Digital Ad Fraud

Digital Ad Fraud

The seedy underbelly of the online advertising industry

By Peter Marsh, NEWSCYCLE Solutions, Vice President of Marketing

December 22, 2014

Ad-Fraud-Blog-ImageYou can’t monetize what you can’t measure. Everybody knows that. It’s why publishers and advertisers strive to get meaningful metrics that gauge audience engagement and accurately measure the success of online ad campaigns.

But, did you know that over a third of all traffic to media company websites is fake? The Interactive Advertising Bureau (IAB) recently found that 36 percent of people clicking on digital ads are not human at all. The visitors are “bots”, the product of computers hijacked by fraudsters and programmed to visit sites.

Bot fraud is rampant in all forms of online advertising – web, mobile, social, video – but the problem is especially troubling for news media publishers, where trust and credibility are key to the longstanding relationships between advertisers, audiences and media company brands.

Simply put, digital ad fraud means that advertisers are paying for impressions that appear to be served to real audiences, but are actually “seen” only by computers. Millions of ad impressions are generated every day that are never seen by a human. In one recent case reported by the Financial Times, Mercedes Benz ran an online ad campaign where 57 percent of the impressions were viewed by automated computer programs rather than real people.

Fraudsters use lots of tricks to deceive advertisers and unsuspecting computer users alike, with the goal of illegitimately making money from online ad campaigns. Here’s how it might happen:

1. An innocent computer user, let’s call him Dave, turned on his computer one day and perhaps visited a random site and clicked on a compromised link, or maybe he ran a “certified and safe” cleanup program.

2. At that moment, a fraudulent bot engine was quietly installed on Dave’s computer. (This same thing happened to thousands of innocent Daves on computers, tablets and even mobile devices all over the world.)

3. Later that day, without Dave’s knowledge, the bot engine began communicating with a botnet center located anywhere from Altadena to Zagreb. Dave’s computer was turned into a zombie, and his bot was instructed to visit certain sites in a certain sequence and at a certain frequency.

4. This is the really scary part. The botnet center was so sophisticated that it instructed Dave’s bot to visit high-value audience sites, including news media websites, in order to profile Dave as an ideal candidate for advertisers.

5. Dave’s bot was also programmed to go to sites that promote themselves as “advertising impression storefronts” that drive “real unique visitors.”

6. Website owners and ad networks need to drive traffic, so they purchase impressions from these storefront sites. In reality, these sites are owned by the botnet fraudsters, who collect the money, then send traffic through the nodes in the bot network (like Dave’s computer) and serve ads on pages that are never seen by human beings.

A scary scenario indeed. What’s even scarier is that the digital ad fraud problem is bound to grow as the trend toward greater programmatic buying and selling increases. By removing the human element from direct ad sales, the fraudsters will inevitably find more opportunities to deceive.

So, what’s a publisher to do in order to combat bot fraud? The very good news here is that organizations like the IAB and the Alliance for Audited Media (AAM) are taking proactive steps to help publishers, advertisers and technology companies in their quest to eliminate digital ad fraud. Admittedly, both organizations liken these efforts to playing whack-a-mole – eliminate ad fraud in one area and it quickly pops up in another. Still, the following guidelines for media publishers provide some useful and immediate action items to defeat the fraudsters.

These efforts will help publishers preserve the trust and integrity of their valuable ad inventories:

• As a publisher, you must educate yourself about ad traffic fraud.
• Monitor and vet all traffic sources to ensure the highest quality traffic to your sites. Pay close attention to those sources that are compensated for bringing traffic to websites.
• Only trust business partners that have earned trust. The IAB calls this “practicing safe sourcing.” Technology can be implemented to help detect and prevent fraud. In addition, traffic to media sites can be filtered through third-party vendors who specialize in fraud detection.
• Policies and procedures should be adopted to help eliminate low-level ad fraud. One example of this, according to the IAB, is “comparing impression volumes to audience sizes reported by third-party measurement services.”
• Include the right to audit in all agreements with traffic providers.
• Get involved with – and become certified with – the IAB’s Quality Assurance Guidelines and other fraud initiatives, including the Traffic of Good Intent Task Force, which offers a framework for best practices that promote brand safety and trust.

Finally, publishers and advertisers alike dearly want to measure the actual impact of ad campaigns. No one wants results that are diluted by ads that never have a chance of being viewed by human eyeballs. Better measurement provides greater justification for advertisers to shift budgets to the quality digital inventory that media companies can offer.

Therefore, publishers need to set clear objectives that focus on measurements of true ROI, which is difficult for botnet fraudsters to falsify. Metrics based on click-through rates, completion rates, and last-touch attribution alone are weak because these can be easily faked by fraudulent bot agents. On the other hand, impressions that are fully validated will better align the goals of advertisers and publishers with those of consumers. This, in turn, will lead to a better digital experience that respects all audience members and delivers higher quality rather than higher quantity.

To learn more about Newscycle’s premium workflow solutions for securely managing all print and online advertising, please visit

Recent Posts

Digital Platformation

When it comes to digital transformation in the news media industry, there’s no need to belabor the backstory. It started back in the day when our publishers told us, “We need to get on the web, pronto.” This was circa 1995, when people still said “pronto” and some of us actually used the phrase “information highway” to describe this new internet thing. read more

PCI-DSS – Customer Action Required

For more than 20 years, Secure Sockets Layer (SSL) has been one of the most widely-used encryption protocols. It remains in widespread use today despite existence of a number of security vulnerabilities and being deprecated by NIST (National Institute of Standards and Technology) in 2014. According to NIST, there are no fixes or patches that can adequately repair SSL or early TLS. read more

Leave a Comment