NOTE: Updated March 2022
Fraud is killing your digital marketing campaigns. It’s a bold statement to make but it’s fully justified by recent industry events which have highlighted failings and exposed weaknesses.
And it’s affecting big business.
The UK digital advertising industry was worth an estimated £16.5 billion in 2020, a growth of 5% on the 2019 figure and with a 75% year-on-year growth, smartphones now account for 64% of all spend. The latest Interactive Advertising Bureau (IAB) / PwC Digital Adspend report for the first half of 2021 shows the market has continued its growth with £10.5bn spent.
Unfortunately, along with all that advertising comes ad fraud. Digital ad fraud affects between 10 to 60 per cent of different types of digital advertising, according to numerous studies.
Foremost amongst these was a landmark study carried out in 2016 by the Association of National Advertisers and digital security firm White Ops (now Human), which monitored 181 digital marketing campaigns from 36 ANA member companies across 60 days. They uncovered hundreds of millions of bots infecting the advertising of big brand names including Ford, Verizon and Pfizer.
The latest study, which includes insights from 129 digital marketing leaders with performance marketing responsibilities, showed two-thirds of marketers experienced some kind of marketing fraud in 2020.
What does this mean in reality? Half, or more, of paid online display adverts have never been seen by an actual person. The number of impressions which aren’t viewed can be as high as 85% and, as far back as 2012 Incapsula was reporting that only 35% of all internet traffic was human. In 2015 Google put the figure slightly higher at 44%.
So What Constitutes Ad Fraud?
Traffic Sourcing is the major risk factor for fraud.
Digital marketing is plagued by an increasing level of illegal activity known as traffic fraud which is used by criminals to exploit the system and get paid for fake, non-human traffic – in other words, bots.
Advertisers expect that online content used in digital marketing campaigns is viewed by human audiences – that’s why they’re willing to spend billions on getting their product or brand in front of someone with the potential to buy. Robotic traffic is driven by code, not humans so it has no ability to generate real conversions or purchases. But bots are smart enough to mimic human behaviour, making them difficult to detect.
Paid traffic acquisition – otherwise known as traffic sourcing – is an ordinary part of promoting a site to reach a larger audience and is not inherently bad (see image below).
Unfortunately, it is susceptible to fraud because not all sources of traffic are equal. Behind every big bot problem, someone is paying a traffic source. The ANA/White Ops 2017 report found 3.6 times as much fraud was coming from sourced than non-sourced traffic.
The report also found:
- Sites with bot only traffic make up 20% of all websites
- Nearly 25% of all video ad impressions are fraudulent (viewed by machines, not humans)
- 76% of sophisticated invalid traffic (SIVT) came from machines which have a human and a bot on the same machine, making them harder to detect
- Nearly 70% of fraudulent impressions come from 3% of publishers
Click Farms are another common method of ad fraud
These are usually located in developing countries with low wage rates like the Philippines, India and Bangladesh amongst others, and many use proxy servers or Virtual Private Networks (VPNs) to mask their location.
Workers are paid low amounts to click on content – like a Facebook or Twitter ad – falsely creating the impression of a popular post and cheating the algorithms so the content is seen more. Click farm owners then sell their likes and followers at a higher price.
Domain spoofing, especially with video content, is one of the fastest rising types of ad fraud.
The Financial Times in September 2017 contacted 11,000 of its client and agency contacts to warn them about the scale of fraudulent FT.com inventory being bought, courtesy of domain spoofing. The FT found display ads against inventory masquerading as FT.com on 10 different ad exchanges and video ads on 15 different exchanges – the publisher doesn’t even offer video ads for sale.
There were 300 accounts selling inventory claiming to be the FTs and the sale was massive – the publisher estimated the value of the fraudulent inventory to be £1m per month. The equivalent of one month’s supply of bona fide FT.com video inventory was fraudulently appearing in a single day.
How domain spoofing works is that a buyer may see the URL for reputablewebsite.com (be it CNN or Huffington Post or any number of sites out there) but, in reality, is buying from a completely unrelated site, disreputablewebsite.com.
The 2016 “Methbot” scheme – which spoofed more than 6,000 premium publishers in the US and generated as much as $5 million in fraudulent revenue per day – was the first public display of this risk.
Experts have warned that this could get worse as more advertisers rely on “programmatic advertising” (buying digital advertising space automatically, with computers using data to decide which ads to buy and how much to pay for them) for their digital marketing campaigns.
Why Does Ad Fraud Matter?
According to Digital Strategy Consulting, there are six negative impacts from traffic fraud in particular:
- Brands waste money on ad campaigns that include a material portion of fraudulent impressions.
- Fraud complicates campaign performance analysis when human and non-human activity for ads and site visits are mixed in reports.
- Brands lose confidence in digital media.
- The supply of inventory is inflated artificially, reducing the value of legitimate publishers.
- Failing to root out traffic fraud funds criminal activity and supports organised crime.
- Fraud undermines industry self-regulation efforts, invites negative press about the industry, and potentially leads to intervention from government regulators.
In an interesting article on Econsultancy back in 2016, Patricio Robles pondered on whether ad fraud was the “drugs trade” of the 21st century. Facebook has also come under fire for its efforts in preventing fraudulent adverts and there is plenty of debate surrounding the possible involvement of Russian criminals using bots and fake ads in the 2016 US Presidential Campaign.
