The Truth About Ad Fraud: No One In PPC Is Immune3 min read
It was 2018 when a number of media outlets in the tech industry blew the lid off a problem few people were willing to talk about. That problem was digital ad fraud. Tech companies like Buzzfeed and TrafficGuard published mind-blowing reports showing that, among other things, ad fraud costs digital advertisers tens of billions of dollars annually.
All the reports together made a chilling point very clear: no one is immune to ad fraud. Any company that utilizes PPC advertising – regardless of size, industry, or location – can be victimized by clever fraudsters with a lot of sophisticated tools up their sleeves.
So what are PPC advertisers to do? The first step is to deploy equally sophisticated ad fraud prevention software, like Fraud Blocker. After deployment, the next step is to dig in and learn how to use analytics to manually identify and stop ad fraud.
The Biggest Ad Fraud Case Ever
The biggest case of ad fraud ever reported might very well be one that was revealed in one of the 2018 reports. Known as 3ve, the scheme involved a number of shadow companies running three fraudulent schemes simultaneously. The companies utilized hijacked IP addresses, hijacked inventory and data center traffic, and counterfeit websites.
According to the Business of Apps website, the perpetrators managed to:
- Infect 1.7 million computers with malware
- Create 10,000 fake websites for hosting ads
- Generate 3-12 billion bid requests per day
- Generate over 60,000 fraudulent advertiser IDs for ad placements.
When all was said and done, the Russian criminals behind 3ve managed to steal almost $30 million. Buzzfeed was the first to report on the scheme, along with another one involving Google. They partially blamed Google for not detecting the fraud and stopping it before it got out of hand.
Google went on to publish its own white paper in defense of its actions. The white paper explained that the fraudulent network was very difficult to uncover thanks to the strategies the fraudsters employed to cover their tracks.
They Have Their Methods
Google may or may not deserve some of the blame for ongoing ad fraud. It is a contentious matter still being debated. What cannot be denied is that fraudsters have their methods of evading even the biggest tech giants. They utilize strategies like:
- Location Spoofing – Fraudsters can spoof the locations of their computers to make it harder for their activities to be detected using geolocation analytics.
- Domain Spoofing – Domain spoofing is a similar tactic, relying on the practice of constantly changing domain names so that click fraud protection software cannot pin down specific domains generating fake clicks.
- Incentivization – Some fraudsters rely on incentivization to generate extra clicks that are nearly impossible for ad platforms to detect. Incentivization is considered black hat, but it is not illegal. Why? Because users voluntarily click on ads to get something in return.
Fraudsters work as hard as cyber security experts to cover their tracks. They work equally hard to come up with new methods of perpetrating click fraud, methods that cannot be detected by ad fraud protection software. It is really a cat-and-mouse game being played by criminals and security experts located around the world.
Go back and read some of those 2018 reports and you will discover that no one is immune to ad fraud. Companies of all sizes have been affected by it. Ad fraud has been uncovered in nearly every industry. The lesson here is clear: any company that utilizes PPC advertising needs to deploy every available measure to prevent being victimized by fraudsters.