Ad Fraud Prevention: How to Protect Your Online Advertising Budget

Online advertising has become crucial for a business to thrive in today's digital age. With the ability to reach millions of potential customers through targeted ad campaigns, businesses are investing heavily in their advertising budgets. However, a looming threat can undermine these efforts: ad fraud.

In this article, I'll delve into the complex issue of ad fraud and explore its three main types. I’ll teach you to recognize them and guide you on what to do when you suspect any fraudulent activity. Additionally, we'll discuss various ad fraud prevention techniques that businesses can implement to protect themselves and their campaigns.

Understanding Ad Fraud

Ad fraud refers to any activity that generates fake ad impressions or clicks, tricking advertisers into paying for non-existent or ineffective ad campaigns. The impact of ad fraud on advertising budgets can be devastating, resulting in wasted resources, lost revenue, and damage to brand reputation. Ad fraud is estimated to cost the advertising industry billions of dollars annually.

With online marketing becoming increasingly sophisticated and diverse, ad fraud has grown in both scope and complexity. Let’s take a look at the three primary types of ad fraud to watch out for.

Click Fraud

What is click fraud?

Click fraud is a type of ad fraud that involves interfering with user interactions with ads. One typical example is click-spamming, where a fraudster intercepts a real user's click from another source (such as an organic or advertising click) and assigns it to themselves by generating multiple automatic clicks. The user may then install the application, but the analytics system will attribute the installation to the fraudulent partner and not the source.

How can you detect it?

Fortunately, detecting this type of fraud is easier than the others. One way is by analyzing statistics. Unlike a real user, a fraudster does not download the application, so fictitious actions will show in the numbers. Abnormally frequent user clicks, short intervals between a click and an install, a sharp one-time increase in installs, and, of course, a low conversion rate should alert you. Usually, the figures are compared with the average for the last few months. You can also analyze the source of the traffic to make sure it's diversified, with no single authority responsible for a significant portion of the traffic.

However, Apple's privacy policyupdates, which allow users to restrict access to ad interaction data in AppStore apps, have made detecting click fraud more difficult. This means that some data for analysis and fraud detection may not be available.

Hardware Fraud

What is hardware fraud?

Fraudsters can use bots that imitate app installs, and I classify this type of fraud as hardware fraud. It is commonly found in gaming apps on Android, as there are many pre-built emulators available.

Another way fraudsters engage in hardware fraud is by using virtual machines or cloud servers to simulate multiple devices and generate fake installations. In this case, the fraudster may use different IPs and locations to create the impression that the installs come from different devices and users.

How can you detect it?

To detect hardware fraud, you can use an anti-fraud system to automatically check the device settings during installation. The system can flag inconsistencies such as incorrect device models or operating systems that don't match the real device. For example, a fraudster may indicate a priority phone or browser model that does not match the device.

Detecting the second type of hardware fraud can be more challenging since fraudsters can make the device's characteristics and location appear legitimate. In this case, you might need to run a more thorough analysis of behavior patterns to detect inconsistencies in the data.

Behavioral Fraud

What is behavioral fraud?

This is a rather sophisticated form of ad fraud where bots mimic human behavior and engage with the app. These can also be real people who are paid to perform simple tasks, for example, in dating apps, where ad budgets are spent not only on installations but also on user activity.

Another example of behavioral fraud is incentivized traffic, where users are offered rewards or incentives for downloading and using an app. Since these users are only motivated by the reward, this creates a low-quality user base that is unlikely to generate revenue for the advertiser. Numbers of installs and user engagement skyrocket, but there’s hardly any value in them.

How can you detect it?

Start by analyzing user activity statistics. If user sessions are abnormally frequent, long, or too short, this might be a tell-tale sign you’ve become a victim of fraud. Again, compare these indicators with the last few months’ average values to identify anomalies. Additionally, analyzing the quality and attention of users to the app over time can help to detect incentivized traffic fraud.

Platforms Most Affected by Fraud

Web

First and foremost, there’s web fraud. In essence, it involves generating fake traffic on websites to artificially increase the number of ad impressions, clicks, and conversions. Advertisers pay for this non-existent or low-quality traffic, leading to wasted advertising budgets and decreased ROI.

Research shows that web fraud is more prevalent than other forms of online ad fraud, with websites being targeted 25% more often than mobile apps. All types of websites, from news and entertainment to e-commerce and social media, can be affected. However, websites with low traffic volume or lower quality control in their ad networks are more prone to fraud.

Video ads are a prime target for fraudsters, accounting for almost 64% of all ad fraud.   A common tactic here is to pass off banner ad space as video placement and sell it at a higher price.

