Back
Paid media fundamentals

Types of ad fraud

Last updated:

May 16, 2023

Learn about ad fraud, the different types of it, and how to avoid falling for it. Understand what ad fraud is and how you can protect your campaigns from being exploited by fraudulent activities.

Modern Facebook ICon Modern Twitter Icon Modern Linkedin Icon
Ben Harris

Ben Harris

Content Writer

Read about the author

Table of Contents

Example H2
Example H3
Example H4

Ad fraud (advertising fraud) is the illegal practice of artificially inflating the number of clicks or impressions on an online advertisement in order to generate revenue from advertisers. Digital ad fraud can be committed by individuals or groups, and it’s a growing problem that’s costing businesses billions of dollars every year.

Types of Ad Fraud

There are a few different types of ad fraud to be aware of:

Type of ad fraudDescriptionPrevention method
Domain SpoofingDomain spoofing occurs when bad actors impersonate well-known websites in order to serve fraudulent ads on their behalf. This type of fraud is difficult to detect because it usually happens at the DNS level. DNS servers don't keep logs of the requests they receive, so it can be hard to track down the source of the fraud.To protect your brand from domain spoofing, you should whitelist the domains you want your ads to appear on. You should also monitor your brand's digital properties for unusual activity and implement strict security measures (e.g. two-factor authentication) for all accounts with admin access.
Cookie StuffingCookie stuffing is a type of online advertising fraud that occurs when bad actors place cookies on users' computers without their knowledge or consent. These cookies are then used to serve fraudulent ads on behalf of the advertiser.Cookie stuffing can be prevented by using a reputable ad server that has built-in anti-fraud measures. You should also regularly audit your website's codebase for suspicious or unauthorised code injections.
Pixel StuffingSimilar to ad stacking, pixel stuffing is a form of ad fraud that occurs when fraudsters embed a normal-looking ad with a fraudulent pixel that is “stuffed” with multiple ads. The pixel is so small that it's completely undetectable to the naked eye. But the fraudster still collects money for "impressions" of ads that were never actually seen.To prevent pixel stuffing, you should again use a reputable ad server with built-in anti-fraud measures. You should also scrutinise all third-party pixels being added to your website's codebase and thoroughly vet any new marketing partners before working with them.
Ad StackingAd stacking occurs when bad actors place multiple ads on top of each other so that only the uppermost ad is visible to users (i.e. the ads below it are "stacked"). This type of fraud increases the risk of accidental clicks because users may not realise there are multiple ads present on the page.Ad stacking can be prevented by using an ad server that supports iframe busting or by implementing frame busting directly in your website's codebase.
Ad InjectionAd injection refers to the practice of injecting unapproved or malicious advertising onto a website without the consent of the website owner. This type of fraud can be damaging to both advertisers and publishers because it undermines the user experience and damages the credibility of the site where the ads were injected.Ad injection can be prevented by using a reputable ad server and/or implementing strict security measures (e.g., two-factor authentication) for all accounts with admin access to your website's codebase.
Geo MaskingGeo masking is when bad actors use software to artificially change their IP address so they appear to be located in a different country or region. This type of fraud allows them to bypass geo-restrictions and view content (e.g. videos) that would otherwise be unavailable in their country or region.Geo masking can be prevented by using a VPN service that uses strong encryption algorithms.
Non-Human TrafficBots are computer programs that carry out automated tasks. Non-human traffic includes any traffic generated by bots as well as any human traffic that has been artificially coerced or incentivized (e.g. through click farms). Bot traffic is often used to inflate video view and follower counts or click-through rates on advertisements.To prevent this type of invalid traffic, use an ad server with built-in bot detection mechanisms. You should also implement CAPTCHAs on forms and other sensitive areas of your website.
Click fraudClick fraud is a type of online advertising fraud that occurs when bad actors or bots repeatedly click on ads with the intention of generating revenue for the host website or draining revenue from the advertiser.Click fraud can be prevented by using a business-grade click fraud detection service. You should also regularly review your website's traffic data for any unusual or suspicious activity.
Impression fraudIn impression fraud, fake impressions are generated on an ad in order to inflate the number of times the ad is seen. This type of fraud is often committed using bots, which automatically load ads and generate fake impressions.Impression fraud may be avoided by using an ad server that includes fraud-detection capabilities. You should also inspect your website's traffic data on a regular basis for any signs of fraudulent behaviour.
Affiliate marketing schemesAffiliate marketing schemes are a type of ad fraud where affiliate marketers inetnionally drive fake traffic to a website or application. In many cases, affiliate marketers are paid per click or per impression, so they have an incentive to generate as much traffic as possible.This type of fraud can be prevented by thoroughly vetting all affiliate marketing partners before working with them.
MalvertisingMalvertising is a type of ad fraud that involves displaying malicious ads on websites or apps. These ads can redirect users to malware-infected websites, or install malware on their computers.Malvertising can be prevented by using a reputable ad server and/or implementing strict security measures (e.g., two-factor authentication) for all accounts with admin access to your website's or application's codebase.
Mobile advertising fraudMobile ad fraud specifically targets mobile apps. It can take many different forms, but some common examples include click injection, click spamming, and install hijacking.Mobile ad fraud can be prevented by using a reputable ad server and/or implementing strict security measures (e.g., two-factor authentication) for all accounts with admin access to your mobile app's codebase. Also, monitor app installs and user activity for any unusual or suspicious activity.
Video advertising fraudVideo advertising fraud occurs when bad actors use automated software to generate fake views or clicks on video ads. This type of fraud is often used to inflate view counts or click-through rates on advertisements.Invest in ad fraud prevention software that can detect and block fraudulent activity. You should also review your website's traffic data regularly for any signs of sophisticated invalid traffic.

