Ad fraud detection: A guide for marketers

Posted by

Ad fraud seems to consistently produce news headlines in the advertising world. Half the time it’s people claiming that the sky is falling, while the other half claim, in essence, “no big deal.” There are obvious biases to take into account, but the net result is a ton of noise.

This is unfortunate, because it’s a topic that begs for education, especially for marketers new to display advertising. So we need to keep talking about it, even if it’s uncomfortable to acknowledge.

Ad fraud is particularly important for marketers to understand. If you don’t detect and avoid fraud, it will poison all other areas of optimization: context (brand safety), viewability and performance.

After all, context and viewability are irrelevant if human eyes do not see the ads.

In this article, I highlight some techniques for detecting the warning signs of ad fraud, including pitfalls to avoid when it comes to dealing with ad fraud detection as a marketer.

Warning signs of fraud

Assuming you manage your own display advertising campaigns, in a self-service manner, you can detect ad fraud without the use of any sophisticated tools. It simply requires some analysis and common sense.

The following are some warning signs of ad fraud activity:

1. No performance

The lack of performance (whether it’s conversions, sales or another business outcome) is the most concrete warning sign of ad fraud. This is most obvious when comparing the performance of your display ad campaigns to other channels like Facebook, Twitter or LinkedIn.

If all other factors are equal (e.g., ads, landing page, offer), and your display advertising campaigns produce zero conversions, while your other channels produce significantly more, that’s a big red flag.

In other words, if 300 clicks from LinkedIn produce 30 conversions, while 300 clicks from your display campaigns produce no conversions, something is fishy.

In my view, it’s improbable that 300 real people would be compelled to click on an ad in one channel and follow through by filling out a form, for example, yet 300 people in another channel apparently jump through the first hoop (the ad) and not the second (the lead form) — especially if they are supposedly targeted campaigns. It doesn’t add up.

2. Poor on-site analytics

Which brings us to another warning sign: high bounce rates and short session durations. Again, if you compare apples to apples, and the same ads and landing page from one channel show signs of real human behavior — filling out forms, spending time on the page, clicking through to other pages on the site — while another channel shows the complete opposite, you are looking at a red flag.

3. Data center IP addresses

Another data point worth analyzing is the IP addresses of your ads’ clickers. One dead giveaway of fraud is a data center IP address. This means that the “visitor” to your page is originating from a hosted server, not a residential or corporate computer. Producing such proof will often get you a refund from your agency or ad-buying platform.

4. Abnormally high CTRs

The last warning sign is a phenomenon of which most experienced media buyers are aware: unrealistic click-through rates (CTRs). If you notice certain placements deliver CTRs north of 1 percent, or even north of 0.3 percent, you might want to investigate whether those clicks are exhibiting any of the aforementioned warnings signs — no performance, high bounce rates and short session durations — to confirm your suspicions.

5. Suspicious site lists

Something else to watch out for is a very large number of long-tail site placements in your campaign reports. (On some DSPs, like The Trade Desk, a countless number of sites are bucketed into a line item called “tail aggregate,” which covers the smallest of the long-tail sites.) It’s wise to audit your site-level reporting and see if you notice any unrecognizable sites on that list. The majority of fraud originates from obscure sites, whereas the majority of real human visitors go to recognizable publishers.

On the surface, having long-tail publishers in your campaigns is not proof of fraud. However, a deeper investigation into some of the more unrecognizable or questionable sites might reveal some trickery. That’s why some marketers only target lists of “premium” sites: to reduce their chances of being exposed to fraud.

Recognizing diversionary tactics

In many cases, marketers rely on external partners like agencies and ad tech vendors to help manage their display advertising. In such cases, learning how to detect nonsense and lies from service providers is just as important as learning to detect the warning signs of ad fraud.

Why? Because no service provider wants to admit to buying fraudulent ad inventory on your behalf. So to save face, and avoid refund requests, they make up plausible-sounding nonsense to confuse their clients.

Here are just a few examples of such diversionary tactics:

1. Bringing up viewability

If you’ve seen warning signs of fraud in your campaigns and voiced your concerns to your providers, they may come back and make some claims about the viewability of your campaign being very high or something like that. And that is supposed to give you comfort.

This is known as a red herring. Viewability, while interesting, is ultimately irrelevant. It’s a diversionary tactic.

First, viewability measurements can easily be faked. In fact, because viewability is so easy to fake, whether it’s fraudsters stacking all their ads above the fold or serving up the ads in foreign iframes above the fold (showing as 100 percent viewability), fraudulent sites actually have the highest levels of viewability overall. That’s why viewability does not indicate a lack of fraud.

In fact, optimizing toward the highest percentile of viewability may actually be optimizing towards more fraud. In other words, something can be 100 percent viewable, yet never be seen by a human being. That’s why I wouldn’t accept any claims about viewability as proof against the possibility of fraud.

2. Meaningless spreadsheets

I’ve seen marketers receive massive spreadsheets from their service providers, as some sort of evidence against ad fraud. The spreadsheets showed a wide variety of browsers, operating systems, locations, days of the week and hours of the day — which didn’t prove anything except that they were not dealing with a basic, easily detectable variety of fraud (e.g., coming from the same IP address, browser, OS).

Check out the following screen capture to see how easily a basic fraud scheme can generate such diversity with ease:


(Note: Depending on your targeting, one might even argue that too much variety in your click reports might be suspicious in and of itself. For example, if you target specific organizations, you might actually expect the opposite pattern in the reports. After all, most enterprises have standard-issue corporate machines, running a similar OS, and often similar browsers. If the corporate network is behind a proxy, you might expect similar IP addresses and locations as well.)