Mobile

Mobile app fraud is a significant issue in the programmatic ecosystem. According to McKinsey, exposure to fraud has skyrocketed by 157% to $5.4 billion worldwide. Unlike desktop fraud, mobile app fraud often operates through downloads from trusted marketplaces such as the App Store or Google Play, making it difficult to detect and prevent. The traditional web fraud tracking model simply wouldn’t work.

One of the most common types of mobile app fraud is click injection. Fraudsters use malware to trigger fake clicks just before an app is installed or updated. The worst part is, these clicks can look like they're coming from real, legitimate users, making it hard to recognize them as fraud.

iOS vs Android

In 2020, in an effort to combat ad fraud and disruptive advertising, Google removed around 600 Android apps and banned their developers from the Play Store. Naturally, the problem of fraud in mobile advertising affects both iOS and Android platforms, but scammers tend to target Android devices more often because they make up a larger portion of the market. As much as 90% of all mobile ad fraud affects Android. Also, Android devices have higher levels of hardware fraud than iOS devices (37% vs 24%)—they are easier to emulate and have an open-source architecture that makes it easier for fraudsters to generate fake traffic.

When it comes to the iOS advertising ecosystem, fraudsters find it attractive for different reasons, particularly due to the higher CPM (cost per thousand) rates compared to Android devices. iOS devices actually have a greater share of post-install fraud than Android devices—55% compared to 34%. The loss of user IDs on iOS can also lead to a rapid increase in fraudulent activity in mobile applications.

Non-Gaming Apps vs Mobile Games

It appears that non-gaming apps are particularly vulnerable to fraudsters, with financial, travel, and shopping apps being the most targeted. Fraud in non-gaming apps is often carried out by bots, which go unnoticed and target less visible elements of apps and user engagement.

In contrast, gaming apps appear to be more immune to fraud, with only 3.8% of game downloads being fake, according to AppsFlyer. This might be because mobile games typically use the CPA (pay-per-action) model for advertising. Yet, click spam and attribution hijacking can still be an issue in gaming apps.

CTVs

Connected TV ad fraud has emerged alongside the growing popularity of streaming services. One common type of fraud is spoofing, where scammers copy real audiences watching ads on CTV devices. They use techniques like IP, device, SDK, and Server-Side Ad Insertion (SSAI) spoofing to steal ad revenue.

According to Pixalate's research, the global CTV ad fraud rate rose from 14% in Q2 2021 to 19% in Q2 2022. To combat CTV ad fraud and improve their return on ad spend, advertisers must focus on precise audience targeting, which can help them detect fraudulent activity.

Preventing Ad Fraud

Machine Learning in Antifraud Systems

Machine learning, with the ability to analyze enormous datasets in real time, is changing the game when it comes to preventing app fraud.

One of its key applications is anomaly detection, which means identifying unusual or suspicious activities in an ad campaign. If you train the algorithm over historical ad data, the system will establish a baseline of normal behavior and then spot deviations from this norm. For example, if there's a sudden spike in click-through rates or a disproportionate number of ad impressions from specific geographic locations, it can be flagged as potential fraud. Even more impressively, these advanced algorithms can recognize more subtle forms of fraud, such as click farms and bot traffic, which can easily go unnoticed if traditional detection methods are used.

To make anti-fraud systems even more powerful, companies can use a mix of supervised and unsupervised learning techniques. Supervised learning involves teaching the algorithm using labeled data, where fraud instances are explicitly identified, helping the model recognize similar patterns in the future. SML-based systems demostrate good results at detecting already known types of fraud. On the other hand, unsupervised learning doesn't need labeled data; the algorithm autonomously identifies clusters or patterns in the dataset. Such algorithms are more adept at identifying new types of fraud. By combining these two methods, organizations can build resilient and comprehensive anti-fraud tools.

Impression Tracking

Merely relying on validation methods to ensure that the ad impression is genuine may not always be sufficient—fraudsters can manipulate the system by selectively removing validation pixels from fake impressions while retaining the advertiser's pixels. This is why it's crucial to compare your ad impressions against third-party validator stats and analytics.

Also, it's important to use a unique validation pixel for every impression. Some may choose to check every second or third impression to save the budget on monthly limits, but scammers can detect and mimic this frequency, rendering it ineffective.

Here's a real-life example that shows how crucial it is to remain vigilant when combatting fraud. I personally know a team that works closely with validators to keep track of discrepancies in ad impressions. When they changed the validation frequency from every second impression to every impression, they noticed a significant surge in invalid traffic coming from a particular publisher, indicating that the previous frequency was intercepted by scammers.

Blocking Multiple Requests

Rate limiting is an extremely effective way to mitigate bot activity. Essentially this strategy involves monitoring the number of requests and blocking duplicate ones. First, the system tracks the IP address and time between individual requests, which helps to identify the source of a request and restricts processing when a specific IP generates an excessive number of requests within a given time frame. This technique helps prevent DoS and DDoS attacks, web scraping, and botnets. It also reduces the load on web servers and prevents API overuse.

