Adopting the definition provided by IAB Polska in the report „Advertising fraud. Whitepaper.” ad fraud is „all intentional activities related to advertising (display advertising, video advertising, advertising in applications, performance advertising and content marketing) in a place (website / application) or to a target group other than established in the contractual conditions. Such action generates a direct financial loss for the advertiser (also for the publisher) or a loss of potential earning”.
There are many types of frauds related to marketing. Some of them relate to specific types of devices on which ads are displayed, other techniques used in a given scam and others relate to specific moments of the conversion path. In addition, many of them will fit into several different classifications. And yet, in discussing them, it is good to introduce some form of order. Therefore, in the text below we will try to discuss various types of advertising frauds, dividing them into 4 groups: fraud related to displaying an ad (Impression fraud), regarding data provided to the advertiser by a potential customer or a fraudster (Data fraud), related to a false conversion (Conversion fraud) and related to assigning a given event to the appropriate provider or channel (Attribution fraud). We hope that this approach to the subject will allow us to present it in a comprehensive and at the same time legible way.
This group includes all scams consisting in displaying marketing messages in an inappropriate or inconsistent with the will of the advertiser. The most popular frauds in this category include:
- Ad injection - is a form of fraud in which fraudsters use malicious software to „inject” advertisements where they shouldn’t appear or replace existing advertising materials with other.
- Ad stacking - ads are literally stacked on top of each other. This allows scammers to display multiple ads in one place and generate profit for impressions that weren’t really visible to the audience at all, because the user can only see one ad visible at the top of the stack.
- Auto Impressions - relies on malware displaying advertisements in the background. These types of scams are common on mobile devices - marketing materials will be displayed in the application even when it isn’t in use.
- Unlawful use of the image of a well-known brand - fraudsters counterfeit profiles of well-known brands on Social Media in order to sell counterfeit products or collect user’s personal data in contests organized on them. This type of „scam” doesn’t apply to displaying the advertiser’s marketing material, but it can be very harmful to the advertiser. Fraudsters impersonating large, recognizable companies gain credibility in the eyes of consumers who are more willing to provide information about themselves.
- BOTs / non-human traffic - this category covers all the frauds that involve displaying an advertisement to fake users, for example BOTs pretending to be humans.
- Displaying ads surrounded by controversial content - this type of scam can be very harmful to Brand Safety. It consists in displaying the advertiser’s message among the content of questionable quality, often containing content considered controversial, vulgar, etc.
- Domain spoofing (most often existing popular internet domains or websites of well-known brands). Its simplest form is URL substitution (fraudster declares that the ad will be displayed on a specific domain when in fact he intends to use a different, less advantageous site) and bogus pages are often created with an address very similar to the „original” one. Another type of domain spoofing is the simultaneous placement of an ad in many domains, although the advertiser knows only about one, usually the best-quality one. Yet another domain spoof scam is the placement of advertisements inside premium websites without their administrators knowing.
- False websites / False accounts in Social Media / False influencers - this fraud consists in creating fake websites or fanpages, and then using BOTs to raise their statistics and sell advertising space on them. Additionally, fraudsters use programs they have created to automatically generate artificial displays of advertisements placed in them, manifestations of user activity, etc.
- Geo masking and other localization scams - Fraudsters pretend (mainly by spoofing IP addresses or server locations) that the ad is displayed to people in a certain geographic location, while in fact the content is displayed elsewhere, often allowing them to get higher prices or participate in a specific campaign.
- Pixel stuffing - this scam involves creating tiny advertising placements (usually 1x1 pixels) and placing one or more ads in them that will be invisible to the human eye.
This group includes frauds consisting in providing the advertiser with incorrect data, either as part of various forms of affiliate marketing to defraud payment for inappropriate traffic, or as part of unfair competition so that the advertiser is forced to handle incorrect leads. Data frauds category includes:
- Invalid Traffic - various forms of providing the advertiser with erroneous manifestations of user activity - both traffic generated by BOTs, dishonest publishers, and random events - e.g., resulting from human errors (incorrect data, accidental clicks, etc.). The key here is that the advertiser can’t use the data - because it’s incorrect and it won’t end up with sell.
- Leads containing fictitious data - that is, advertiser contact forms filled with false data, whether using specially designed programs or by manual filling in by real people.