Bottom line: Don’t accept these types of click reports as proof against the possibility of fraud.

3. Buzzword bombardment

Sometimes you might get the full buzzword buffet from your service providers, in an effort to overwhelm you. I have heard people at companies claim to use tools to prevent fraud that weren’t even ad fraud solutions. They just threw around brand names and acronyms at a rapid-fire pace, which might have bewildered a novice, but was clearly mumbo-jumbo to me.

A vendor once claimed that they submitted the marketer’s ads to Google for additional ad review. That’s true, but it’s actually a requirement to run on the Google ad exchange (AdX). So it was disingenuous (to put it charitably) for them to claim it as a measure to protect against fraud.

They might even use more industry parlance and claim that your campaigns are using whitelists, blacklists, private marketplaces and everything else under the sun — simultaneously. This type of excessive reassurance should warrant your skepticism.

Such claims might be partially or wholly true, or they could be more diversionary tactics meant to confuse and overwhelm. But without the ability to audit your campaigns in a transparent manner, to get to the bottom of the issue yourself, you are at your provider’s mercy. Trust, but always verify.

(Note: Generally speaking, everything a service provider tells you might sound pretty standard on the surface. They might say all the right things — for the most part — but that doesn’t really matter if you don’t have the power to independently audit or control your campaigns. They are simply asking you to take their word for it. That’s why you must demand transparency in all advertising relationships, in every form possible.)

4. Deferring to fraud detection metrics

Service providers may also provide invalid traffic (IVT) or nonhuman traffic (NHT) metrics from ad fraud detection vendors, in an effort to prove the absence of fraud. This seems like a reasonable thing to do, except it has problems as well.

For example, your service provider might send you some form of invalid traffic measurement and claim, even on a per-site level, that your levels of IVT are well below average. Such metrics alone are of little value. What vendor is providing those numbers? If they claim multiple vendors are used, insist on seeing a breakdown from each vendor. That should be table stakes in terms of transparency.

But more importantly, you should know that these automated detection vendors have vulnerabilities of their own, which throw their accuracy into question. We will cover that in the next section.

Ad fraud detection companies

Ad fraud detection companies (commonly known as “ad verification” vendors in the ad tech space) automate most of the manual work of checking ad campaigns for fraud. Manually checking makes sense if you have the resources, but it simply doesn’t scale for larger advertising operations. In those cases, automated ad verification vendors play a helpful role in complementing manual analysis.

Here are some of the most notable players:

(Note: I have no affiliation with any of the following companies, or any financial interest in them.)

  • Integral Ad Science
  • DoubleVerify
  • Forensiq
  • White Ops
  • Fraudlogix
  • Trust Metrics
  • comScore
  • Oxford BioChronometrics
  • Pixalate

Keep in mind, however, that using these tools is not a panacea for fraud. When used correctly, these tools offer additional data to help mitigate fraud’s impact. But they can also degrade into mere props that some service providers might use to signal diligence or to defer accountability.

Caution: These detection solutions can be fooled

It’s important to point out that these ad verification vendors are not infallible. They provide interesting data points, no doubt. Any data is better than no data, I suppose. But fraudsters are constantly figuring out how to evade detection by each specific security vendor, which is why ad verification tools cannot be trusted as the ultimate arbiters of truth.

In fact, the more popular the ad verification tool, the greater the efforts by fraudsters to circumvent their detection methods. It’s trivial for black-hat publishers to purchase traffic for their websites specifically designed to evade the fraud-detection algorithms of popular vendors.

Here is a disturbing email exchange that shines a light on this reality:

The price of filtered traffic from eZanga

Source: Shailin Dhar, “Ad Fraud In Our Own Backyard

It may be easy to lose hope at this point, especially if you feel you can’t trust the tools specifically designed to detect ad fraud. But it’s worth noting that this is an ongoing cat-and-mouse game between bad actors and ad verification vendors, and both sides have incentives to win this war.

(Personally, I think fraudsters will ultimately lose.)

Final thoughts

Ad fraud is obviously a massive problem for marketers, but it’s also an existential risk to the ad industry as a whole. Given the nature of programmatic advertising’s open ecosystem, advertisers and publishers of any size can participate. Some of them are bad actors that pollute the quality of the marketplace, undermining the trust of the whole sector.

Detecting ad fraud and removing it from your own campaigns is the first step to eliminating it from our entire industry. I hope that this guide provided you with some practical knowledge to help you in your efforts to eliminate ad fraud and improve the performance of your advertising efforts.

P.S. If you want more background about some of the claims I’ve made here, I recommend the following deck from ad fraud researcher Augustine Fou: “How Ad Fraud Impacts Good Publishers.” (Again, no affiliation.) He confirms many of my earlier points regarding viewability, bot sophistication and the shortcomings of fraud detection tools. Enjoy!

Some opinions expressed in this article may be those of a guest author and not necessarily Marketing Land. Staff authors are listed here.

About The Author

Ratko Vidakovic is the founder, author, and principal consultant at AdProfs, where he advises a wide range of clients — marketers, publishers, tech companies, and investors — on the inner workings and best practices of advertising technology. Ad tech consulting services include training and education, campaign audits, ad revenue optimization, due diligence, product strategy, and more.


Leave a Reply

Your email address will not be published. Required fields are marked *