Ad fraud is any attempt to defraud digital advertising networks for financial gain. Scammers and criminal gangs frequently use bots and click farms to carry out ad fraud, but they’re not the only methods.
If you carry out any form of online advertising you cannot afford to ignore the impact of ad fraud.
22% of all ad spend was lost to fraud in 2023 according to The Global Cost of Ad Fraud: 2023-2028 Report by Juniper Research. The report analysed more than 78,000 datasets of digital ad activity to discover the scale of the problem from 48 countries and across eight regions.
Figures from Statista estimate that costs related to digital advertising fraud worldwide will increase to $172b by 2028 – roughly 14 per cent annually and nearly double across a five-year period from 2023. This growth of 105% highlights not only the projected increase in advertisement spend and advertisement loss, but also infers that there will be a significant increase in advertising traffic over the next five years.
The Association of National Advertisers (ANA), the representative organisation for advertisers in the US, estimates nearly 18% of all internet traffic in the marketing industry can be attributed to non-human bots which are actively engaged in ad fraud.
The use of third-party fraud mitigation platforms could recover more than $23b of advertiser spend lost to fraud. Deploying innovative fraud mitigation services such as IP monitoring, VPN (Virtual Private Network) detection, geolocation tracing, fraud scoring and blacklisting will help combat the sophistication of ad fraud.
An ad network is a technology platform that serves as a broker between a group of publishers and a group of advertisers. The ad network acts as a mediator responsible for introducing the right impression to the right buyer. It partners up with publishers (supply-side) and advertisers (demand-side) to help them reach their ad campaign goals.
Ad networks operate in conjunction with ad servers (AdTech used by publishers, advertisers, ad agencies to manage and run online advertising campaigns). Ad servers are responsible for making decisions about what ads to show on a website, then serving them. On top of that, an ad server collects and reports data (such as impressions, clicks, etc.) for advertisers to gain insights from and monitor the performance of their ads.
And it is here where the majority of vulnerabilities occur.
This occurs when an ad is displayed in such a way that it’s not obviously visible to the website user. It targets the ad networks that pay out based on impressions (views of adverts) rather than active clicks.
Used when an attack redirects a click on one advert and sends the user to a completely different ad result – effectively stealing the click. For this type of fraud to work, the attacker has to have compromised the user’s computer, the ad publisher’s website or a proxy ad server.
The attacker replaces an advert for Joe Bloggs Jeans with one for Sam Brown Chinos.
Click farms* are set up to install apps thousands of times and interact with them in bulk, thereby distorting the number of times an advert might be shown within an app – especially on mobile apps.
Scammers create botnets and fake click farms to generate thousands of false impressions on an advert or fake visits to a website which displays ads.
Imagine a thousand bots, all accessing different websites, mimicking human behaviour and looking like a real person surfing the web. The botnet creator now has a network which appears to be real and which can then be directed to a fake website.
This fake website now looks like it’s genuine, receiving high volumes of traffic from thousands of real people. Advertisers place ads on the website because they believe their ads will receive a high number of impressions.
The ad network that serves the ads pays the bot owner for the ads displayed and the scammers profit from a completely fake set-up.
Economists at the University of Baltimore have found that at present, one-in-ten ad-clicks across all eCommerce campaigns are fraudulent.
Many scams are run by illegal organisations and gangs who funnel the proceeds into organised crime, including money laundering, human trafficking and drugs.
Web Threat Protection and Ad Fraud Prevention integrate seamlessly with your security stack. By combining both products, you can rest assured your marketing, and your website are protected from malicious bots. Saving you time, money, and from risk of fraud.
Get your free protection audit Find out moreAward-winning malicious bot protection.
Cyber Award Winner 2021
AI-Enabled Data Solution of the Year – DataIQ Awards 2023 Finalist
Tech Innovation of the Year Winner – Leeds Digital Festival Awards
Cyber Security Company of the Year – UK Business Tech Awards 2023 Finalist
Best Use of AI – Tech Awards 2023 – Highly Commended
UK’s Most Innovative Cyber SME 2024 –
Runner Up
Support & Learn
Veracity Trust Network
UK, EU, GCC, US: Company No. 10209657, VAT No. GB258021617.
APAC: UEN 202424319Z
Beaconsoft Limited is registered with the Information Commissioners Office: #ZA224097.
Copyright © Beaconsoft Limited 2023 onwards