ClickCease Blog
Who is making money from ad fraud?

How Much is Ad Fraud Stealing From Your Business?

Running ads online has changed the world of business in so many ways. By making high profile advertising available to everyone, it’s produced a (relatively) level playing field, where any business large or small can get traffic fast.

But if you run online ads, you’ve probably also heard of ad fraud or click fraud.

And, if you’ve seen any news or data on the subject of click fraud, you’ll know that it cost the digital marketing industry upwards of $42 billion in 2021 alone. And that figure too is an increase on the year before…

In short, a lot of money goes missing from the marketing ecosystem thanks to ad fraud and click fraud.

But how are ad fraudsters making money from your ads? And exactly how much are you losing?

Before we go on, let’s define what these two forms of fraud mean. And before we start looking at the definition of ad fraud or click fraud, there is some crossover. 

Click fraud – a definition

Click fraud is any form of traffic on a paid ad that is either malicious or has zero chance of converting. A common form of click fraud is when a rival business owner hires a service to click your paid search results until your budget runs out and you fall off the rankings.

VPNs (virtual private networks) are also often used in click fraud or ad fraud – giving people access to ads they wouldn’t otherwise see.

Fake traffic such as bots and click farms can also be used to click your ads. The reasons can be varied, but we will look in more details at the reasons for fake traffic in a moment.

Read our guide to click fraud

Ad fraud – a definition

Ad fraud is a more organised form of click fraud, and also often uses more complex technical processes. 

A simple explanation for ad fraud is when a publisher hosts ads on their website or app and then uses fake traffic to inflate the impressions or clicks. 

They may also use other sneaky methods such as layering multiple ads on top of each other, to collect a payout on multiple ad impressions instead of one. Or, worse still, hiding multiple ads in tiny unviewable iframes, often 1×1 pixel. 

We’re also hearing more about apps which host malware and inflate the ad payout for the developer.

Another more insidious form of ad fraud is when the publisher falsifies a bid request, collecting a payout for ads that never even appeared anywhere. 

We also have a complete guide to ad fraud

How do ad fraud operators make money?

Although there are different methods of ad fraud, the result is often the same. Advertisers pay, the fraudulent party misrepresents either the ad placement or their authenticity, and collects the payout.

For example:

Fake website traffic

The easiest way for ad fraudsters to make money is to create a website and apply for a publisher account on ad ad platform. Once accepted they can then host display ads or any other form of paid media. It’s then just a simple step to inflate their traffic. 

This inflated traffic is often either hired from a bot farm/click farm, or if the site owner is particularly tech savvy, they may use a botnet for hire.

By doing this, they simply collect a nice fat paycheck from the ad platform every month. Inflated by fake traffic, of course.

Buying fake traffic for ad fraud is easy and cheap
This is how easy it is to buy fake traffic (and no this is NOT Fiverr)

Hidden ads

What if your ad was displayed on a website or app, but no-one ever saw it? Thats the issue with hidden ads. 

Ad fraud operators can use a number of methods to pack as many ads into their website real estate as possible. Common methods include:

  • Unviewable ad placements, e.g; 1×1 pixel frames
  • Ad stacking – where the top ad is viewed but there are multiple ads hidden underneath, collecting a multiplied payout for one impression
  • Displaying the ad outside of the viewable area – for example on a hidden side bar
  • Background ad loading- the Drainerbot malware generated impressions on video ads even when the app was running in the background

In-app malware

Ads within mobile apps have become the new frontier for ad fraud. As over 50% of internet traffic is now mobile it makes sense for fraudsters to leverage these apps and cram them full of fake clicks. There are a number of ways apps can be used to deliver inflated or completely fake traffic – such as using click spam or click injection.

These are methods where each organic/genuine click is amplified by the software so it seems like there are multiple clicks on the hidden ads.

Other forms of malware use install hijacking, or clickjacking, which is where an app will claim credit for an organic app install.

Read more about forms of app malware and ad fraud here.

Falsified bid requests

Some websites don’t even bother to host the ads or mess about with web traffic. Instead, they use an existing publisher ID to falsify records of ad placements.

These falsified bid requests will likely come from a genuine website or app. The account will have been verified, but will have never hosted these ads. 

In short, they collect a payout for extra ad placements that have never seen the light of day.

Who is behind ad fraud?

The catch all term ‘fraudsters’ is often used in articles discussing ad fraud. But, who are these fraudsters? And why are they being so blatant and stealing your ad budget?

Some of the answers are obvious, but some may surprise you…

who is behind ad fraud?

1. Organized criminal networks

In recent years we’ve seen the takedown of networks running sophisticated ad fraud networks, for example Methbot and Hyphbot.

As the poster boys for ad fraud, both of these campaigns made off with eye watering amounts of money. Ad fraud campaigns like this are a huge threat to the digital industry and are rightly singled out for their impact and the sheer audacity of their operations.

Often run by a mixture of hackers and other experienced criminals, this network will set up a complex system of spoofed websites and botnets to perform ad fraud 24/7. In fact, some of these criminal networks have been accused of working with certain ad platforms to increase the perceived traffic, and therefore the value of the ad placements. 

Although there have been less headlines about these organized criminal networks in recent years, rest assured that there are plenty of them out there still.

2. Black hat marketers

Black hat marketers use shady marketing practices to inflate ad traffic or boost a website profile. And as a result of this, they often use ad fraud as a tactic to impress their clients.

