Table of Contents
Considering the sophistication of digital advertising technology, it’s hard to believe that bots exclusively visit 1 in 5 ad-serving websites. And if you think it doesn’t concern in-app advertising, think again: 21.3% of iOS app installs, and 26.9% of Android ones are fraudulent, according to Interceptd. But are there effective ad fraud prevention tactics? Can you stop fraudsters from stealing your profit?
In this article, we’ll explore the notion of ad fraud in terms of in-app advertising, its most common types, and ways to fight it both for publishers and advertisers.
Book a strategy session
Get actionable insights for your product
We’ll reach out to schedule a call
Ad fraud: its definition and most common types
As the name suggests, ad fraud is any attempt to defraud a digital advertising system for nefarious purposes, of which financial gain is the most common. While bots are the main weapon of ad fraudsters, not all ad frauds are the same. Invalid traffic, ad hiding, click schemes, and ad spoofing are the most widespread forms of ad fraud when it comes to in-app advertising.
Invalid traffic (IVT)
IVT is commonly defined as “any activity that doesn’t come from a real user with genuine interest.” Yet, that’s not entirely true. Why? To find the answer, let’s explore the two main categories of invalid traffic:
- General IVT (GIVT) can be malicious and non-malicious. Non-malicious GIVT is generated by search engine crawlers, such as those of Google, to rank web pages. Also, real use traffic can be declared invalid due to integration errors, the use of VPN, or other reasons.
On the other hand, bots generate malicious traffic. Since these bots perform non-human-like actions (like switching between pages for hours), they are easy to detect during routine checks.
- Sophisticated IVT (SIVT) is generated by fraudsters for nefarious purposes. This type of IVT is more difficult to catch since it behaves like real humans. Besides, its impression volume is higher than that of GIVT.
Given that, SIVT poses a bigger threat than GIVT.
In this type of ad fraud, the ad is running but remains unseen to real users. There are two types of ad hiding schemes that are most common:
- Ad stacking is when multiple ads are displayed, one atop another.
- Background ad activity is when an ad is completely out of view though being served.
In both cases, a fraudster can charge per view since the ad is technically served.
Click injection and click flooding are the most common forms of click fraud. So, let’s consider each of them in detail.
- Click injection is a sophisticated form of ad fraud, often aimed at ad campaigns with the last-click attribution web analytics model. Using apps with “the desired action alerts,” a fraudster “inserts” a click between the final click – before the install (or any other desired action) – and the install itself. Thus, the fraudster receives the credit and reward for the final action.
- Click spamming takes place when a fraudster executes clicks for a user that didn’t make them. Here’s how it looks: as soon as a user lands on a web page (or accesses an app), a fraudster sends multiple clicks as though the user is interacting with the advertisements. The purpose of this ad fraud type is to overwhelm the ad prevention system, so at least one click is accepted as organic.
App spoofing (also known as domain spoofing in web terms) occurs when fraudsters disguise themselves as a premium app to defraud an advertiser. Here’s how it works:
1) A fraudster-publisher clones instances of an original application using phoney bundle IDs (app identifiers) to identify each “clone”.
2) At the same time, the ad placement IDs associated with the legitimate app remain original.
3) The fraudster runs the cloned instances within a single device, a device farm, or with the help of a bunch of human users.
4) As a result, it looks like the traffic comes from an original app.
App spoofing is a widespread and extremely fruitful way for a fraudster to generate revenue. Yet, since each fake app instance has its own bundle ID, which is different from the original one, app spoofing is quite easy to spot.
At the same, app spoofing can be a result of an unintentional integration error. For example, an app developer accidentally can hardcode ad placement IDs associated with the other bundle ID. Yet, this type of error is easy to fix.
As you might guess, this list of ad frauds is incomplete. As the digital advertising ecosystem evolves, fraudsters continue to find new vulnerabilities and schemes. But doesn’t it mean we are at a standstill? Let’s find out below.
Ways to fight ad fraud
Judging from the types of ad fraud mentioned above, publishers might seem utterly immune to them. But unfortunately, ad fraud affects the entire digital advertising ecosystem. Invalid traffic tampers with buy-side analytics and prevents publishers from proper inventory forecasting. Besides, advertisers weed out publishers that provide fake clicks and invalid traffic. Given that, both advertisers and publishers should fight ad fraud continuously to survive. The following tricks can be helpful here.
