The aim of advertising is to deliver the right message to the right person in the right environment. Fraudsters use various techniques to compromise all of these three core values across various platforms and devices, resulting in wasted advertiser spend and damaged reputations for susceptible publishers. Below are the top 10 most common types of fraud detected.
1 - BOTS
Short for robots, bots are software programmed to intentionally view ads, watch videos, click on ads, and will be used as a tactic to siphon off money from advertising transactions. Malicious bots are becoming more sophisticated; they are even forming networks, with each running one or more bots. The recently discovered 404bot fraud operation is a prime example of this.
These bots are viruses that can be installed unknowingly on a computer and then use computer resources in an unnoticeable way. Most people with infected computers are completely unaware.
Bot traffic is a useful tool for fraudsters as it is hard for the industry to identify who is behind this traffic.
2 - DOMAIN SPOOFING
Domain spoofing is a form of fraud where a fraudster impersonates a company’sdomain in order to pass off low quality inventory as high quality. Fraudsters fool buyers into thinking their ad is going to a premium site, when in reality it’s going to a low-quality website. The impressions and the users are real, but the inventory is falsely represented and therefore purchased at a much higher cost.
3 - PIXEL STUFFING
Serving one or more ads, or an entire ad-supported site, in a single 1x1 pixel frame so ads are invisible to the naked eye.
4 - AD STACKING
Placing multiple ads on top of each other in a single placement, with only the top ad being viewable. The advertiser is paying for impressions even if the user is not seeing the ads.
5 - LOCATION FRAUD
Advertisers pay a premium for their ad to be served in a particular region, but fraudsters will send false location information so the ad actually serves elsewhere. For example, users might be surfing the web on their mobile device in New York City, and see ads for last minute tours of Alcatraz, California nearly 3,000 miles away.
6 - COOKIE STUFFING
Cookies are a method of tracking user behaviour, to help determine what advertising effort led to a conversion (click, purchase, etc.) or what a user’s interests are.
Cookie stuffing can happen in many different ways. Fraudsters may try to game attribution models by adding a cookie to a user from an entirely different website from the one that the user originally visited. If the user later converts, the website associated with the stuffed cookie gets credit — and gets paid — for that action.
7 - USER AGENT SPOOFING
Every request for a web page is sent with a “header” that provides some basic information about where the page is being loaded. One such piece of information is a description of the browser: its type, version, operating system, even plug-ins.
In user-agent spoofing, this description is modified to obfuscate information about the browser being used, which can interfere with user targeting. It’s most often used by bots trying to hide their tracks.
8 - MALICIOUS APPS
Apps that generate fraudulent impressions without the user knowing. This can be thought of as a kind of mobile malware.
9 – CLOUD HOSTING
In-app impressions are displayed on devices hosted in the cloud, generating ad revenue for the app creators. Fraudsters are able to control and change signals such as device ID and geo-location, making it appear as though there are a variety of different devices and therefore users, while in reality there is one hijacked device in the cloud.
10 – APP NAME SPOOFING
Similar to domain spoofing in display, apps can submit a false app identifier to the bidding platform. This interferes with detection of apps utilising background services to load ads, as well as brand safety and contextual targeting.