Who Commits Ad Fraud?

Ad fraud is committed by a variety of bad actors, each with their own motivations and methods. Here are some of the most common types of ad fraudsters:

Bot Operators

These are people who use bots to commit advertising fraud. They do this by creating fake websites and sending bots to generate fake traffic to those sites. This fraudulent traffic is then sold to advertisers as real human traffic. Bot operators can make a lot of money by committing advertising fraud on a large scale. For example, the Methbot operation uncovered in 2016 was estimated to have cost advertisers $3-5 million per day.

Domain Spammers

These are people who register large numbers of domains and then sell advertising on those domains without providing any actual content. They typically use automated tools to generate fake traffic to their domains in order to sell advertising space.

Click Farms

These are companies that pay people to click on ads. The people who work for click farms typically live in developing countries and are paid very little money for their work. They are usually sat in front of a large vertically-stacked bank of mobile phones to allow them to click on as many ads as possible on each device over the course of a day. Click farms can generate a lot of fraudulent traffic, likes, and followers for very little money, making them a popular choice for ad fraudsters.

Malware Authors

These are people who create the malware used to commit various forms of online advertising fraud. The malware is typically used to generate fake traffic or to click on digital ads without the user's knowledge. Malware authors can make a lot of money by selling their malware to ad fraudsters.

Ad Fraud Tactics

Ad fraud is typically committed using one or more of the following methods:

  • Creating fake websites - Some ad fraudsters create fake websites and then use bots to generate fake traffic coming to those sites. Next, they trick advertisers into buying advertising space on those sites, resulting in the advertisers paying for fraudulent clicks.
  • Registering domain names en masse - This is a common method used by domain spammers who, as mentioned above, buy many domains and post ads on them without having any useful content.
  • Generating fake traffic - This is done by using bots to automatically load ads and generate fake impressions. This type of fraud is often used in conjunction with fake websites.
  • Hijacking legitimate websites with ad injections - Injecting malicious code into a legitimate website is another common method used to commit ad fraud. The code then causes the site to display ads from the fraudster's network, resulting in legitimate site owners getting paid for fake clicks and genuine ads getting lost in the noise.
  • Buying traffic from click farms - Ad fraudsters will buy low-quality traffic from companies that operate click farms. This traffic is then used to inflate ad impressions or clicks.