In 2017 Google issued refunds for ads that ran on websites with fake traffic and said it was developing a tool to give marketers more transparency about the ads bought through its platform.
According to Dr Augustine Fou, founder of the New York-based Marketing Science Group and an expert on cybersecurity: “As more ad inventory is bought and sold programmatically on ad exchanges, bad guys are finding it far easier to commit fraud because few agencies and advertisers actually check in detail the hundreds of thousands of sites on which the ads are run. It’s easier to hide in a far larger haystack.”
What Can You Do?
The first thing is to accept you’ve probably been a victim of ad fraud without even knowing it. According to In Marketing We Trust: “While no one wants to admit they’ve been duped into handing over their marketing budgets to the fraudsters, it is essential to discuss ad fraud in depth across the industry as a whole.”
Action is already being taken to combat ad fraud. There are companies producing advanced tools to detect and prevent ad fraud including Human (formerly White ops), Pixalate (for programmatic advertising) and spider.io, which was bought by Google a few years ago to fuel its efforts to clean up their platform of false ads, malware (malicious software), and bots.
The UK’s IAB started a “Gold Standard” pledge in 2017 which social media platforms including Facebook, Twitter, News UK, Google and ad tech outfit AppNexus, signed up to. The IAB’s intention is to implement a series of “best practice initiatives” that will set the standard for digital marketing campaign advertising across the board.
Tim Elkington, IAB chief digital officer, said: “Media owners need to send a clear signal to advertisers and agencies that they take their responsibilities seriously to offer the best environment possible so that brands can confidently use digital advertising.”
But the most important thing an advertiser or brand can do is focus on the real people. Marketers who take a strategic approach and look at empirical data can position their brand for greater success. Empirical data generates actual actionable consumer insights into behaviours which drive successful “social adverts” or traditional ad placement.
Advertisers can also request better transparency from publishers when it comes to traffic sourcing, requiring them to identify all third-party sources of traffic. Buyers should be able to reject sourced traffic and run dedicated advertising on a publisher’s organic site traffic.
Use third-party services to whitelist sites. As Tony Zito, CEO at Rakuten Marketing, writes in a Forbes article: “According to AdWeek, only 14% of marketers whitelist sites, with 52% estimating that 10-50% of their marketing spend is lost to fraud.”
Marketers can take transparency even further by adopting ads.txt. Ads.txt is an IAB Tech Lab program that certifies whether a buyer is purchasing from a legitimate site. Dr Neal Richter, Chief Technology Officer at Rakuten Marketing, references this in Forbes article as “like buying a Rolex” – to guarantee a genuine Rolex there are only so many companies you can buy one from.
According to Forensiq’s David Sendroff: “Digital advertising is big business and has grown to $50billion a year. The only way to sustain that growth is keeping the trust between buyer and seller.” This means everyone must play a part in combating ad fraud, including fake clicks on social media platforms, fake news, mobile ad video fraud and domain spoofing.
Facebook announced recently that it was to scrap its “Trending News” section in a bid to combat fake news. Instead it is including a breaking news label that publishers can add to stories to distinguish them. Facebook also wants to make local news more prominent.
“Going back to basics is a good start. Utilise all the tools which are available, and which we’ve discussed in this article – artificial intelligence and machine learning, black and whitelisting problematic websites, use Ad.txt, create campaigns with Beacon to get genuine website analysis.”
Marketers shouldn’t incentivise agencies to buy cheap traffic and advertisers should focus on conversions as a metric, turning off low quality/suspicious traffic, or removing it at the start of a campaign, instead of waiting to the end to claim it as a refund.
Cybersecurity companies are offering software solutions and Nigel Gilbert, VP of Strategic Development at AppNexus, believes that ad tech companies should be building their own proprietary anti-fraud software also.
And he takes it a step further. Any company which doesn’t have the resources or the ethics to invest in anti-fraud platforms shouldn’t be allowed to run an ad tech platform. Harsh perhaps, but it is contingent on all those involved within the digital marketing world working to make the experience for customers as painless and pleasant as possible.
Get started with Beacon
We are on a mission to drive transparency into the digital marketing process and give you, the marketer, the power and data needed to highlight and combat ad fraud.
By developing intelligent website traffic analysis and sophisticated tracked link generation, we aim to create a digital landscape where advertisers, vendors and marketers alike have the tool they need to highlight and combat ad fraud by differentiating between human website visits and fraudulent bot clicks.
With click fraud detection and mitigation across search and social, Beacon feeds other parts of the Martech stack with better quality data, to enable improved analytics, decision-making and results.
Get started with Beacon by taking advantage of a free traffic audit on your paid campaigns. All that’s required is a line of code to be added to your website or your client’s website and Beacon will detect non-human traffic over a 14-day period, absolutely free and without obligation.
For Genpower Beacon increased genuine human campaign visitors by 59%. With Beacon click fraud protection in place, the results were noticeable very quickly and in just two weeks the business saw a 24% reduction in fraudulent traffic. This gave them more than 20,000 more clicks from legitimate human visitors.