
- Competitors clicking ads
- Manual click fraud
Different systems offer different functionalities and levels of support, so you’ll need to review the options and determine which will work best for your specific needs.
Emphasize Conversions, Not Clicks
By focusing reporting and measurement on clicks, you’re more likely to be taken advantage of by fraudsters and scams as clicks are much easier to fake than conversions.
Click fraud is one of the most common forms of fraud and one of the simplest to execute. It’s also one of the hardest to prevent, but if you’re optimizing for conversions or other important engagement behaviors, it’s much less likely that you’ll be taken advantage of.
Remember, however, that you can’t simply ignore clicks because you need to be monitoring clicks behavior and watching for the common scams that plague the industry.
Only Work With Trusted DSPs
Choosing reputable, reliable, fully-vetted DSPs is one of the best ways to insulate your campaigns against fraud, since these platforms are far less likely to engage in or get compromised by fraudulent behavior.
When selecting a DSP, watch for offers or language around fraud and select one that promises to provide protections against fraud.
Some DSPs will even offer refunds for fraudulent behavior. Any platform offering this type of guarantee will be more likely to take the threat of digital ad fraud seriously.
Conduct Manual Reviews
It’s a good idea to leverage automated solutions capable of monitoring and preventing fraud, but if you rely completely on these systems, you may be at an increased risk of being negatively impacted by fraudulent activity.
Why? Because an automated platform is programmed to look for simple things. Each of the platforms have their own strengths and weaknesses and those individuals committing fraud are constantly testing them, looking for holes in the security that they can exploit.
By manually reviewing your performance data on a regular basis, identifying outliers and inspecting them for fraudulent activity, you’ll be able to do a much better job of protecting your digital marketing spends.
Create Whitelists and Blacklists
Limiting your spend to approved, whitelisted websites is an effective way of preventing ad fraud, as it creates a blacklist of sites that you refuse to work with.
However, keep in mind that while this can certainly help prevent fraud, it’s also likely to reduce your campaign performance, especially on the programmatic side, where ideally you want ad inventory and opportunities to be as open-ended as possible.
There’s certainly a benefit to utilizing whitelists and blacklists, however, make sure to at least consider testing this option before disregarding it’s value.
Leverage Big Data to Identify Outliers
As we mentioned above, manually inspecting campaign performance is one of the best ways to identify potential outliers that could raise red flags and signal that you have been hit by fraud.
This doesn’t have to be done manually, however, as it’s possible to utilize an automated data analysis system or to set up reports which can flag outliers as they occur, monitoring for things like:
- Excessively high CTRs
- Abnormally low engagement
- Significant traffic spikes
- Odd patterns in the data
If you notice significant outliers in any of your data, then it’s time to conduct a manual review, investigate what caused it and determine if anything needs to be done to stop and then prevent further fraud from occurring.
Ads.txt was created by the Interactive Advertising Bureau, or IAB, and is used to help improve transparency for programmatic advertising.
This file is added to website’s and contains information about Authorised Digital SEllers (ADS), which is a public record of the sellers and can be used to help quickly determine who is allowed to handle ad inventory for the site, making it significantly more difficult to commit fraud using those sites.
Using Ads.txt, you can figure out who you are supposed to contact when you want to purchase inventory on the site, which will help you prevent being scammed.
Ads.txt also includes publisher IDs within it, so you can match them up against the data you receive from your ad servers to determine if they are in alignment.
Utilizing Ads.txt helps provide another level of transparency and accountability that may help prevent you from digital fraud.
Exclude Problematic IPs
Excluding problematic IP’s is a retroactive measure that allows you to block IPs after you’ve detected fraudulent activity originating from them. It is a good idea to keep an IP blacklist to match it against publicly available blacklists so you can block any potentially problematic IPs from your campaigns.
While sophisticated scammers know better than to keep using the same IP, there’s certainly incremental value and additional protection in utilizing this very basic approach which won’t require much in the way of technology or investment to deploy.
Even if you can’t afford any of the more sophisticated strategies suggested here, maintaining a healthy IP blacklist is something you should absolutely attempt.
Exclude Fraudulent Geographics
If you’ve found certain geographies, countries, regions, etc., to be causing problems on a regular basis, you may want to consider simply blocking them entirely.
This can be especially helpful if you’re not operating internationally and don’t need traffic from destinations outside the United States, or outside a limited geographic region, as it’s a very quick and easy way to simply wipe out a lot of potential fraud occurring from these regions.
Keep in mind, however, that IP blocking is not a sure-fire way to protect your campaigns, and scammers are much more sophisticated these days. You will want to layer this strategy with some of the others listed in this article in order to improve your ability to prevent fraud.
Prioritize Remarketing Campaigns
Remarketing Campaigns are one of the safest ways to do digital advertising. They are incredibly effective and they also happen to be a great way to prevent click fraud and other bot attacks since they circumvent the need to display ads to visitors who haven’t seen you before.
If you’re only running remarketing campaigns, it’s significantly less likely that you’ll be hit by any kind of digital fraud, but it also limits your effectiveness in that it won’t allow you to generate impressions and views on the upper end of the sales funnel, and this could impact long-term performance.
Like the other strategies mentioned here, it can help to prioritize remarketing, but it’s not a perfect solution to preventing fraud; it needs to be combined with other measures.
Hire a Third-Party Ad Verification or Ad Management Company
As fraud has become such a significant problem in digital advertising, a cottage industry has sprung up around its detection and prevention.
Accordingly, a whole series of different companies, tools, platforms and technologies are available to help prevent your campaign from being abused.
If you don’t have in-house resources to deal with fraud, it may be a good idea to consider outsourcing the work to specialty firms who focus entirely on this area, as they’re more likely to be capable of fully protecting your digital advertising efforts.
Protect Yourself From Digital Ad Fraud with MatrixPoint
MatrixPoint’s marketing, media, data and cybersecurity consultants will ensure that your company makes the right decisions when it comes to protecting you from digital media fraud.
Our experts will design a fraud prevention and detection system customized for your specific needs, allowing you to immediately adopt industry best practices to ensure your online marketing campaigns aren’t compromised.
Not only can we research, design and deploy this system on your behalf, but we can also train your team to utilize and maintain it, allowing you to build in-house expertise in this complex, but critical component of marketing strategy.
Ready to schedule a consultation with MatrixPoint’s fraud experts? Contact us now to learn more about how we can help.