Digital Advertising overview
Digital advertising span media formats and encompass such modes as text, image, audio/podcast, and video. Digital marketing has grown and continues to grow in importance because it is an effective means of connecting various types of businesses with web users/visitors/customers when they are online. As such, companies, businesses, drop shippers, etc., invest substantial budgets in online advertising, which often involves displaying adverts on websites with good traffic.
Therefore, online advertising is one of the ways publishers/affiliates can earn revenue from publishing paid advertisements placed on their websites by various categories of advertisers. As such, various categories of websites promoting different products, brands, and services, normally increase revenue by allowing companies/advertisers/merchants to place advertisements on either landing pages or the contents of the publisher’s website.
As with any lucrative business, online advertisement, too, is also prone to fraud and in this post, I specifically zero on Ad fraud. Ad fraud (also referred to as Click Fraud Fraud) is described as the practice of fraudulently representing online advertisement impressions, clicks, conversions, or data events to generate revenue. Ad frauds are particularly popular among cybercriminals.
As already pointed out above, ads can be in any of these formats: text ads, banner ads, video ads, and in-app ads. The bottom line is; that a publisher can earn revenue from the impressions or clicks the users make on these ads, and conversions, in some instances.
Ad Fraud Classification and characterization
There are three activities in the advertisement pathway, namely: placement [origin]; traffic of the action taken at the origin, and user action or result of the transmitted action. Fraudsters target any of these activities to be compensated instead of the right marketer/publisher/affiliate or cause losses to the competitors by draining his/her budget that had been earmarked for advertisements.
Depending on the respective compensation/price model, i.e., impression-based, click-based, or action-based, fraudsters will design the fraud targeting any of the highlighted models. Based on this scheme, Ad frauds are classified into three major categories, and they include:
- Fraud targeting Ad placements
- Fraud targeting Ad traffic, and
- Fraud targeting Ad user actions
1. Fraud targeting Ad placements
Placement fraud is defined as fraudulent actions or activities which intend to either manipulate or modify the marketers’ [publishers’] webpages or modify the web pages showing on the user’s devices to increase impressions or clicks.
This is normally achieved through keyword stuffing, misrepresenting ad placement location so that the placement is placed in the invisible frames and is never viewable to the audience, and Malvertising, whereby advertising malware is injected to lure users to register and then re-directed to malicious sites, to generate inflated impressions.
Essentially, Ads can be placed anywhere on the web pages i.e., left, or right, top/bottom sides, or even mixed/scattered within the content. Besides, floating, or fixed positions could be the other two options for Ad placement.
Therefore, in choosing where to place an Advertisement, I suggest that guidelines covered well in the Google AdSense Ad placement policy be followed. Typically, the Ad placement should be done such that the user/visitor does not go adrift from what originally brought him/her to the website, but rather, go for the Advert when he/she decides to do so. In other words, the user should not be lured to click on the Advert.
As such, advertisers [merchants] should place adverts such to avoid accidental clicks on them. Let us explore in detail how fraudsters implement these actions highlighted above to either increase impressions or clicks, as well as their classification. The following methods can be followed by fraudsters to effect fraud at Ad placement:
- Stuffing or stacking of keywords/pixel
In this placement fraud sub-class, either keyword or pixel is stuffed such that the content is displayed in such a way that it is not visible to the naked eye. Essentially, Ad keywords are hidden in the HTML tags that are either not visibly displayed, or they are shown as of the same color as the background, so they are incapable of being seen by the naked eyes!!
It should, however, be noted that although keywords are hidden from the naked eye, they are visible to the Ad network agents when they crawl the webpage content, to determine which pages correlate to the specific Ads.
This same approach is used in placement stuffing, whereby, several placements, not intended to be viewed by the naked eyes in the web pages are stuffed. Placement visibility is set at ‘none” making them practically invisible.
In the case of stacking, Ads are layered on top of one another in the same Ad slot, making the one on the top the only one visible. By stacking, Ads on top of another, fraudsters inflate the number of impressions, thereby cheating the advertisers.
- Domain Spoofing
In this Ad placement fraud subclass, fraudsters create fake websites that mimic real sites such that they could steal either identity information or account credentials of the target website. The major objective behind this activity/fraud is to convince the advertiser/merchant that traffic is from authentic publishers/affiliates.
