Ad fraud is one of the most pervasive issues in the industry today. The World Federation of Advertisers has estimated that by 2025 more than $50 billion annually will be squandered on ad fraud. As advertising spend increasingly prioritizes digital media, ad fraud continues to spread and evolve, reaching into every facet of digital advertising.
Publishers are particularly impacted by this issue. Ad fraud cuts into publisher resources and monetization opportunities, and it has the potential to reduce trust in ad-supported content if left unchecked. With so much at stake, publishers need to be vigilant and proactive to understand the implications of ad fraud and how it occurs. In this breakdown, we’ll take a look at understanding fraud and its impacts. From there, we’ll explain what publishers can do to combat fraud and prevent it from negatively impacting their revenue and reputation.
What is Ad Fraud? Identifying and Understanding the Problem
Ad fraud is generally defined as the deliberate improper diversion of ads from their intended audience or location for financial gain, a practice which is generally conducted by cybercriminals. Instances of ad fraud occur across all channels, including desktop, mobile, tablet, and Connected TV (CTV). Occurrences of ad fraud vary by platform, but all result in wasted advertiser spend and potential damage to the publisher’s reputation and revenue.
Ad fraud is also known as Invalid Traffic (IVT), a term broadly referring to online activity that does not come from a human user. IVT can be broken down into two subtypes which the Media Rating Council (MRC) have designated as General Invalid Traffic and Sophisticated Invalid Traffic. That’s quite a lot of acronyms, so let’s break it down.
General Invalid Traffic (GIVT), is IVT that can be identified through standard means of detection. This can take the form of IAB bots/spiders, unknown browsers, known fraud sites and data-center traffic, and other similar non-human activity.
Sophisticated Invalid Traffic (SIVT), is not simply IVT that can flawlessly order wine at a restaurant without looking at the list. In all seriousness, SIVT is defined by the MRC as IVT that is difficult to detect and requires advanced analytics and/or significant human involvement to identify. Examples include hijacked devices, injected ads (in which ads are surreptitiously inserted into web pages without permission or payment), and emulators (impressions that fraudulently appear to come from mobile devices).
While GIVT includes neutral and fraudulent activity, SIVT represents an intentional and insidious fraud that actively aims to mimic human traffic to avoid detection. By definition, GIVT can be addressed using standard means of detection, but SIVT requires a more proactive approach to detect and address. For an insight into identifying and addressing SIVT as it relates to Connected TV (CTV), learn about how fraud is on the rise in the emerging CTV space in a recent case study.
Now that we know what ad fraud is, let’s take a look at the most commonly detected ad fraud techniques affecting publishers and how they are perpetuated.
Bot Traffic. Simply put: robots. Or rather, computers programmed to mimic a user, which sounds a bit like the plot of a sci-fi movie. These bots can be programmed to view and click on ads, watch video, and siphon money from advertising transactions. And bot traffic is a big issue - recent research has found that bot traffic makes up nearly a quarter of overall web traffic.
Domain Spoofing. This form of ad fraud takes place when a fraudster masquerades as a legitimate domain in order to misrepresent low quality inventory as high quality. Buyers are then deceived into purchasing low quality inventory at an inflated cost. Domain spoofing is also commonly used to mask unsafe sites and monetize their traffic. Because these fraudsters mimic the URLs of premium publishers to trick advertisers, they undermine the trustworthiness and reputation of publishers and devalue quality inventory.
Ad Injection. Ad injectors place fraudulent ads on a publisher’s content without the publisher’s permission or knowledge. Accomplished mostly through malware or other malicious applications, the injected ads can replace existing ads and cost the publisher valuable revenue. A 2015 Google report identified that over 5% of unique IP addresses accessing Google sites were affected by ad injection.
Ad Placement Fraud. Ad placement fraud is a catch-all term used to describe several ad fraud techniques that manipulate a publisher’s inventory to generate revenue. Invisible/hidden ads take the form of ad stacking (displaying multiple ads on top of each other), pixel stuffing (serving ads on a 1x1 pixel frame), or displaying ads outside of the viewport area. Ad placement fraud can also include impression laundering, which is a technique that obfuscates the real website where an ad is displayed.
Of course, the above is by no means an exhaustive list. Ad fraud is a constantly evolving practice, meaning that detecting and blocking it is a moving target. It is therefore imperative that publishers and other industry professionals understand what ad fraud is and the forms that it takes so that they can identify and address instances of fraud quickly and effectively. As a wise G.I. Joe once said, “knowing is half the battle”.
DV Case Study: A Multi-Pronged Attack
In late 2018, DoubleVerify’s Fraud Lab identified a new bot network designed to generate a high volume of non-human traffic across hundreds of websites. In this scheme, bots scraped the content of legitimate websites (including premium publishers) and generated falsified sites, with URLs made to appear original. The falsified sites would display the original, scraped content coupled with fraudulent ad slots added to the page. DV was able to quickly alert impacted clients and partners and immediately set up mechanisms to protect them against this type of fraud.
This fraud scheme was especially interesting in that it was specifically designed to take advantage of the ads.txt framework in order to commit fraud that would not trigger ads.txt violations. This fraud was perpetrated by fraudsters exploiting authorized third-party inventory resellers by obtaining access to accounts that had been included on the legitimate site’s ads.txt file. Once accepted, fraudsters then sold their invalid inventory through these networks. In most cases, the ad slots appeared to originate from a valid site. Because the fraudsters targeted a reseller that was listed on the valid site’s ads.txt file, their legitimacy was further reinforced.
Situations like this demonstrate that it is important for publishers to employ many strategies surrounding ad fraud. In this case specifically, employing the single solution of ads.txt was not enough to prevent some publishers from falling victim to this scheme. By leaning on a multitude of approaches, including commitment to transparency, following best practices, and using third-party vendors to help detect fraud, publishers can better protect themselves from both existing and emerging threats.
How Ad Fraud Harms Publishers
Publishers face several compounding issues when trying to understand the impact of ad fraud. We have previously laid out specific techniques fraudsters use that can wreak havoc on a publisher, but ad fraud creates an even greater threat which goes beyond individual publishers. The presence of fraud contributes to a general muddying of the digital advertising ecosystem and an erosion of trust that makes it that much more difficult to operate within the industry.
Fraudsters, unfettered from obligation to legitimate content creation, offer inventory that falsely appears to be high quality while being offered at low rates. This forces legitimate publishers to follow suit, thus artificially deflating the marketplace and compressing publishers’ margins. In this inhospitable environment where it is increasingly difficult to determine high quality inventory from sophisticated ad fraud schemes, publishers stand to lose a great deal of potential revenue. But more than the money, ad fraud harms publishers by putting their good name on the line.
The fight against fraud is a constant battle that threatens publisher reputation and revenue. Luckily, the right tools and knowledge can help the industry sniff out and reject bad actors in digital advertising.
Request a demo to learn how DV Publisher Suite helps publishers detect and diagnose fraudulent impressions in real-time.