Running ads online has changed the world of business in so many ways. Making high-profile advertising available to everyone has produced a (relatively) level playing field where any business, large or small, can get traffic fast.
But if you run online ads, you’ve probably also heard of ad fraud or click fraud.
And, if you’ve seen any news or data on the subject of click fraud, you’ll know that it cost the digital marketing industry $188 billion in 2023 alone. This number is expected to keep growing by about 14% annually until 2028.
In short, a lot of money goes missing from the marketing ecosystem thanks to ad fraud and click fraud.
But what is ad fraud, and what is click fraud? Before we go on, let’s define what these two forms of marketing fraud mean and what’s the difference between them.
Ad fraud – a definition
Ad fraud is any form of fraudulent activity that increases engagement numbers on pay-per-click (PPC) ads online. Fraudsters usually aim to artificially inflate the number of impressions, clicks, or conversions to deceive advertisers into paying for non-existent interactions.
A simple example explanation for ad fraud is when a publisher hosts ads on their website or app and then uses fake traffic to inflate the number of impressions or clicks.
They may also use other sneaky methods, such as layering multiple ads on top of each other, to collect a payout on multiple ad impressions instead of one. Or, worse still, hiding multiple ads in tiny unviewable iframes, often 1×1 pixels.
We’re also hearing more about apps that host malware and inflate the ad payout for the developer.
Another more insidious form of ad fraud is when the publisher falsifies a bid request, collecting a payout for ads that never appear anywhere.
We also have a complete guide to ad fraud…
Click fraud – a definition
The main difference between click fraud and ad fraud lies in their respective targets. Ad fraud exclusively targets paid online ads, whereas click fraud extends its reach to include organic content, such as links on social media platforms or within apps.
Fake traffic, such as bots and click farms, can often be used to click your links, apps, buttons, or ads. The reasons can be varied, like compromising your marketing efforts, gaining a competitive advantage, or making money from your promoted links or ads.
A common example of click fraud is where an affiliate marketing partner will use click bots to boost the clicks on your product link they place throughout their content.
Read our guide to click fraud…
How do ad fraud operators make money?
Although there are different methods of ad fraud, the result is often the same. Advertisers pay, and the fraudulent party misrepresents either the ad placement or their authenticity and collects the payout.
For example:
Fake website traffic
The easiest way for ad fraudsters to make money is to create a website and apply for a publisher account on an ad platform. Once accepted, they can then host display ads or any other form of paid media. It’s then just a simple step to inflate their traffic.
This inflated traffic is often hired from a bot farm/click farm, or if the site owner is particularly tech-savvy, they may use a botnet for hire.
By doing this, they simply collect a nice fat paycheck from the ad platform every month. Inflated by fake traffic, of course.
Hidden ads
What if your ad was displayed on a website or app, but no one ever saw it? That’s the issue with hidden ads.
Ad fraud operators can use a number of methods to pack as many ads into their website real estate as possible. Common methods include:
- Unviewable ad placements, e.g., 1×1 pixel frames
- Ad stacking – where the top ad is viewed, but there are multiple ads hidden underneath, collecting a multiplied payout for one impression
- Displaying the ad outside of the viewable area – for example, on a hidden sidebar
- Background ad loading – the Drainerbot malware generated impressions on video ads even when the app was running in the background
In-app malware
Ads within mobile apps have become the new frontier for ad fraud. As over 50% of internet traffic is now mobile, it makes sense for fraudsters to leverage these apps and cram them full of fake clicks. There are a number of ways apps can be used to deliver inflated or completely fake traffic – such as using click spam or click injection.
These are methods where the software amplifies each organic/genuine click, so it seems like there are multiple clicks on the hidden ads.
Other forms of malware use install hijacking or clickjacking, which is where an app will claim credit for an organic app install.
Read more about forms of app malware and ad fraud here.
Falsified bid requests
Some websites don’t even bother to host the ads or mess about with web traffic. Instead, they use an existing publisher ID to falsify records of ad placements.
These falsified bid requests will likely come from a genuine website or app. The account will have been verified but will have never hosted these ads.
In short, they collect a payout for extra ad placements that have never seen the light of day.
Who is behind ad fraud?
The catch-all term ‘fraudsters’ is often used in articles discussing ad fraud. But who are these fraudsters? And why are they being so blatant and stealing your ad budget?
Some of the answers are obvious, but some may surprise you…
1. Organized criminal networks
In recent years, we’ve seen the takedown of networks running sophisticated ad fraud networks, for example, Methbot and Hyphbot.
As the poster boys for ad fraud, both these campaigns made off with eye-watering amounts of money. Ad fraud campaigns like this are a huge threat to the digital industry and are rightly singled out for their impact and the sheer audacity of their operations.
Often run by a mixture of hackers and other experienced criminals, this network will set up a complex system of spoofed websites and botnets to perform ad fraud 24/7. In fact, some of these criminal networks have been accused of working with certain ad platforms to increase the perceived traffic and, therefore, the value of the ad placements.
Although there have been fewer headlines about these organized criminal networks in recent years, there are still plenty of them out there.
2. Black hat marketers
Black hat marketers use shady marketing practices to inflate ad traffic or boost a website profile. And as a result of this, they often use ad fraud as a tactic to impress their clients.
For example, a website publisher might want to improve their web traffic. They approach a seller advertising a service such as ‘get organic traffic fast,’ which is, of course, not going to be quality traffic.
Their website traffic increases by thousands, all bots or forced redirects. The client sees an improved payout from their ad networks and is happy to pay their shady marketing team to carry on.