This is born from the fact that advertisers/merchants maintain both a whitelist of reputed premium publishers/affiliates as well as a blacklist for fraudulent publishers such as porn sites and fake sites with low content and without credibility.
Naturally, for any brand safety and many other concerns, no advertiser/merchant would venture to place an advert (s) on a blacklisted website. Accordingly, the fraudsters would search for trusted/white listed websites and then go ahead to create websites that mimic the real ones on the whitelist of the advertisers/merchants. In so doing the fraudsters may attract advertisers to place Ads on their fake websites, taking them for genuine publishers/affiliates.
But how is this done? Knowing how this is done is the 1st step toward preventing such activities. There are majorly two approaches fraudsters use to spoof domains:
- Malware and Toolbars
Supposing the user/visitor’s computer was infected with malware or the user was led to install malicious toolbars, and at the same time, the user is surfing a publisher’s premium website (domain). Once the fraudster discovers this, they can inject Ad windows onto the webpages the user/visitor is viewing. This creates an impression, which appears to be on a premium publisher’s site, while, an Ad originated from the toolbars.
Consequently, the fraudster can send impressions for bidding on Ad exchanges, whose prices are heavily discounted for desirable sites. Notably, the revenue generated from the Ad [which originated from either the malware or toolbars] is collected by the fraudster, and not the premium publisher!!
Since the Ad is placed when the user/visitor is on a genuine premium site, this type of fraud is difficult to detect.
- Ad Tag Misrepresentation
In this Ad placement fraud subclass, fraudsters target Ad Tags in the bid auction. By spoofing their domain, fraudsters pretend to offer impressions at premium websites. This is achieved by either fraudster modifying the script or by adding an apt to the page, which re-writes some of the functionality of the script so that it transmits false pieces of information.
These two methods heavily impact both the publishers/ affiliates as well as the advertisers (merchants). While the former will lose revenue, the latter will exhaust the advertisement budget by paying fraudsters.
2. Fraud targeting Ad Traffic: Traffic Fraud
As its name suggests, this type of fraud intends to generate fake traffic and thus inflate the number of impressions or clicks generated from individual sites or placements and it is done through manipulation of network traffic. By using either botnet or crowd or both, fraudsters can increase the number of impressions and clicks on the publisher’s websites.
Traffic fraud is also categorized into two sub classes namely; impressions and click fraud.
- Impressions fraud subclass
In this traffic fraud sub-type, fraudsters generate impressions by any of these three methods: i) hiring human labor to manually view the pages, ii) designing different types of bots to generate impressions for auction, and iii) using expired domains to divert users to third party pages. The aim is to directly increase the website traffic and subsequently generate more impressions for the auction.
For instance, by a bot repetitively sending the HTTP request to a web server, it will trigger many webpages display requests, thereby resulting in inflation impressions, which have zero business value to the advertiser/merchant.
Similarly, when human labor is hired to manually review and /or refresh websites, the aim is to increase impressions and thus trigger Ad auctions from the sites. Alternatively, direct traffic can be generated using expired domains to divert users/visitors to third-party pages. In all these fraudulent activities, the impression volumes will be increased.
This fraud will heavily impact the CPM campaigns because inflated impressions provide little or no value to the advertisers for their advertising benefits. Similarly, it also impacts the CPC and CPA-based campaigns since most of the impressions caused by this type of fraud cannot result in click-to-conversion events. This is so because, although the impressions are many, yet the number of page views will be low, resulting in a lower overall click-through rate (CTR), hence very low or no conversion.
- Click fraud subclass
Click fraud is another subclass of traffic fraud whereby the fraudsters aim at increasing click events on an advertisement. As with impression fraud, in click fraud attacks, fraudsters use different approaches involving employing either genuine human labor or bots to click on an advertisement.
When human labor is hired, the approach is called “click farm” and consists of many hired human laborers who normally click on the advertisement. Note that, although the clicks are genuinely produced by human viewers, yet they have either very little or intention to be converted into purchasing customers, and as such these clicks are construed to be generated with malicious or fraudulent intent.
Sometimes, a click bot, which is an automated computer program/system [either stand-alone or distributed as a botnet] is practically and repeatedly used to retrieve URLs associated with Ads to generate mouse click events, resembling genuine human viewers.
Typically, in a click fraud botnet, a bot-infected host may be coordinated/controlled by a master bot to fetch online advertisements and click on the Ads without the host’s user awareness.
