Ad fraud: how to spot invalid web traffic and protect your business from it

Today, investments in digital advertising have become an obvious must for brands that want to meet the needs of their audience, expand in the global market, improve sales performance, and increase market share. Every year, brands and companies all over the world spend hundreds of billions of dollars on digital advertising. This huge amount of money has lured fraudsters to seek illegal profits by taking advantage of the immaturities in the ad technology and conducting deceptive practices. According to eMarketer, digital ad fraud could cost the whole industry in excess of $6.5 billion per year. Some analysts even estimate the loss to be as high as $19 billion!

So, how can you identify suspicious patterns, and fight ad fraud?

Understanding classic ad fraud schemes

You may be wondering what kind of ad fraud we are talking about and how these schemes really work. Below are two examples of relatively simple scenarios: 

Scenario 1: Let’s say Laura from ecommerce company A is running a search ad campaign whose main goal is to drive website traffic. She has been running this campaign for 4 months, since the launch of the new kids apparel section. In the first 3 months, she saw a steady growth of ad clicks which made Laura and her boss very happy. However, to her surprise, in the second week of the 4th month, the number of clicks suddenly skyrocketed on Thursday and Friday, with a 60% increase compared to the average number of clicks received on these two weekdays in the past. What made Laura become suspicious was that the website had not changed, and the number of clicks went back to normal on Saturday. She told her colleague about this weird phenomenon and they decided to look into it and see if the extra clicks were fake and if the extra ad traffic on those two days was genuine. 

Scenario 2: Peter from automotive company B based in China has recently started a display campaign to retarget his website visitors in Mexico. One Friday afternoon, before he left the office for the weekend, he discovered something unusual. For the past few days, most of the ad impressions and clicks occurred between 1pm and 5pm, when people were still supposed to be sleeping in Mexico. He immediately felt that something was wrong and started to worry whether those impressions and clicks were real or if they were generated by a bot. 

What’s common about these two scenarios is that both the impression and click traffic turned out to be invalid. In reality, the majority of digital advertising frauds are conducted through Invalid Traffic (IVT) generation (also called Non-Human Traffic). IVT consists of General Invalid Traffic (GIVT) and Sophisticated Invalid Traffic (SIVT).

What is General Invalid Traffic (GIVT)?

General Invalid Traffic, known as GIVT, is a type of fraud that is relatively easy to spot. It occurs when traffic is generated by automatic crawlers or bots, that behave like no human being ever would: for instance by clicking a thousand times on the same link, or switching between websites precisely every 5 seconds. This type of fraud can be blocked thanks to routine filters using lists, or even through standardized parameter check.

Examples of GIVT are:

• Known data center traffic: ad traffic originating from servers in data centers whose IPs are linked to invalid activity (typically non-human traffic). 
• Bot and spiders or other crawlers: these are non-human activities on the web. Some of these bots, spiders and other crawlers are legitimate (e.g. search engine bots) whereas some are not and might be malicious. But even when they are legitimate, they still need to be filtered out because they are not human activities.
• Activity-based filtration: user activities that you need to pay extra attention to, such as transactions that happen too fast, or actions that are too repetitive – such as clicks that happen precisely every 15 seconds.
• Irregular pattern: ad traffic that includes one or more attributes (e.g. user cookie) associated with known irregular patterns, such as auto-refresh (creating additional page views) or duplicate clicks.
• Pre-fetch or browser pre-rendered traffic: website content loaded before a user accesses it. These preloads may trigger ad impressions that are not accessed by a valid user. 

What is Sophisticated Invalid Traffic (SIVT)?

Sophisticated Invalid Traffic is, as its name suggests, a more complex form of fraud. Indeed, these situations are often linked to illegal activities and require advanced analytics and human intervention to detect. More complex than a simple pattern, as we saw with GIVT, SIVT can be easily mistaken for human activities. 

Examples of SIVT are:

• Automated browsing: a program or automated script that requests web content without user involvement and without declaring itself as a crawler, primarily referring to botnets.
• False representation: sites masquerading as other entities for illegitimate purposes, which may cause wrong ad inventory being supplied rather than the inventory that an ad originally requested. 
• Invalid proxy traffic: some intermediary proxy devices can manipulate traffic counts or pass on non-human traffic and invalid traffic. Such proxies might be used to route bot traffic and make the traffic appear to be originated from an ordinary source. 
• Adware: content that appears to be a legitimate ad, and attempts to install malware on a user’s device.
• Incentivized manipulation: using financial or material incentives to make users interact with ads.

How should advertisers deal with invalid traffic?

Although digital advertising fraud cannot be eliminated quickly, the industry as a whole, from advertisers to publishers along with others in the programmatic ecosystem, have become more aware of this issue. If advertisers want to minimize their losses from digital ad fraud, they should be better equipped in terms of both knowledge and technology. 

First of all, advertisers should understand what IVT is and what they can do about it. There are many third-party advertising audit and verification services on the market, but each may have different offers and specialize in different areas. Some may calculate the invalid traffic of a selected sample to determine the overall fraud rate, without being able to tell what specific impressions, clicks or app installs that were fake, while others check each individual transaction. Therefore, before working with a third-party company, advertisers should know more about its methodology, so that they can choose the right partner(s) to work with. 

In recent years, more and more companies are getting Trustworthy Accountability Group (TAG) certifications. According to research conducted by the group in November 2018, which examined 75 billion display and video impressions across desktop, mobile web and mobile apps in the US, certified channels were 84% less likely to have fraud. In January 2019, Tag did another analysis in Europe and found similar results. Although working with certified channels is not a silver bullet, advertisers can reduce potential risk by doing so. 

Another commonly used countermeasure is for publishers to implement ads.txt. Ads.txt is a text file that allows publishers to add a list of authorized inventory sellers to their sites. Ads.txt can protect publishers from domain spoofing (fraudsters falsify the URL or site from which an impression was originating.) 

Advertisers should also use web analytic tools like Google Analytics to detect potential invalid traffic. For example, if the bounce rate of traffic acquired from certain ads is nearly 100% and the average session duration is less than 1 second, it’s highly likely that this traffic is invalid. If the volume is large, further actions like stopping the ad or negotiating with the publisher about rebates are needed. 

The battle against ad fraud is far from over, but as technology continues to develop quickly and industry standards continue to evolve, digital advertising practitioners can start fighting back today.