Man
Professional
- Messages
- 3,038
- Reaction score
- 561
- Points
- 113
Click farms, botnets, clickers, competitors and just bots are not averse to clicking on your ads. They can also install apps and view video ads and banners. All this is ad fraud, and the name of these malicious armies is Legion.
Fraud can take many forms and is considered the bane of the entire digital world and advertising ecosystem. It costs advertisers millions and billions of dollars every year. To protect yourself from this evil, it is important to understand what forms it can take, how to recognize when you have encountered it, and what to do to protect yourself from it.
Contents
1. Click, click, click
2. And where were you looking?
3. Is this really the right site?
4. Can you give me the phone number?
5. AI in Ad Fraud
6. What does advertising fraud lead to?
7. How to fight fraud
Simply put, those who click on the ads are not interested in the content or the site itself. Their job is to generate as many clicks as possible, which will benefit the fraudster.
To do this, attackers use the following tools:
The following methods are used:
Is it too little? For cyber fraudsters, yes. In addition to all the above tools and technologies, they have also begun to use artificial intelligence to improve bots and their functionality. "Smart" scripts can imitate human behavior and falsify clicks on ads.
To “launder” impressions, the scammers, just like with click fraud, use ad layering, pop-unders, placing ads outside the screen, etc. The views are counted, and advertisers pay for what real users did not see and could not see.
Competitors or, more likely, marketing partners may resort to such cheating technology to artificially inflate their indicators and pay commissions in their favor.
Because of this, website and CRM databases are clogged up in vain, managers try to reach clients in vain and waste time on this, metrics and statistics are damaged. And most importantly, the advertiser's budget is wasted. According to a study by DiscoverOrg, the average amount of time that sales and marketing departments lose annually processing fake applications is 550 hours!
— Advertising budget depletion
Click fraud, fake leads and views drain the advertising budget. The advertiser has to pay for something that will never lead to real conversion and sales. Fraud and low conversion increase the cost per click.
— Decrease in conversion
Bot and motivated traffic prevents real users from seeing the company's advertisements. Due to automation, bots manage to "intercept" them.
Uninterested clickers click on an ad, go to a site, and then leave. Sometimes they may interact with the site's content to mimic human behavior and avoid detection. However, this does not result in targeted actions.
— Distortion of indicators
Advertising fraud distorts traffic statistics and creates the illusion of high efficiency of advertising campaigns. The marketer sees a large number of clicks, but the fact remains: they will never lead to sales. They are just numbers without a purpose.
- Ineffective advertising spending in the future
Click fraud damages not only current campaigns, but future ones as well. Using distorted data, not targeting the target audience, not collecting feedback and not analyzing statistics in detail, it becomes more difficult for a marketer (direct manager, etc.) to optimize ads in the future.
— Check advertising platforms
Do not place your ads on unknown and dubious advertising networks that promise a large number of clicks or significant payments. These may turn out to be fraudulent resources.
— Analyze traffic
Monitor advertising traffic, study the sources from which visitors come from advertising, pay attention to strange user behavior. Here are some signs of click fraud:
The last point allows you to determine whether there is ad fraud in your advertising campaigns. Low conversion with a high number of clicks may indicate such a problem.
If you're running mobile app ads, a low average click-to-install time (CTIT) may be a sign of install hijacking. On the other hand, a very high CTIT may indicate click spam.
- Carefully segment your target audience
Try to create ads for each user group so that they can receive personalized offers. To do this, segment the audience: by gender, age, preferences, etc.
The more accurately you segment your target audience, the faster you will be able to detect abnormal activity in advertising statistics. For example, if you know that you only need clients from Russia, then it will be easier for you to detect an attack by fraudsters from Cambodia.
— Analyze your competitors
Check what keywords, titles and texts your competitors use. They can often resort to unfair competition methods, using click fraud, metric manipulation and other actions.
— Review your infrastructure and site performance costs
Bot attacks can slow down the entire site, preventing regular users from viewing content and making purchases or ordering services. Ultimately, you have to spend money to improve the site's performance.
— Check if there are any sites with strange domains in the list
Fraudsters may resort to domain spoofing, that is, replacing URLs and creating clones of official sites, to deceive ordinary users and advertisers. While some are used for phishing, others are used for click fraud and other forms of advertising fraud.
By imitating a popular and traffic-rich resource, attackers increase the cost per click, and in addition to this, they can use a surge of bot traffic to inflate the figures.
