Online ad fraud, why it's such a problem and what to do about it [Q&A]

Online advertising is big business and it inevitably follows that where there's money to be made the fraudsters and cybercriminals won't be far behind.

We spoke to Jacob Loveless, CEO of eCommerce specialist Edgemesh, to find out more about why ad fraud has become such an issue and what businesses can do to combat it.

BN: What is ad fraud and why is it so pervasive?

JL: Advertising fraud, or ad fraud, refers to misrepresenting, in a fraudulent way, everything from online ad impressions, to traffic, to clicks, to conversions to data in order to generate ad revenue. At its base, advertising fraud occurs any time an ad is clicked by an unintended target -- what is termed as invalid traffic (IVT).

Most often, ad fraud occurs when a bot or other automated system clicks advertising content, but it can also occur when ads are displayed to users in locations that aren’t included in the target audience. For example, clicks from users in China, when ads should have been restricted to users located in the United States.

Ad fraud is pervasive because it's not always easy to detect -- and that's by design. It's far easier to uncover invalid clicks and traffic by working with an ad fraud detection and prevention partner. If you're managing your ads yourself, you may not be aware when ad fraud occurs, and that can be costly.

BN: What's the scope of the ad fraud problem, is it a global issue?

JL: It's a global, and unfortunately, a growing problem worldwide, however, the United States is an especially lucrative target. There are a few reasons for that. The US boasts the largest advertisers globally, in addition to some of the biggest data centers and carriers in the world (such as Apple, for instance). The US is also home to some of the largest cloud providers and VPN companies. The US therefore suffers some of the highest ad fraud-caused losses in the world as a result.

In 2022, invalid traffic cost the e-commerce industry an estimated $81 billion. That figure is predicted to increase to $100 billion by 2023. Worldwide, fraudulent traffic is estimated at 10.8 percent of all web traffic -- which is just a staggering amount.

BN: What are some of the top methods bad actors use to steal ad budget dollars?

JL: One of the most common methods we see is bot-based traffic boosting. In this model, an affiliate network or influencer relationship is skewed by a large amount of automated bot-based traffic. This type of fraud is most common on PPC or pay-per-click ad campaigns.

For networks that have minimum traffic contractual commitments, or CPM-based relationships, this inflates their value and thus extracts meaningful revenues from clients. A more commonly known version of this happens on networks like the Google Display network -- where your ads are being shown across additional sites.

Something else to look out for is domain spoofing. This is a type of ad fraud that occurs when bad actors impersonate a publisher’s domain and then tricks advertisers into placing their ads while paying high prices.

BN: What should companies know about detecting ad fraud? What are some of the signs that ad budget thieves are at work?

JL: Identification is the first step to detecting ad fraud so a simple solution like automated bot detection can go a very long way. Adding in layers such as IP reputation data will help illuminate the size of the traffic problem. Another good starting point is analyzing the engaged user rate and other metrics using tools such as Google analytics.

Some of the telltale signs that ad spend thieves are targeting you are:

• High click-through rates: Check your traffic sources and the average time-on-page session of most of the clicks on your site. Then, compare what you find with the ad's performance and there’s your answer.
• Another sign is low overall performance: This involves a low or lack of significant performance from some or all of your ad channels. For example, you’re running an ad campaign using the same landing page on both Linkedin and Instagram. The channels deliver 20,000 views and 6,000 clicks each in seven days. But then you learn that your Instagram ad resulted in 600 qualified leads -- while Linkedin had zero clicks. It's unlikely you'd have that many views on both channels and have no clicks. If something like this happens, you want to investigate the sources of your ad traffic.
• A third sign is suspicious IP addresses: Let's say an ad is targeted to traffic from Italy and France -- but the traffic is coming from India or China. If you find IP addresses from regions that are outside of your proposed target, the best solution is to ban those IPs from accessing your website.

To summarize, the only way to stop wasting ad dollars is to stop showing ads to bad players; it’s that simple. That means adding real-time audience-based filtering at the source of the advertising funnel. Simple models like restricting ads to geographies and excluding known bad IP blocks, such as datacenters, is a good start -- but at the end of the day an automated and adaptive system is the only way to stay one step ahead of the growing number of bad actors.

BN: Can you give us an example of one of the worst cases of ad fraud you've seen to date?

JL: One of our new customers recently had a 24.4 percent fraud rate within the first four hours of going live on our platform. Nearly one out of every four clicks was completely invalid, and this is a company with a seven-figure monthly ad spend!

The good news is, using real-time adaptive methods we were able to drop this traffic rapidly. After two weeks their fraud rate was still high, but down by four times compared to the peak.

Again, the key is getting the information back into the advertising platform (and specifically the audience definitions) to create a flywheel of fraud deterrence. You want to detect fraud on the site, send that data to advertisers in real time, automatically adjust targeting, and repeat.

Photo credit: sindlera / Shutterstock