- Recycled leads - most often they consist in using personal data collected on specially created websites or from old databases and sending them simultaneously to many advertisers in order to increase the chances of conversion. It should be noted, however, that such action will be a fraud only if the advertiser doesn’t agree to this form of traffic acquisition.
- Traffic generated by BOTs - any advertising fraud consisting in providing the advertiser with artificial manifestations of user activity, in fact, generated by specially designed programs.
- Incentivized traffic - reports from people sharing their identity for commercial purposes through various types of programs that allow "easy earning on the Internet" or in exchange for another benefit (eg access to content is conditional upon subscription or application installation). Another variation of such fraud is traffic coming from competitions organized by the fraudster. In both cases, such users won’t be interested in the advertiser’s offer, and the traffic will be of very poor quality. Whether such action will be a fraud depends on whether the advertiser is being lied to by the publisher.
- Providing real data, but without the consent of the people they relate to - this type of fraud can be particularly dangerous due to its consequences.
Scams in this category create fake events and the entire conversion path. Impressions, clicks, installations, in-app events, and even users are therefore fake and of no value to the advertiser. Among the frauds related to inappropriate conversions, we can distinguish, among others:
- False sales and abuses related to product returns - transactions that aren’t paid or are entered into with the intention of cancellation and refund. Such scams use the possibility of withdrawing from a distance sales contract, of course, after the dishonest publisher receives remuneration for generating a sale.
- Click / download / installation farms - most often located in poorer parts of the world, places where false conversions are created on a mass scale, whether via devices and appropriate software (BOTs) or very low-paid employees.
- Image embedding is a scam where fraudster replaces the source code of an image with his affiliate link and then places that image on a frequently visited website, for example in the comments section. Although the image won’t be loaded (it will only show a corrupt image icon or a blank space), the browser will still follow the link and read and act on the cookies it uploaded, creating fake conversions.
- Device spoofing - fraudster creates a fake IP address, browser data, resets cookies, etc., all to make one device pretend to be many. Thanks to this, the manifestations of activity generated on it (clicks, leads, views, downloads, etc.) aren’t recognized as duplicates, and the advertiser will settle accounts for each of them, even though they are worthless to him.
Contrary to the conversion frauds discussed above, they relate to actual conversions made by real users interested in the advertiser’s offer. Fraud from this group consists of the theft of attribution, i.e. the attribution of remuneration for a given conversion to a specific source.
- Brand Bidding - this is quite a primitive form of attribution fraud, in which fraudster buys keywords literally constituting the name of the advertiser’s store in the search results. The scammer intends to hijack some of the organic traffic and receive compensation for customers already determined to visit the advertiser’s website.
- Click flooding, also known as click spamming, it relies on the installation of malware on user’s devices, resulting in a large number of fraudulent clicks that could potentially appear in genuine conversion paths. Such mass clicks are sent from an infected device, or by impersonating such a device, randomly or concern strictly selected advertisers, but in both cases fraudster hopes that some part of those clicks will turn out to be hit and the conversions generated from another source will be assigned to him. As a result of such actions, the scammer will often receive profits for conversions that actually come from organic traffic, because his false click will be the only one visible on the conversion path. Click spam also has variant called "affiliate spam" - it consists in creating an AdWords advertisement for words not directly related to the brand, but used by it in SEM PPC campaigns. If the user clicks the first link in the search results leading to a given store, a conversion that is otherwise considered to be organic will be assigned to a dishonest publisher.
- Another type of click flooding is cookie spamming - a technique consisting in leaving a large number of specially prepared codes in user’s cookies. Such fake codes create an artificial history of the browser, hoping that some of them will coincide with the actual intentions of the user (or the action of another publisher) and convert.
- Install hijacking, also known as Click Injection, is a bit more complicated. Malware is installed on the device, and then by using install transmissions, the click fake is injected right after the download, but before the first launch of the application. Thanks to this, it appears as the last one in the attribution path and allows to assign a download to the fraudster. Another form of hijacking someone else’s attribution is conversion hijackin - forcing an interaction just before making a purchase on a website not belonging to a given publisher - for example, a pop-up that pops up before going to the cart. Of course, it will be fraudulent only if the website administrator isn’t aware of such action or doesn’t agree to it.