How to Fight Ad Fraud

There are a few things marketers can do to avoid falling victim to ad fraud. Some of the newest techniques include:

  • Pre-Bidding Verification. This method uses third-party verification to check if an ad impression is genuinely viewable before the auction even starts. This preemptively stops ad fraud before it has a chance to arise in the first place. 
  • Blockchain Technology. Blockchain can be used to verify the path an ad takes from the publisher to the advertiser. The transparency of the system makes it difficult for bad actors to commit ad fraud and get away with it. 
  • Machine Learning. Machine learning can be used to detect patterns in data that humans wouldn't be able to see. This technology is being used by some companies to detect ad fraud in real time.
  • Domain Whitelisting. Domain whitelisting is a method of protecting ads from being served on websites that are known to commit ad fraud. Advertisers can whitelist the domains they want their ads to appear on, and they can block domains that are known to be associated with online advertising fraud.
  • Ad fraud prevention software. There are a number of software programs that have been designed to help prevent ad fraud. These programs work by analysing data and detecting patterns that may be indicative of online advertising fraud.

While there is no surefire way to avoid ad fraud, these methods can help to reduce the chances of it occurring. 

Industry Initiatives to Fight Ad Fraud

There are a number of industry initiatives working to combat digital ad fraud. The two main initiatives are the IAB Tech Lab's Ads.txt project and the Trustworthy Accountability Group's (TAG) Certified Against Fraud program:

The Ads.txt project is an industry-wide initiative that aims to improve transparency in the digital advertising ecosystem. Ads.txt stands for Authorised Digital Sellers and it is a text file that legitimate publishers can use to list the companies that are authorised to sell their ad inventory. The goal of the Ads.txt project is to make it more difficult for bad actors to commit ad fraud by selling fake traffic.

The TAG Certified Against Fraud program is a voluntary certification program that companies can participate in to show they’re committed to fighting ad fraud. To be certified, companies must put in place a number of measures to avoid ad fraud, such as implementing ads.txt and conducting regular third-party audits.

The Impact of Ad Fraud

Ad fraud can have a number of negative consequences for businesses and the advertising industry as a whole:

  • Ad fraud wastes marketing budgets. It's estimated to cost businesses $120 billion each year in wasted ad spend. This money is being wasted on fake traffic and fake impressions that no one is even seeing.
  • Ad fraud hurts the credibility of digital advertising. When businesses lose ad revenue to bad actors, it damages the credibility of the digital marketing industry as a whole. This can make it harder for businesses to justify their marketing spend and ad budgets, making it harder for publishers to sell ad inventory.
  • Ad fraud damages the relationships between advertisers and publishers. The relationships between advertisers and publishers are built on trust. When ad fraud occurs, it can damage these relationships and make it harder for businesses to work together.

The Business of Ad Fraud

Ad fraud rates are on the rise, and it’s predicted that it will continue to increase in the coming years. There are a number of reasons why digital ad fraud is such a big business:

  • There’s a lot of money in digital advertising. Digital advertising is a multi-billion dollar industry, and there is a lot of money to be made by bad actors.
  • It is relatively easy to commit ad fraud. In many cases, it is relatively easy to commit ad fraud. For example, it requires less sophistication and technical know-how to pull off an ad fraud scheme compared to a ransomware attack.
  • There’s little risk of being caught. In most cases, there is little risk of being caught and punished for committing ad fraud. The perpetrators of ad fraud are often based in other countries, making it difficult for law enforcement to take action.
  • There is a low cost of entry. Most times, the cost of setting up an ad fraud scheme is relatively low. This makes it easy for even small-time criminals to get involved in order to make a quick profit.
  • It is highly profitable. Ad fraud can be highly profitable. In some cases, the return on investment (ROI) can be as high as 1000%. This means that for every dollar spent on ad fraud, the criminals can make back $10.

Ad Fraud Statistics

  • At least 15% of the $407 million that American companies spend on advertising campaigns is wasted due to digital ad fraud, totaling $62 million. - (businessofapps.com)
  • According to a Forrester survey, 69% of firms spending $1 million each month reported that at least 20% of their total ad spend was wasted on invalid traffic.- (businessofapps.com)
  • According to research, at least 10% of all website traffic is fraudulent. - (adpushup.com)
Solutions
Paid searchPaid SocialDisplay adsPerformance MaxExplore all channels
Resources
Customer storiesResource libraryBlogGlossaryWebinarsTools and reports
Latest from the blog
5 common myths about invalid traffic
Crawler bots and web scrapers: How to protect your site
How to run hyper-efficient branded search campaigns in 2025 [Webinar]
Lunio 2024
Privacy policyData Processing AgreementTerms of Service