3. Casual ad fraud
Building a website and hosting ads is not difficult. Many ad platforms will allow you to run ads on a site with barely any traffic. Others require a certain traffic or content threshold to be reached.
Google, for example, is quite strict on its content specifications and website quality for publishers.
But once ads are being hosted on a site, a publisher can use any number of methods to inflate their ad payout. The most common of these methods is buying fake traffic, which can be easily found online for incredibly low prices.
These sites may even host plagiarised content or, more likely, be built as link farms.
Sites built as link farms often host low-quality content or guest posts, have absurdly high domain authority and deliver traffic volumes that would envy many established publishers.
The secret is? It’s all paid traffic – and those ad impressions are almost 100% non-human.
4. Ad networks
You may have noticed there are A LOT of ad networks out there. Some claim to offer stratospheric levels of ad traffic – even if you’ve never heard of them and you’re pretty sure no major publisher uses them either.
These ad networks may have little to no fraud monitoring or blocking and will also likely not care about traffic quality to publishers. They may not be performing ad fraud themselves, but their low levels of filtering enable ad fraud on their network.
Consider also the Uber lawsuit, where Uber alleged that one of the ad networks they were using to promote their product was using ad fraud practices. The case went against the ad network, finding that they had used click flooding and fake traffic to inflate their revenue. (source)
5. Paid-to-click (PTC) sites
Working from home has become more than just a buzzword. Jobs offering easy ways to make money working from home have really bloomed in the post-pandemic landscape. And none more so than paid-to-click (PTC) websites.
These sites, with names like Scarlet Clix, NeoBux, and Swagbucks, offer people pennies per click – but then people aren’t just clicking once. Workers can make $10 to $20 per day simply by viewing ads or clicking on ad banners.
Bear in mind that most of the world lives on less than $10 a day – so clicking ads for a payout is a tempting proposition for many.
How much exactly does this cost the ad industry? In 2020, the PTC sites paid out an estimated $12 million. In the grand scheme of the $42 billion ad fraud industry, this is nothing.
But there are also countless other scam PTC sites that pop up and disappear without paying their click workers.
6. The fake web
Another deeper issue that impacts the global digital marketing industry is the proliferation of non-human traffic and tools.
Developers use bots and web scrapers to test their new software. The average web user might also use ad-blocking software or tools like AdNauseam that click ads as a method of obfuscation.
Hackers and black hat marketers constantly crawl the web to harvest data or find vulnerabilities. So, the sheer volume of potential invalid traffic is huge – even without looking at the genuine fraud listed above.
Oh, and it just keeps getting bigger.
Is ad fraud a cybercrime?
As ad fraud is theft, it is, by definition, a cybercrime. However, is it intentional? And more importantly, is it illegal?
As we’ve seen, ad fraud doesn’t necessarily occur because of malicious intent. A black hat marketer who just wants to inflate their site traffic isn’t necessarily focused on ad revenue – but might be delivering results to a paying client using methods that produce or enable fake traffic.
Saying that plenty of ad fraud occurs specifically for monetary gain.
Most legal cases around ad fraud focus on wire fraud, deception, and illegal access to databases and systems. No one has (yet) been charged with committing ad fraud specifically.
High-profile cases mostly focus on the money laundering aspect, although a famous case by Microsoft against a team of alleged ad fraudsters did focus on the ‘improper use of ads to profit by fraud.’
The damage that ad fraud causes to businesses
According to the ad fraud definition, it’s an online threat that affects PPC advertisers and platforms. As such, it’s expected that it primarily impacts advertisers’ pockets negatively.
They dedicate a certain amount (often significant) of their marketing budget to digital paid ads and expect, in return, to see some positive metrics. A high click-through rate (CTR), followed by website visits and, of course, conversions, leads to a higher return on investment (ROI) from the particular campaign.
However, when fraudsters attack, advertisers pay for fake interactions instead of reaching potential customers. Naturally, the financial damage is the most concerning one for PPC advertisers and business owners.
But there’s more than just losing money as a result of ad fraud. The irrelevant clicks are distorting both marketing and business analytics, leading to making uninformed decisions, missed business opportunities, and even a compromised brand reputation.
In a nutshell, we can classify the main consequences of both click fraud and ad fraud into the following categories:
- Financial losses
- Ineffective ad campaigns
- Distorted analytics
- Decreased ROI
- Uninformed decision making
- Missed business opportunities
- Compromised brand reputation
How much does your ad campaign lose to ad fraud?
Ad fraud impacts ad campaigns differently. This often depends on the cost of keywords, the industry’s competitiveness, and even your geographic location.
In-depth research from CHEQ reveals that the Gambling and Gaming sector faces the highest fraud rates at 49.1%, while Advertising and Marketing see a lower 7.9%.
It’s hard to put an exact number on how much you are losing to ad fraud. But between 1 in 4 and 1 in 5 clicks are non-genuine.
It’s hard to put an exact number on how much you are losing to ad fraud. But between 1 in 4 and 1 in 5 clicks are non-genuine.
Protecting your ad campaigns
With over $42 billion lost to ad fraud and click fraud in 2021, digital marketers no longer see it as a niche concern.
Making sure your ad budget doesn’t fall into the wallets of ad fraudsters means taking precautions.
ClickCease offers the industry standard in ad fraud and click fraud protection, protecting Google, Microsoft, and Meta for Business (Facebook) ads.
Want to know how much fake traffic affects your ads?
