performance5 types of ad fraud

How much ad revenue do you lose every day to ad fraud? Odds are it’s more than you think. Ad fraud is on the rise and bad players are finding new and sneaky ways to rob advertisers and publishers of their money. 

To put it into perspective,ad fraud is expected to reach over $23 billion dollars this year potentially reaching up to $32 billion by 2022. In addition, 93% of all mobile transactions in 2019 were flagged as fraudulent. That’s only the tip of the proverbial ad fraud iceberg.

credit: The Drum

You might think losses caused by ad fraud are coming from the pockets of advertisers alone. However, at the end of the day, the publishers are the ones losing revenues.

Why should publishers care about ad fraud?

The billions of dollars that land in the pockets of ad fraudsters are coming directly out of yours. Every cent bad actors rob from advertiser campaigns is a cent stolen from legitimate publishers such as yourself. There are plenty of reasons why ad fraud finding its way onto your publication can do quite a bit of harm and might hurt you even if it doesn’t. 

For a publisher directly impacted by ad fraud injected into one or more of their digital assets the repercussions can be catastrophic. Cybercriminals have found ways to circumvent the tenuous trust between publishers and advertisers using a variety of methods that create fraudulent user activity made to appear as legitimate. Moreover, publishers that let ad fraud infiltrate their digital assets have even more to lose – the trust of direct advertisers, partners and users.

Another reason you should pay attention to ad fraud trends is the loss of advertiser trust in automated buying. The loss of ad budgets to fraudsters is causing advertisers to avoid RTB (real time bidding) and other types of automated ad buying. Over a third (37%) of advertisers recently surveyed said that fraud was one of the worst parts about automated ad buying

Advertisers’ justified fear of automated ad buying impacts the small and medium publishers most. While larger publishers are sustained by multiple direct advertising deals, smaller publishing businesses depend on public marketplaces to hit their target fill rate.

There is little publishers can do by themselves to stem the global tide of ad fraud but not all hope is lost. As a legitimate publisher, there are steps you can take to protect your digital assets from ad fraud. The first step is getting to know “the enemy” and understanding the most prevalent types of ad fraud today and in the near future.

Top 5 Types of Ad Fraud to Watch Out for in 2020

1. Bots / emulators

“Bots” or emulators are automated programs that run on servers, mobile phones and devices infected with malware created specifically for this purpose. The goal of these malicious bots is to generate fake user actions, mimicking engagement within applications or websites. These actions can include fake ad impressions or even manufactured in-app purchases without the user being any the wiser. 

Fortunately, bots today are not capable of truly mimicking human interaction, so the evidence of their presence is not too difficult to find.

Credit: Scalarr

2. SDK Spoofing

SDK Spoofing is a relative newcomer to the ad fraud game but by far one of the most dangerous to the ad ecosystem as a whole. SDK Spoofing was created in response to other more common methods of ad fraud becoming more and more preventable. It is also one of the few methods of ad fraud that is considered hacking, as it can theoretically simulate practically any event or user interaction through mimicry of data streams.

Without getting into too much technical detail, this type of ad fraud is based on bad actors hacking MMPs (Mobile Measurement Platforms) data stream to eavesdrop on the communications with supply and demand side platforms. The bad actors then replicate the data and fool the publisher’s ad server into thinking they are getting a legitimate request. 

Three of the primary methods for SDK spoofing for ad fraud and other malicious activities are: botnets, Trojan code hidden in an app installation files, or a developer unknowingly using a Trojan SDK within one or more of their apps.

3. Click Spamming

Click Spamming is a method by which fraudsters generate a massive number of fake ad clicks. They defraud publishers’ and advertisers’ systems into thinking a user has clicked on an ad when they haven’t. 

When a publisher has a fraudster operating on their digital asset, the fraudster sends signals in the form of impressions-as-clicks to the advertiser that mimic real user engagement. This is performed in one of two techniques. In one, the user sees the ad but doesn’t click on it and a fake click is communicated to the advertiser as if it took place. The second, perhaps even more worrying is one in which the user has no idea of the ad’s presence at all. 

Seeing the artificially increased click-rate, advertisers (or applications used by them) then increase their spending to these publications to take advantage of the apparent rise in interest. However, once they see the performance reports for said ad-fraud infected app or website, they realize the clicks were fake. Naturally, they block the publication in their ad management platform causing an honest publisher to lose revenues and advertiser trust.

4. Click Injections

Click Injection is a more complex and sophisticated version of click spam that is also sometimes called attribution fraud. In this case, a malicious app masquerading as a legitimate one imposes itself on the “click to run” command after a user finishes installing an app that was promoted to them.The fraudsters then claim the “credit” for the user action and the advertiser pays the wrong source for the user action taken.

5. Device Impersonation

OTT apps like Netflix, Hulu, and other platforms are constantly growing in popularity and profitability. So it’s no wonder that in terms of the highest CPM, one class of device targeting is far above the rest. Those are OTT apps (like Roku) and CTVs (connected televisions). Fraudsters are looking to capitalize on this.

A perfect example is a case of ad fraud that made headlines recently: the so-called “DiCaprio” ad fraud involving the popular gay dating app Grindr. DiCaprio was an ingenious ad fraud scheme that duped publishers including TMZ, CBS News, Fox, and PBS, among others. 

Secretly taking advantage of devices belonging to users on the popular LGBTQ dating app Grindr, fraudsters tricked advertisers into losing millions. The fraudsters had advertisers thinking they were bidding on video ad inventory on Roku-connected CTV and OTT devices. In reality, it was falsified ad placement secretly running video ads underneath the Grindr app. Making matters even worse, it also drained the user’s batteries and data plans.

How can a publisher stay ahead of ad fraud?

Combating ad fraud is a mutual effort on behalf of the entire ad tech industry. It’s not only about protecting your own publication, but helping creating a better ad market for everyone. Daunting as fraud may look at first, there’s quite a bit you can do to protect your business.
In addition to protections like ads.cert, you should consider implementing a solution that is both current and constantly evolving to deal with new threats as they emerge in the ad ecosystem.