Programmatic Ad Fraud: A Multi-Billion Dollar Industry

Programmatic advertising was worth a whopping $418 billion in 2021. The industry’s relatively basic foundational practice – buying advertising ‘real estate’ on sites and displaying ads there – provides massive revenue, but it’s also host to fraud.

While statistics for programmatic ad fraud are hard to come by, estimates for the costs for businesses of ad fraud in general lie in the tens of billions of dollars – with predictions for a $50 billion mark by 2025. Programmatic advertising makes up 90% of all digital advertising, so it’s fair to assume that’s where an overwhelming majority of the fraud lies.

It’s been a concern for the entire advertising ecosystem for years, and continues to be as digital ad fraud is on the rise. Read on to get familiar with the shady world of programmatic ad fraud and learn how to protect yourself.

You should also check out the latest episode from The Digital Distillery Podcastfor an audio tour through the ad fraud underworld – have a listen through the link below!

WHAT IS PROGRAMMATIC ADVERTISING?

Before we crack open the ad fraud underworld to understand how cyber-criminals exploit programmatic advertising, it’s good to have a brief refresher on what programmatic advertising itself is.

In essence, programmatic advertising is the use of automated technology for buying advertising space.

Before placing an ad, the software takes into account:

• User browsing history
• How much the buyer has bid
• Keywords

The goal is to put the most user-appropriate ads for the best prices.

Programmatic can be grouped into three categories:

• Real-time bidding (RTB), where inventory prices are decided in real-time auctions
• Private marketplaces (PMP), similar to RTB except where publishers operate on an invite-only basis with advertisers
• Programmatic direct, which has publishers bypassing auctions and selling advertising space at a fixed Cost Per Mille (CPM) to advertisers

HOW IS PROGRAMMATIC EXPLOITED?

Programmatic advertising has a simple foundation, and fraud can also be astonishingly simple – or eye-wateringly sophisticated. These are the most important and prevalent types to look out for.

CLICK FRAUD

Among the simplest forms is click-fraud – clicking the same ad over and over as a scam for programmatic campaigns that pay per click rather than impression.

Bots can be bought or even ameteurishly created in Excel, with the more sophisticated bot farms being able to farm millions of clicks while looking like they’re located across the world with VPNs.

Harrowingly, click-farming can be taken to another level entirely with human click-farm sweatshops. They employ desperate people in often prison-like conditions to perform the clicks, which sidesteps bot detection.

DOMAIN SPOOFING

Right now, you’re on showheroes-group.com – would you have noticed if you were on an identical site with a showheroesgroup.com url?

Website spoofing relies on human error and defrauds programmatic ad networks (and their customers). Fraudsters, using similar-looking domain names for popular websites, create identical copies, and pass them on as their own to the network.

This kind of fraud is rampant with malware and spam, which can cause reputational damage – nobody wants their brand associated with keylogging and Free iPhone scams.

AD STACKING / PIXEL STUFFING

One ad per ad space, in theory. Sometimes, it’s twenty ads per space in practice.

Ad stacking is as simple as the name suggests, and is the practice of stacking ads on top of one another – invisible to the naked eye, but logged as additional impressions for the defrauded network.

If that sounds absurd, pixel stuffing is downright comedic – but no less destructive. It’s the practice of shrinking ads down to 1×1 size – again, invisible to the naked eye, but logged as impressions.

HOW TO PROTECT YOUR SITES AND CAMPAIGN BUDGETS

1. Custom alerts on Google Analytics can help with nofitications of any sudden changes in metrics and traffic, which can be questioned and responded to accordingly.

2. For click fraud specifically, it can be useful to set up an IP blacklist on Google Ads by adding any suspicious clicks as soon as you receive them, thus blacklisting those specific IPs from viewing your ads in the future.

3. Avoid relying on so-called ‘vanity metrics’ such as viewability when analyzing your programmatic ad campaigns and looking for potential fraud, and instead rely on a wide variety of metrics. Even a simple bot can easily give your campaign a great viewability count, and might only be suspicious when other metrics are taken into account.

4. Carefully check domain names before placing real-time bids so you aren’t tripped up by a clever, purposeful typo.

5. Check your marketing performance for anomalies. If you’re getting a lot more impressions than usual but that isn’t being reflected in lead generation, it’s a red flag.

6. Consider using dedicated ad fraud protection tools. Here at ShowHeroes Group, we work with vendors such as Integral Ad Science and Moat for ad fraud protection from programmatic all the way through to mobile-specific fraud.

7. Finally, keep yourself informed. Stay up to date with new trends, threats, and protective measures so that you stay sharp and don’t get snuck up on.