Blocklists

Another way to combat fraud in advertising is by creating blocklists of vendors and platforms known for spreading fraud. Implementing these lists effectively stops fraudulent traffic from entering the system.

Many systems maintain internal blocklists that are updated frequently; also, developers often rely on third-party data. They check databases for parameters such as IP addresses, device information, application IDs, domains, and potentially harmful applications.

Real-Time Bidding

Real-time bidding allows advertisers to bid on individual ad impressions in real time, ensuring their ads are served to the most relevant users. This increased control minimizes the chances of their ads being displayed on fraudulent websites or being viewed by non-human traffic, e.g. bots.

Furthermore, RTB platforms often incorporate advanced security measures and fraud detection tools that help identify and block malicious activities. They constantly monitor and analyze bid requests, capable of promptly detecting patterns indicative of ad fraud, such as abnormal click-through rates or unusual traffic sources. This makes it more difficult for fraudsters to exploit the system.

Conclusion

The economic impact of fraudulent advertising is staggering. A few years ago Statistapointed out that damages due to ad fraud and spending on bot traffic were expected to rise from $35 billion to $100 billion between 2018 and 2023, reaching over $80 billion in 2022. More recently, the Association of National Advertisers (ANA) reported that the cost of ad fraud has reached an astounding $120 billion annually—the number has already topped Statista’s grim forecast. Advertisers in the United States suffer the most significant financial losses, amounting to $23 billion.__

__Research byJuniper indicates that 24% of traffic is generated by bots used for scams and theft. Interceptd found that 31% of iOS app installs and 25% of Android app installs are fake, while TrafficGuard and Juniper concluded that one in every 13 app installations worldwide is fraudulent.

This 2022 data highlights how important it is for businesses and marketing teams to timely detect advertising fraud. Otherwise, they risk spending budgets on bots and fake traffic instead of potential customers. We also need to keep in mind that since programmatic advertising is developing rapidly, effective detection processes for fraudulent traffic may take time to catch up.

Let's recap the strategies advertisers can use to combat fraud:

1. Use systems powered by a combination of supervised and unsupervised ML.
2. Install advanced analytics and traffic inspection tools to get more data for attribution analysis.
3. Cross-reference data from different sources, e.g. verify proprietary data against that of third-party validators.
4. Implement rigorous screening processes using blocklists of fraudulent and suspicious traffic, regularly updating and cross-referencing these lists with third-party vendors.
5. Employ impression tracking and filters to ensure the safety of advertising traffic.

Sources

1. BotFAQtor Blog, 3 Reasons to Protect Your Ad Campaign from Fraud in 2023, https://botfaqtor.ru/blog/3-dovoda-v-polzu-zashchity-reklamy-ot-onlayn-moshennichestva-v-2023-godu/
2. VC.ru, Top 10 Tools to Combat Click Fraud by Maksim Kulgin,  https://vc.ru/services/617098-top-10-servisov-pomogayushchih-borotsya-so-sklikivaniem-v-reklame
3. Admon.ai for VC.ru, Everything You Wanted to Know about Web and Mobile Ad Fraud But Didn’t Dare to Ask, https://vc.ru/marketing/446864-moshennichestvo-v-onlayn-reklame-vse-chto-vy-hoteli-znat-o-frode-v-vebe-i-mobayle-no-boyalis-sprosit
4. VC.ru, How to Recognize Ad Fraud, https://vc.ru/promo/467877-fraud-online
5. OneSpan Blog, Preventing Fraud, https://www.onespan.com/ru/topics/predotvrasenie-mosennicestva
6. My Tracker Blog, The Ultimate Guide to Identifying and Preventing Mobile Ad Fraud by Ivan Mazharov, https://tracker.my.com/blog/216/the-ultimate-guide-to-identifying-and-preventing-mobile-ad-fraud?lang=en#:\~:text=SDK Spoofing,or%2C potentially%2C engagement signals
7. VC.ru, A Guide to Preventing Ad Fraud: How to Run Secure Advertising Campaigns?  by Yaroslav Kholod, https://vc.ru/marketing/159440-gayd-po-borbe-s-reklamnym-frodom-kak-obezopasit-kampanii-ot-moshennichestva
8. PWC, PwC’s Global Economic Crime and Fraud Survey 2022, https://www.pwc.com/gx/en/services/forensics/economic-crime-survey.html
9. Apple Developer Support Articles, User Privacy and Data Use, https://developer.apple.com/app-store/user-privacy-and-data-use/
10. Business of Apps, Ad Fraud Statistics (2023) by Artyom Dogtiev, https://www.businessofapps.com/ads/ad-fraud/research/ad-fraud-statistics/