— Collect data from users' devices
You should pay attention to signals on the site visitor's side related to:
— Fingerprinting
Pay attention to HTTP headers, metadata from the digital footprint of the user's device or browser, data from smartphones.
— Block by IP
If your reports show an IP address that is sending a lot of invalid traffic, it may be easier to block that address either on your site or through your advertising platform.
— Use bot traffic management software
Regardless of how well you monitor traffic and clicks on ads, bots were, are and will be anyway. If they have learned to deceive the filters of advertising systems, then what can we say about ordinary users.
Traffic management software can use artificial intelligence (AI) and machine learning (ML) to distinguish bots from humans on websites.
Fraud can take many forms and is considered the bane of the entire digital world and advertising ecosystem. It costs advertisers millions and billions of dollars every year. To protect yourself from this evil, it is important to understand what forms it can take, how to recognize when you have encountered it, and what to do to protect yourself from it.
Contents
1. Click, click, click
2. And where were you looking?
3. Is this really the right site?
4. Can you give me the phone number?
5. AI in Ad Fraud
6. What does advertising fraud lead to?
7. How to fight fraud
Click, click, click
Click fraud is one of the most common forms of digital advertising fraud that affects advertisers worldwide. It is the automated or manual manipulation of clicks on ads without the intention of performing a target action.Simply put, those who click on the ads are not interested in the content or the site itself. Their job is to generate as many clicks as possible, which will benefit the fraudster.
To do this, attackers use the following tools:
- Botnets — scammers can create entire networks of hundreds and thousands, and sometimes millions, of infected computers and other devices. All of them can be used for various attacks, including click fraud. The most famous are: 3ve, Methbot, 404Bot, Hydra, Mirai, ClickbotA , etc.
- Bots are automated scripts and programs designed to repeatedly click on ads. They can be simple or complex. The most modern ones can “build up” their profiles and imitate the behavior of a real person.
- Click farms — imagine a large field with vegetable greenhouses, and now replace the vegetables with smartphones. The farm can consist of dozens of computers or mobile devices, managed by one or more people. Their tasks include performing tasks: clicking on ads, liking on social networks, installing applications, etc. All this is done manually or through automation.
- Manual clicking (motivated and random) - random clicks of ordinary users who were tricked into clicking on an ad, or motivated clicks of special performers from exchanges.
The following methods are used:
- Stacking ads on top of each other is a fraudulent way to drain your advertising budget. Users only see the first ad, but the click is counted for all of them.
- Placing an ad in a 1x1 pixel square — real users won't see the ad, but bots will, if needed. When this method was most popular, scammers could place many such ads on one page (the technology was called pixel stuffing).
- Clickjacking - instead of abusing the placement of ads, attackers can simply trick regular users into clicking. This can be done by using pseudo-elements with false functionality, multiple forced redirects, etc.
- Injection of fraudulent advertising into the user's browser by infecting the device.
- Manipulating ads.txt to fake the quality of the site and sell your inventory at a higher price.
- Ad injection - fraudsters place their ads on a third-party website without the owner's permission. This is done using browser extensions, malware, or hacked networks. Such ads divert traffic from regular ads placed on the website, thereby depriving publishers and advertisers of income.etc.
Is it too little? For cyber fraudsters, yes. In addition to all the above tools and technologies, they have also begun to use artificial intelligence to improve bots and their functionality. "Smart" scripts can imitate human behavior and falsify clicks on ads.
And where were you looking?
Fraudsters know how to generate fake ad views. To do this, they still use bots, performers from exchanges, infected devices, and have even reached SmartTVs.To “launder” impressions, the scammers, just like with click fraud, use ad layering, pop-unders, placing ads outside the screen, etc. The views are counted, and advertisers pay for what real users did not see and could not see.
Is this really the right site?
Domain spoofing is a sophisticated ad fraud technique where criminals masquerade as legitimate popular sites like Forbes to sell inventory at inflated prices. By faking the URL of ad requests, they trick advertisers into thinking they are placing ads on premium sites when in fact the ads are being shown on low-quality sites (like adult sites). This not only drains advertising budgets, but also damages brand reputation.Can you give me your phone number?
Lead scams are an automated type of fraud where criminals use bots to attack a website and submit fake leads. They do this by using fake or stolen user data.Competitors or, more likely, marketing partners may resort to such cheating technology to artificially inflate their indicators and pay commissions in their favor.