Notably, click fraud is the most popular fraud in the CPC/PPC Ad ecosystem mainly because CPC/PPC campaigns dominate the Ad networks. With these campaigns, both the publishers and the advertisers may operate with diverse motives: while publishers work for increasing traffic and hence the number of clicks, the advertisers have to deal with competitors and thus maximize conversions on their sites.
As such these two parties may directly get involved in click fraud, with publishers [affiliates] either encouraging click inflation, or directly participating in click inflation fraud themselves, and the advertiser/merchant getting involved in competition clicks.
In publisher click inflation the aim is to increase impressions clicked by the viewer/visitor since revenue is calculated based on the number of clicks on the advertisement. Therefore, the publishers will tolerate click fraud attacks, if not even either encourage or participate directly in such activities. If publishers choose to directly participate in click fraud, any of the methods discussed above may be employed.
It should be pointed out that to place an advert on any website, the advertiser must have allocated a specified budget to support these campaigns for a specified period, which may range from one month to multiple months, thus under CPC/PPC revenue model, each click will consume a small amount of the advertising budget!
Therefore, to exhaust the budget of the competitors the advertiser will artificially produce clicks on the competitor’s advertisement. Consequently, the fraudulent advertiser’s Ads would have the advantage of being served legitimates users, with a better chance of being clicked by users and thus resulting in better conversion rates, thereby satisfying the branding company.
3. Fraud Targeting Ad action: Action Fraud
This is a type of Ad fraud that targets the activity of the user/visitor in order to generate revenue. Such actions may include, but are not limited, to all the following: either filling an online form, getting involved in an online survey, placing an online purchase order, OR users’ previous actions, behavior, OR re-target valuable customers.
Fraudsters may hire real people to download and/or submit forms to produce conversions. Alternatively, fraudsters may make fake cookies to earn commissions as affiliates by using bots.
The motivation for this type of fraud stems from the preference of advertisers to use the cost per action (CPA) model, to assess their advertising costs vs revenue, and indeed to also assess which publisher/affiliate was responsible for the conversion. As such, action fraud has a direct impact on Ad pricing, and campaign planning, among others.
Action Fraud is further categorized into a) conversion fraud, and b) Re-targeting fraud.
- Conversion fraud
In this action fraud subcategory, fraudsters use any or both of the following approaches: They can use Lead bots to automatically fill out a lead form with either randomly generated or partially correct information. You know what? The lead bots can also perform such actions as clicking a link to download a file.
The second approach involves the use of a Lead farm, where fraudsters hire labor, especially from countries with low labor costs, who fill lead forms and other required activities to convert a click into a conversion
- Re-targeting fraud
In this action fraud subcategory, also called re-marketing fraud, fraudsters aim at mimicking genuine customers’ specific behaviors and making it appear that they are the real desirable users/customers. This is achieved by using computer-generated agents such as DeceptiBots to mimic human intention and behavior, thereby pretending that they are interested in a specific product or brand.
Consequently, the bots deceive advertisers into believing that bots are valuable potential customers, and therefore put a higher price on auction/impression generated by bots.
This fraud takes advantage of a genuine digital marketing practice called Re-targeting or Re-marketing which is a very effective form of online advertising that is based on targeting valuable customers based on their previous internet actions such as purchasing history, web browsing history, and previous behavior.
It is normally done by checking either past transaction records, or tracking cookies from the user sites before, and showing interest in certain products or not.
I have tried to highlight the three major Ad frauds and their sub categories and how fraudsters try to manipulate them for their own gains. Although this is not exhaustive, it can give you a glimpse on how Advertisement on the website, is such a lucrative venture to be targeted by cybercriminals.
There are other types of fraud committed online of which Ad frauds are simply a subset, which affect either the merchant/vendor/advertiser, or affiliates/publishers or both. If you want to start an affiliate program, from a merchant perspective, or you want to start an affiliate marketing website in various niches. If any of these options defines you, then these 15 affiliate marketing scam post is a must read!!
In my next post, I will explore the current IT technology available to detect and either prevent or minimize the dangers that may be caused by this cyber crime.
I hope you have enjoyed this short exposition on the extent of Ad fraud and If you have any comments or questions, please leave them in the
comment/question box below and I will make sure you get answered
(probably within 1 hour). Thank you.