For example, a website publisher might want to improve their web traffic. They approach a seller advertising a service such as ‘get organic traffic fast’, which is, of course, not going to be quality traffic.

Their website traffic increases by thousands, all bots or forced redirects. The client sees an improved payout from their ad networks and is happy to pay their shady marketing team to carry on.

3. Casual ad fraud

Building a website and hosting ads is not difficult. Many ad platforms will allow you to run ads on a site with barely any traffic. Others require a certain traffic or content threshold to be reached. 

Google for example are quite strict on their content specifications and website quality for publishers.

But once ads are being hosted on a site, a publisher can use any number of methods to inflate their ad payout. The most common of these is buying fake traffic, which can be easily found online for incredibly low prices.

These sites may even host plagiarised content, or as is more likely, be built as link farms. 

Sites built as link farms often host low quality content, or guest posts, will have an absurdly high domain authority and also deliver traffic volumes that would be the envy of many established publishers.

The secret is? It’s all paid traffic – and those ad impressions are almost 100% non-human.

4. Ad networks

You may have noticed that there are A LOT of ad networks out there. Some claim to offer stratospheric levels of ad traffic – even if you’ve never heard of them and you’re pretty sure no major publisher uses them either.

These ad networks may have little to no fraud monitoring or blocking, and will also likely not care about traffic quality to publishers. They may not be performing ad fraud themselves, but their low levels of filtering enables ad fraud on their network.

Consider also the Uber lawsuit, where Uber alleged that one of the ad networks they were using to promote their product were using ad fraud practices. The case went against the ad network, finding that they had used click flooding and fake traffic to inflate their revenue. (source)

5. Paid to click sites

Working from home has become more than just a buzzword. Jobs offering easy ways to make money working from home have really bloomed in the post-pandemic landscape. And none more so than paid to click websites (PTC). 

These sites, with names like Scarlet Clix, NeoBux and SwagBucks offer people pennies per click – but then people aren’t just clicking once. Workers can make $10 to $20 per day simply by viewing ads or clicking on ad banners.

Bear in mind that the majority of the world lives on less than $10 a day – so clicking ads for a payout is a tempting proposition for many.

How much exactly does this cost the ad industry? Well, in 2020, the PTC sites paid out an estimated $12 million. In the grand scheme of the $42 billion ad fraud industry, this is nothing.

But there are also countless other scam PTC sites which pop up and disappear without paying their click workers.

6. The fake web

Another deeper issue that impacts the global digital marketing industry is the proliferation of non-human traffic and tools. 

Developers use bots and web scrapers to test their new software. The average web user might also use ad blocking software, or tools like AdNauseum that click ads as a method of obfuscation. 

Hackers and black hat marketers are constantly crawling the web to harvest data or find vulnerabilities. So the sheer volume of potential invalid traffic is huge – even without looking at the genuine fraud listed above.

Oh, and, it just keeps getting bigger.

There have been many headlines around ad fraud and click fraud

Is ad fraud a cyber crime?

As ad fraud is theft it is, by definition, a cybercrime. However, is it intentional? And more importantly, is it illegal?

As we’ve seen, ad fraud doesn’t necessarily occur because of malicious intent. A black hat marketer who just wants to inflate their site traffic isn’t necessarily focused on ad revenue – but might be delivering results to a paying client using methods that produce or enable fake traffic.

Saying that, there is plenty of ad fraud that occurs specifically for monetary gain. 

Most legal cases around ad fraud focus on wire fraud, deception and the illegal access to databases and systems. No-one has (yet) been charged with committing ad fraud specifically. 

High profile cases mostly focus on the money laundering aspect, although a famous case by Microsoft against a team of alleged ad fraudsters did focus on the ‘improper use of ads to profit by fraud’.

How much does your ad campaign lose to ad fraud?

Many of the ad platforms provide data suggesting that invalid traffic accounts for around 1% of all ad traffic. How accurate is this?

Within Google’s Analytics dashboard, they sometimes show up to 8% of traffic as fraudulent.

However, here at ClickCease, we see an average of 14% of ad clicks as non-genuine. And this is after the fraud filters used by the ad giants.

Some ad campaigns in certain industries can be even higher – over 60% fraud traffic. This often depends on the cost of keywords, the competitiveness of the industry and even your geographic location.

It’s hard to put an exact number on how much you are losing to ad fraud. But between 1 in 4 and 1 in 5 clicks are non-genuine.

Use ClickCease’s free trial to run a traffic audit and find out exactly how much you’re losing to ad fraud.

Protecting your ad campaigns

With over $42 billion lost to ad fraud and click fraud in 2021, it’s no longer seen as a niche concern by digital marketers.

Making sure that your ad budget doesn’t fall into the wallets of ad fraudsters means taking precautions.

ClickCease offers the industry standard in click fraud protection, protecting Google, Microsoft and Meta for Business (Facebook) ads. 

Want to know how much fake traffic affects your ads?

Run a free traffic audit with ClickCease.

Oli Lynch

Since working for ClickCease, Oli has become something of a click fraud nerd, and now bores people at parties with facts about click farms and internet traffic stats. When not writing about ad fraud, he helps companies to optimise their marketing content and strategy with his own content marketing business.

Add comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Block click fraud from ruining your campaign!

Most discussed