Because of this, website and CRM databases are clogged up in vain, managers try to reach clients in vain and waste time on this, metrics and statistics are damaged. And most importantly, the advertiser's budget is wasted. According to a study by DiscoverOrg, the average amount of time that sales and marketing departments lose annually processing fake applications is 550 hours!
AI in Ad Fraud
Artificial intelligence is now used in many industries, including ad fraud, so advertisers who don’t use the same technology to protect themselves won’t stand a chance against fraudulent attacks.What does advertising fraud lead to?
Invalid ad traffic has consequences that are costly for companies, including:— Advertising budget depletion
Click fraud, fake leads and views drain the advertising budget. The advertiser has to pay for something that will never lead to real conversion and sales. Fraud and low conversion increase the cost per click.
— Decrease in conversion
Bot and motivated traffic prevents real users from seeing the company's advertisements. Due to automation, bots manage to "intercept" them.
Uninterested clickers click on an ad, go to a site, and then leave. Sometimes they may interact with the site's content to mimic human behavior and avoid detection. However, this does not result in targeted actions.
— Distortion of indicators
Advertising fraud distorts traffic statistics and creates the illusion of high efficiency of advertising campaigns. The marketer sees a large number of clicks, but the fact remains: they will never lead to sales. They are just numbers without a purpose.
- Ineffective advertising spending in the future
Click fraud damages not only current campaigns, but future ones as well. Using distorted data, not targeting the target audience, not collecting feedback and not analyzing statistics in detail, it becomes more difficult for a marketer (direct manager, etc.) to optimize ads in the future.
How to fight fraud
Both advertisers and owners of monetized sites should adhere to certain rules when placing ads. Here are some of them:— Check advertising platforms
Do not place your ads on unknown and dubious advertising networks that promise a large number of clicks or significant payments. These may turn out to be fraudulent resources.
— Analyze traffic
Monitor advertising traffic, study the sources from which visitors come from advertising, pay attention to strange user behavior. Here are some signs of click fraud:
- a sharp jump in clicks,
- CTR is much higher than the standard for your niche,
- transitions come from unusual geozones in which you do not sell goods or services,
- Check your conversion rate.
The last point allows you to determine whether there is ad fraud in your advertising campaigns. Low conversion with a high number of clicks may indicate such a problem.
If you're running mobile app ads, a low average click-to-install time (CTIT) may be a sign of install hijacking. On the other hand, a very high CTIT may indicate click spam.
- Carefully segment your target audience
Try to create ads for each user group so that they can receive personalized offers. To do this, segment the audience: by gender, age, preferences, etc.
The more accurately you segment your target audience, the faster you will be able to detect abnormal activity in advertising statistics. For example, if you know that you only need clients from Russia, then it will be easier for you to detect an attack by fraudsters from Cambodia.
— Analyze your competitors
Check what keywords, titles and texts your competitors use. They can often resort to unfair competition methods, using click fraud, metric manipulation and other actions.
— Review your infrastructure and site performance costs
Bot attacks can slow down the entire site, preventing regular users from viewing content and making purchases or ordering services. Ultimately, you have to spend money to improve the site's performance.
— Check if there are any sites with strange domains in the list
Fraudsters may resort to domain spoofing, that is, replacing URLs and creating clones of official sites, to deceive ordinary users and advertisers. While some are used for phishing, others are used for click fraud and other forms of advertising fraud.
By imitating a popular and traffic-rich resource, attackers increase the cost per click, and in addition to this, they can use a surge of bot traffic to inflate the figures.
— Collect data from users' devices
You should pay attention to signals on the site visitor's side related to:
- the way the user clicks on links,
- navigation - how he moves around the site,
- with the speed of typing or viewing content,
- with sensory signals, if we are talking about mobile devices.
— Fingerprinting
Pay attention to HTTP headers, metadata from the digital footprint of the user's device or browser, data from smartphones.
— Block by IP
If your reports show an IP address that is sending a lot of invalid traffic, it may be easier to block that address either on your site or through your advertising platform.
— Use bot traffic management software
Regardless of how well you monitor traffic and clicks on ads, bots were, are and will be anyway. If they have learned to deceive the filters of advertising systems, then what can we say about ordinary users.
Traffic management software can use artificial intelligence (AI) and machine learning (ML) to distinguish bots from humans on websites.