Monitor your analytics
Bots tend to behave unnaturally. To this end, as a publisher, you should regularly check your analytics for anomalies, such as sudden traffic spikes, suspiciously high number of impressions, inadequate CTR (click through rate) for certain ad placements or demand partners, etc.
Also, a high number of impressions combined with low viewability rate might mean that you are intentionally or unintentionally obscuring some ads or running them in the background. In addition, metrics like session duration and page scroll depth require particular attention. For example, sessions lasting less than a second or measuring less than 10% of page scroll depth are sure-fire signs of bot activity.
Follow best practices for ad placement
Placing ads in a way that tricks users into clicking them is also a form of ad fraud. Thus, if you don’t want to ruin your reputation as a publisher, it’s crucial to be particular about ad placement. Your ads shouldn’t have overlapping content, be running in the background, be atop one another, or otherwise causing a bad user experience.
Take action immediately
As soon as you detect fraudulent activity, block its source. In this way, you can obstruct the fraudster’s ID, which will considerably tie their hands. It’s also advisable to compile a blacklist and compare it constantly with the widely available ones.
Work with reliable ad partners
As an advertiser, you should keep in mind that a publisher, whether knowingly or unknowingly, might be a fraudster themselves (even those who purchase traffic commit fraud to some extent). That’s why choosing ad partners shouldn’t be taken lightly. But how can you be 100% sure you made the right choice? Unfortunately, there is no silver bullet. Yet, seller trust index lists from known ad fraud prevention companies like Pixalate, can help. For example, according to Pixalate, OpenX, RhythmOne, InMobi, MobFox, LiveInternet, and RubiconProjects are the most trusted publisher traffic providers.
Use ad fraud prevention services
Whether you are a publisher or an advertiser, you are extremely vulnerable to ad fraud attacks. Besides, compiling black lists, working with reliable partners, and other tactics mentioned above won’t help you with in-app install ad fraud prevention, for example. Luckily, partnering with ad fraud prevention companies will help you diminish the risk of potential attacks. Here are the best-known of them:
- White Ops has partnered with the largest AdTech platforms and Fortune 100 companies. Their main services include FraudSensor that detects where bot traffic “resides” and comes from, and MediaGuard, which predicts bot traffic at scale.
- Confiant can be used both in programmatic and non-programmatic advertising. The solution spots and blocks various ad hiding schemes, forced ad redirects, and beyond. It’s also compatible with header bidding.
- DV Pinnacle is a platform powered by DoubleVerify, which provides insightful metrics on whether your ads are viewable, seen by real humans, or in-geo.
- IAS provides an array of ad fraud prevention solutions for brands, agencies, and publishers that help ensure all ads are viewed while fighting any deliberate activity that prevents ads from being seen by real users. They have worked with numerous big names, including Facebook, Google, and Youtube.
- Pixalate can prevent 15 types of ad fraud. The company is accredited by the Media Rating Council to detect sophisticated IVT. OpenX, Centro, AdRoll, and other ad tech giants are Pixalate’s previous partners.
- Acquired by Impact, Forensiq utilizes the power of machine learning to identify bot traffic, device hijacking and allow running user clustering analysis, which identifies users with similar behavioral patterns. It works well both for publishers and advertisers.
Both publishers and advertisers should use proven ad fraud protection software to keep a high ROI. However, note that your monetization partner might be using in-house or third-party ad fraud prevention tech already, so it’s crucial to check with them first.
Though all these anti-ad-fraud tips are quite effective at keeping fraudsters at bay, there’s no magic switch that will spare your brand from every potential attack. Yet, by combining these fraud prevention measures while staying updated with industry innovations, you will significantly improve your odds.
With impersonal transactions, reliance on easy-to-manipulate metrics, and a complex supply chain system, the domain of digital advertising is lucrative to fraudsters. Invalid traffic, ad hiding, click fraud, and app spoofing are only a few known examples of schemes fraudsters utilize to fulfill their nefarious intentions. No wonder ad fraud remains one of the biggest challenges for the entire online advertising industry, including advertisers, publishers, agencies, ad networks, and ad exchanges.
Yet, ignoring the problem doesn’t make it go away. Luckily, monitoring your analytics, following best ad placement practices, acting immediately, working with reliable ad partners, and using proven ad fraud protection services, reduces the risk of ad fraud considerably.